During the third episode of our new webinar series, The Lunchbox Leaders, we listened as the CEO of Blackpoint Cyber, Jon Murchison, explained how cyber hackers operate and shared valuable tips and strategies on how you can protect yourself and your organization against cyber threats.
Jon shared that work-from-home hasn’t necessarily increased the number of cyber-attacks – only the amount of targeted attacks. While the digital migration to work-from-home makes it more difficult for hackers since employees aren’t all in one location within a network, it’s opened up new attack vectors, such as increased targeting of PPN concentrators – which allow hackers to get in with creds ahead of time.
“Size totally does not matter in this case,” Jon stated. “Many times, hackers select targets of opportunity. The good news is: whether your organization is large or small, applying the same lessons learned can reduce your risk of a network breach.”
To prevent a breach, it is valuable to know how hackers operate. A hacker’s primary goal is to steal privileged credentials, which will enable them to hide from traditional detection tools like malware and firewalls.
Jon identified 5 major steps in the lifecycle of a hack:
- Spear phish/Insider threat – The hacker gains initial access to a network.
- Network Discovery and Access – The hacker attempts to determine where he is within the network’s environment.
- Domain Discovery – The hacker attempts to identify more privileged credentials to stay within the network.
- Hunt Domain Admin – The hacker data mines for information about specific network admins.
- Laterally Spread – The hacker attempts to gain control of the network.
Jon recommended these defense tactics to help organizations reduce their attack surface:
Conduct a social audit. Make sure your organization and employees aren’t releasing sensitive information that might be of benefit to criminals, such as what firmware or malware systems you’re utilizing.
Leverage existing infrastructure to detect discovery tactics. Ensure that multi-factor identification is enabled for any cloud or Internet-based system (such as Office 365).
“The vast majority of successful corporate breaches we see actually come from remote desktop protocol being open to the Internet. An external vulnerability scan can ensure that the ‘front door’ to your network is locked.”
Utilize live-auditing of privileged account use and orchestrate regular privileged insider activity reporting. Any time someone connects to a key firewall, log the activity to help identify unauthorized logins.
Use the latest generation of AV/Malware detection tools. Advanced malware products can act as an early warning system for cyber attacks.
We enjoyed hosting Jon as he shared his insights about the methods hackers utilize to break into a network and how organizations can protect themselves from these various, targeted threats. Don’t forget to register for the final episode in our series which will air Thursday, September 17th at noon. During the finale, Ben Verschaeren from Sophos, an international security company, will be discussing how AI can enhance your organization’s cybersecurity.
Did you find this episode insightful? Our team at PGH Networks can help you develop a strategic and layered approach to your network’s security and protect you from cyber-attacks. Want to learn more: contact us today.
In case you missed episode three (or would like to rewatch it), you can find the full recording online.