Sophisticated criminal networks are now supplying the black market with more than $5.6 billion in stolen corporate and personal information obtained by exploiting known security flaws. The modern hacker's modus operandi is not to make a splash attacking your infrastructure. No, they're more concerned with attacking you quietly and stealing as much data as possible, without your knowledge. They start by running automated scans of the internet looking for common vulnerabilities to stealthily exploit, no matter how big or small the company with those problems. The attack vectors these criminals use are continuing to evolve.
So where do you begin? Remember, the bad guys are no dummies – they know how to exploit holes in the network and how to take advantage of offline systems and endpoints in order to gain future access to your data. By implementing some basic best practices, you will be able to adjust and defend against cybercriminals' new tactics:
- Change your thinking – Security is no longer the domain of the IT geeks down in the data center. You will be held accountable when you're breached so get involved in the decision making now.
- Have a plan – Businesses aren't made secure by accident. And regulations are simply not comprehensive enough to ensure success on their own. Simplify your view by recognizing you can't solve every problem. Then, map things out meticulously.
- Defense in depth – Throwing up a firewall and some anti-virus isn't going to cut it in today's threat environment. Your plan needs to include multiple layers of technological defense that makes sure attacks don't fall through the cracks.
While this is by no means a comprehensive plan, it is three basic steps to a safer, more secure network. Of course, you must go beyond the basics, but you have to start somewhere.