Despite the prevalence of security solutions, like anti-virus and anti-malware tools, cyber attacks and the damage they wreak are actually getting worse.
That’s because the concept of anti-malware and anti-virus solutions working 100% of the time is now understood to be a failure, if a 100% success rate is the requirement. The same goes for firewalls, data loss prevention (DLP) and intrusion detection (IPS/IDS) products.
Today’s reality is that your machines are compromised. The cyber war has now turned to the question of “what’s next”?
Land and Expand
Criminals apply the concept of “land and expand” during cyber attacks. This means that when hackers compromise your machine, they exploit that machine to gather user names and passwords for the systems you use (i.e. banking, corporate, social networks, etc.).
Once infiltrated, your machine will scan for other machines in your network, and will try to infect those machines with credentials on your local system or by trying simple, common passwords. The goal is to gather data, use that data, and then gather more data.
The easiest way to mitigate this scenario is with a multi-factor authentication (MFA) system that uses an external token or sends you one time use tokens to an external device. MFA thwarts keyloggers that capture user names and passwords because it utilizes an extra factor that’s not stored on the machine, and the numeric value of the token constantly changes.
It’s also a good practice to have a different administrator password on every machine and to change default passwords on your routers.
Ultimately, you need backups of your systems in case you have to restore them to an uninfected state. You should take backups at many different times because you may have backed up an infected system via the last backup cycles.
What steps are you taking to thwart cyber attacks? Please leave a comment below.