Strategies To Prevent 85% Of Cyber Attacks

Uploaded on 2017-04-14 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

DHS (US Department of Homeland Security) encourages network administrators to implement the recommendations below, which can prevent as many as 85 percent of targeted cyber attacks. 

These strategies are common sense to many, but DHS continues to see intrusions because organisations fail to use these basic measures.

1. Patch applications and operating systems – Vulnerable applications and operating systems are the targets of most attacks. 
Ensuring these are patched with the latest updates greatly reduces the number of exploitable entry points available to an attacker. Use best practices when updating software and patches by only downloading updates from authenticated vendor sites.

2. Application Whitelisting – is one of the best security strategies because it allows only specified programs to run while blocking all others, including malicious software.

3. Restrict administrative privileges – Threat actors are increasingly focused on gaining control of legitimate credentials, especially those associated with highly privileged accounts. Reduce privileges to only those needed for a user’s duties. Separate administrators into privilege tiers with limited access to other tiers.

4. Network Segmentation and Segregation into Security Zones – Segment networks into logical enclaves and restrict host-to-host communications paths. This helps protect sensitive information and critical services and limits damage from network perimeter breaches.

5. Input validation – Input validation is a method of sanitizing untrusted user input provided by users of a web application, and may prevent many types of web application security flaws, such as SQLi, XSS, and command injection.

6. File Reputation – Tune Anti-Virus file reputation systems to the most aggressive setting possible; some products can limit execution to only the highest reputation files, stopping a wide range of untrustworthy code from gaining control.

7. Understanding firewalls – When anyone or anything can access your network at any time, your network is more susceptible to being attacked. Firewalls can be configured to block data from certain locations (IP whitelisting) or applications while allowing relevant and necessary data through. 

Responding to Unauthorised Access to Networks: Implement your security incident response and business continuity plan. It may take time for your organisation’s IT professionals to isolate and remove threats to your systems and restore normal operations. 

Meanwhile, you should take steps to maintain your organisation’s essential functions according to your business continuity plan. Organisations should maintain and regularly test backup plans, disaster recovery plans, and business continuity procedures.

Naren NagpalLinkedIn Pulse

You Might Also Read:

Directors Report January 2017. Cyber Security Checklist For Management (£):

 

 

« Afraid Of AI Taking Your Job?
Half Of All Canadian Businesses Hacked »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Montash

Montash

Montash is an award winning, global technology recruitment business, specialising in the acquisitions of high-performing talent across a number of core disciplines including Information Security.

National Institute of Standards & Technology (NIST) - USA

National Institute of Standards & Technology (NIST) - USA

NIST is a measurement standards laboratory, and a non-regulatory agency of the United States Department of Commerce. Areas covered include IT and cybersecurity.

Hewlett Packard Enterprise (HPE)

Hewlett Packard Enterprise (HPE)

HPE is an information technology company focused on Enterprise networking, Services and Support.

Adlink Technology

Adlink Technology

ADLINK is a leading provider of embedded computing products and services for applications including IoT and industrial automation.

Qubitekk

Qubitekk

Qubitekk has developed quantum cryptography solutions for the machine-to-machine (M2M) communications market.

Trustless Computing Association (TCA)

Trustless Computing Association (TCA)

TCA is is a non-profit organization promoting the creation and wide availability of IT and AI technologies that are radically more secure and accountable than today’s state of the art.

HITRUST Alliance

HITRUST Alliance

HITRUST provides widely-adopted common risk and compliance management frameworks, related assessment and assurance methodologies.

OnDefend

OnDefend

OnDefend delivers information security solutions that improve overall security posture, reduce risks and defend against continually evolving and persistent cyber adversaries.

CYBRScore

CYBRScore

CYBRScore is a premium, performance-based cyber skills training and assessment provider that quantifies a user’s ability to defend a network.

Getronics

Getronics

Getronics guides customers through their own transformation journeys, leveraging an integrated and secure-by-design IT portfolio.

AHAD

AHAD

AHAD provides cybersecurity, digital transformation, and risk management services and solutions to Government, Fortune 500, And Start-Up Companies in the Middle East region.

Cranium

Cranium

AI is being implemented into every business process, but nobody knows whether their AI is secure. Our mission is to deliver security and trust to the AI revolution.

Teleskope

Teleskope

Teleskope are on a mission to empower businesses to protect sensitive data by default.

ZEUSS

ZEUSS

ZEUSS is a diversified data center, cybersecurity, and green energy company.

iomart Group

iomart Group

iomart is a cloud computing and IT managed services business providing secure hybrid cloud, network connectivity, data management, and digital workplace capability.

Datagroup

Datagroup

Datagroup makes IT easy. Our IT experts ensure that your technology is always up to date with perfectly customized solutions.