[Insert Company Here] has Massive Data Breach – You Can Prevent Being A Headline

Apr 2, 2018

I have said it before, and I will say it again, the end-user is your most significant threat to your company. Let’s take a look at some fun statistics:

Let’s highlight two recent attacks that have happened and are very preventable!

City of Atlanta

According to Barkly, the city of Atlanta was targeted by ‘SamSam’ which attacks servers exposed to the internet via brute force attacks on RDP or other exploits. ‘SamSam’ has logged eight attacks in 2018 with the primary targets being healthcare and government organizations. The interesting thing about ‘SamSam’ is it is NOT spread by emails or an employee clicking a link, instead the ransomware targets servers on the internet with weak or stolen credentials. The error and question that needs to be asked is, why expose critical servers to the internet?

Lord & Taylor, Saks Fifth Avenue Data Breach

According to the New York Times Saks was targeted by a Russian group known as Fin7 or JokerStack. This breach resulted in 5 million records stolen. It is not clear on how the records where obtained but is suspected via phishing emails sent to employees. A phishing email is simple; a user gets a seemingly legitimate email that encourages them to click on a link. When a user falls for this tactic, the link unknowingly installs software onto the computer giving the hackers a backdoor into the systems. The question that needs to be asked is, how can we prevent phishing attacks?

The Solutions

The great thing about being a ‘Valued Added Reseller’ (VAR) and consulting partner is I can propose the best solution stack for my customers. Let’s take a look at some technologies that can help mitigate these attacks:

  1. Offload insecure web browsing by letting someone else assume the risk. Citrix Secure Browser Service is a simple way to offload unsafe browsing to isolated, cloud hosted, and throw-away web browser session. Essentially whitelist only the URLs that you want running on your network and offload the bad. This integration is clientless via HTLM5.
  2. Exposing your servers to the internet is so 1990s; front-end them with a NetScaler leveraging Secure Web and Unified Gateway. Gain insight into the traffic while securing it. No more exposing RDP ports to the internet!
  3. Whitelisting should be top of mind and Ivanti’s Endpoint Protection takes a user centric approach to securing the endpoint. Prevent, detect, respond and remediate with one product stack which includes Invanti’s Application Control and Patch for Windows.
  4. Consider a next generation antivirus solution such as Bitdefender’s Gravityzone Ultra Suite and take prevention and remediation to the next level! Bitdefender has the first ‘Anti-ransomware Vaccine’ which works by exploiting flaws in ransomware and stopping the encryption process.
  5. Think beyond your network by considering a Secure Web Gateway like Zscaler so users cannot circumvent security controls and have to put ALL business-related web traffic through a central gateway securing ALL applications on and off premises.

I have heard it all from “SaaS application X can never be hacked,” to “Why do I need to secure web sessions,” to “I cannot prevent users from clicking the wrong thing”. While these statements are true in a perfect world, the truth is, most hacks can be prevented. The question is, how seriously does your organization take it and do they want to be a headline!