4 min read

Highlights from the 2016 Verizon Breach Investigations Report (Part 3 of 3)

Last week we covered the main tools hackers are using to access businesses’ networks.

As you learned, there are 3 items to focus on which caused most data breaches last year: vulnerabilities, phishing and weak credentials. Under these 3 focus points, we covered the 4 patterns of attack used by hackers, expanded on how dangerous these attacks are and how hackers are hurting your business.

But did you know, many of these attacks can be prevented with a little help and knowledge?

Web App Attacks

  • Two-Factor Authentication

    We all know anything that is valuable should be password protected; any valuable information in a business should be as well.

    But is one password enough?

    No. Two-Factor Authentication is key to protecting any critical information in a business. One of the easiest ways hackers will access a network is through keylogging malware.

  • Validating Inputs

    Ensure that you are validating inputs to prevent things such as users passing commands to the database via the customer name field or making sure an image isn’t a web shell.

Point-of-Sale Intrusions:

  • Two-Factor Authentication

    Not trying to sound like a broken record, but Two-Factor Authentication is important in preventing POS intrusions as well.

    Make sure you are able to monitor login activity for any unusual patterns. And don’t forget to talk to your vendors to ensure they are using Two-Factor Authentication to access you POS environment.

    This is a critical environment attracting numerous hackers for an obvious reason: credit cards data.

  • Monitoring

    There are plenty of monitoring options available for a POS environment. Do you have one in place?

    Monitoring will help track remote logins and verify each activity.

  • Segment your Environments

    If your business has Wi-Fi for guests or even for employees, it is important to segment each environment.

    Your POS environment should be separate from your corporate LAN and should never be visible to the entire internet.

Payment Card Skimmers:

To prevent these card skimmers, physical security will be needed. It is important to note that both, the business, and the consumer will need to take their own precautions.

  • Businesses (merchants):

    • Consider tamper-resistant terminal. These are ATM models that have been designed with skimmers in mind, hence they will make it difficult to impossible for a skimmer to be attached.
    • Monitor video footage of ATMs and gas pumps for any activity of a person trying to tamper the equipment.
    • Create a routine of checking up on the physical integrity of ATMs.
  • Consumer:

    • Always cover your pin so that cameras or anyone standing close to you can’t see it.
    • Use your judgement and be alert. Take a look at an ATM before doing your transactions. You may be able to notice something odd, and if you do, report it to the merchant or bank staff.

Cyber-Espionage:

  • Endpoint Protection

    Use endpoint protection. 90% of Cyber-Espionage incidents this year, involved malicious software. This can happen via an email, web drive-by, or direct/remote installation.

  • Email Protection

    Have an email protection strategy. Do you currently have in place spam protection, block lists and reporting procedures for suspected phishing attempts?

One of the main things to take care of is protecting your network. And three ways of doing this is by:

  • Two-Factor Authentication
  • Segmenting your network
  • Locking C2 communications and remediate compromises

Along with protecting your network you must monitor internal networks, devices, and applications.

Implementing such security can greatly reduce your chances of having your business be the next victim of a data breach. These aren’t easy and simple steps but they sure are better than the steps a business owner deals with after their business is breached. Not to mention, the money lost in a breach. If any of these steps are complicated to carry on your own or by your IT staff, Netsurion can always help. We focus on taking care of the security of businesses, so business owners can run their business worry-free.

This is our last post from our 3 part series of Highlights from the 2016 Verizon Breach Investigations Report. If interested in reading the previous 2, click on the titles below: