Strategies To Prevent 85% Of Cyber Attacks

Uploaded on 2017-04-14 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

DHS (US Department of Homeland Security) encourages network administrators to implement the recommendations below, which can prevent as many as 85 percent of targeted cyber attacks. 

These strategies are common sense to many, but DHS continues to see intrusions because organisations fail to use these basic measures.

1. Patch applications and operating systems – Vulnerable applications and operating systems are the targets of most attacks. 
Ensuring these are patched with the latest updates greatly reduces the number of exploitable entry points available to an attacker. Use best practices when updating software and patches by only downloading updates from authenticated vendor sites.

2. Application Whitelisting – is one of the best security strategies because it allows only specified programs to run while blocking all others, including malicious software.

3. Restrict administrative privileges – Threat actors are increasingly focused on gaining control of legitimate credentials, especially those associated with highly privileged accounts. Reduce privileges to only those needed for a user’s duties. Separate administrators into privilege tiers with limited access to other tiers.

4. Network Segmentation and Segregation into Security Zones – Segment networks into logical enclaves and restrict host-to-host communications paths. This helps protect sensitive information and critical services and limits damage from network perimeter breaches.

5. Input validation – Input validation is a method of sanitizing untrusted user input provided by users of a web application, and may prevent many types of web application security flaws, such as SQLi, XSS, and command injection.

6. File Reputation – Tune Anti-Virus file reputation systems to the most aggressive setting possible; some products can limit execution to only the highest reputation files, stopping a wide range of untrustworthy code from gaining control.

7. Understanding firewalls – When anyone or anything can access your network at any time, your network is more susceptible to being attacked. Firewalls can be configured to block data from certain locations (IP whitelisting) or applications while allowing relevant and necessary data through. 

Responding to Unauthorised Access to Networks: Implement your security incident response and business continuity plan. It may take time for your organisation’s IT professionals to isolate and remove threats to your systems and restore normal operations. 

Meanwhile, you should take steps to maintain your organisation’s essential functions according to your business continuity plan. Organisations should maintain and regularly test backup plans, disaster recovery plans, and business continuity procedures.

Naren NagpalLinkedIn Pulse

You Might Also Read:

Directors Report January 2017. Cyber Security Checklist For Management (£):

 

 

« Afraid Of AI Taking Your Job?
Half Of All Canadian Businesses Hacked »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSO

CSO

CSO serves enterprise security decision-makers and users with the critical information they need to stay ahead of evolving threats and defend against criminal cyberattacks.

iTrinegy

iTrinegy

iTrinegy is a world leader in Application Risk Management offering solutions to mitigate all networked application deployment risks

Ixia

Ixia

Ixia provides testing, visibility, and security solutions to strengthen applications across physical and virtual networks.

Secure Source

Secure Source

Secure Source specialise in search and recruitment for Cyber Security and Security Cleared markets.

DataLocker

DataLocker

DataLocker offers both hardware based external storage and software based cloud storage encryption solutions.

_cyel

_cyel

_cyel is introducing a new cybersecurity strategy: not a new generation of patches and firewalls, but moving target security – we take away the targets. Without replacing your existing system.

Travelers

Travelers

Travelers is a leading writer of US commercial property casualty insurance and one of the world’s largest global insurers for cyber insurance.

SpyCloud

SpyCloud

SpyCloud is a leader in account takeover (ATO) prevention, protecting billions of consumer and employee accounts either directly or through product integrations.

GV (Google Ventures)

GV (Google Ventures)

GV provides venture capital funding to bold new companies in the fields of life science, healthcare, artificial intelligence, robotics, transportation, cyber security and agriculture.

Variti

Variti

Variti Intelligent Active Bot Protection technology — traffic analysis, detection and stopping of malicious bots in real-time and effective response to DDoS attacks.

Enterprise Incubator Foundation (EIF)

Enterprise Incubator Foundation (EIF)

Enterprise Incubator Foundation (EIF) of Armenia is one of the largest technology business incubators and IT development agencies in the region.

Atakama

Atakama

With Atakama, data remains encrypted until the very moment it is used, and the ability to decrypt is based on zero trust architecture.

HENSOLDT Cyber

HENSOLDT Cyber

HENSOLDT Cyber introduces a paradigm shift to cyber security. Our products have been designed to ensure the integrity of embedded systems at the core: the operating system and the processor.

Hex-Rays

Hex-Rays

Founded in 2005, privately held, Belgium based, Hex-Rays SA focuses on the development of fast, stable, and robust binary analysis tools for the IT security market.

CySecK

CySecK

CySecK is a Centre of Excellence in Cybersecurity formed in 2017 by the Government of Karnataka, as part of the Technology Innovation Strategy.

Benchmark IT Services (BITS)

Benchmark IT Services (BITS)

BITS is a leading cyber security company in Australia. Our certified professionals work with you to keep your data assets safe and secure.