Cybersecurity Tips

Simple Steps to Take to Improve Your Data Security

Increased Threats Cyber
Many times a cyber breach can go undetected for months, with the malicious actor listening to network traffic, watching for unencrypted passwords and waiting for the the opportune time to lock your data or gather sensitive data to sell to other cyber criminals.

Table of Contents

WHAT IS CYBERSECURITY?

Penetration test services – Invaluable

Cybersecurity is a set of controls used to protect your business against digital attacks and attackers that aim to exploit or destroy sensitive information. This sensitive information can range from:

  • Personally Identifiable Information (PII) – data that identifies a specific individual or any information that can be used to distinguish one person from another is considered PII.
  • Personal Health Information (PHI)
  • Payment Card Information (PCI) and Card Data Environments (CDE), other critical data such as system passwords, network architecture, forbidden access to to critical systems.
  • Intellectual Property, Trade Secrets, and Sensitive Client Information

Critical Infrastructure

Having your bank account hacked on your personal computer can definitely ruin your day.  However, the consequences of a cyber attack can be devastating and life threating especially when discussing cyber threats to Industrial Control Systems (ICS)

“In 2021, Russian hackers breached computerized equipment that operates the largest fuel pipeline in the U.S., causing the Colonial Pipeline Company to shut down its pipeline, which originates in Houston, for six days to contain the attack. The breach triggered fuel shortages and a spike in gas prices on the East Coast.” Texas Tribune

ICS are found in many industries such as electric, water and wastewater, transportation, oil and natural gas, chemical, pharmaceutical,  and manufacturing (e.g., automotive, aerospace, etc). Because there are many different types of ICS with varying levels of potential risk and impact, there are many different methods and techniques for securing ICS, one of the most important method is Penetration Testing.

Consequences of an ICS incident/breach:

*  Impact on national security—facilitate an act of terrorism
*  Reduction or loss of production at one site or multiple sites simultaneously
*  Injury or death of employees
*  Injury or death of persons in the community
*  Damage to equipment
*  Release, diversion, or theft of hazardous materials
*  Environmental damage
*  Violation of regulatory requirements
*  Product contamination
*  Criminal or civil legal liabilities
*  Loss of proprietary or confidential information
*  Loss of brand image or customer confidence

“A Hacker Tried to Poison a Florida City’s Water Supply, Officials Say – The attacker [increased] sodium hydroxide levels in the Oldsmar, Florida, water supply to extremely dangerous levels”  Wired

Learn more about ICS/SCADA and critical infrastructure testing here

Did you know?

54 percent of companies say their IT departments are not sophisticated enough to handle advanced cyberattacks.”  Sophos

“The worldwide information security market is forecast to reach $366.1 billion in 2028.”  (Fortune Business Insights)

“56 percent of Americans don’t know what steps to take in the event of a data breach.”  (Varonis)

“Uber tried to pay off hackers to delete the stolen data of 57 million users and keep the breach quiet.”  (Bloomberg)

“On average, a company falls victim to a ransomware attack every 11 seconds.”  (Cybersecurity Ventures)

UNDERSTANDING WHAT AN ATTACK MAY LOOK LIKE AND THE CONSEQUENCES OF ONE

Many times a cyber breach can go undetected for months, with the malicious actor listening to network traffic, watching for unencrypted passwords and waiting for the the opportune time to lock your data or gather sensitive data to sell to other cyber criminals.  Knowing what a cyberattack looks like and becoming aware of issues before its too late is important, especially when securing your critical data and systems.

Network Security is more complicated – here are a few network tips to ensure you are aware of cyber attacks in the beginning stages – Network Security. For more basic cybersecurity awareness, here are a few indicators that you may have been breached:

  1. You receive emails stating you have ransomware.
  2. Fake antivirus messages pop up on your desktop
  3. You notice tools on your tool bar that you have not installed.
  4. You start to notice you are being redirected to unwanted websites.
  5. Offline and online you receive multiple pop ups
  6. Your friends start to receive emails or invites that you did not send
  7. Some of your passwords no longer work
  8. Your computer installs programs without your consent
  9. Your mouse moves on its own
  10. Task manager and registry access has been disabled
  11. Your bank statements have unknown transactions

Are you getting a lot of recent spam phone calls, strange texts and an unusual amount of phishing type of spam emails (emails that contain links to click) A useful online tool for seeing if your name and email is in a breach database is https://haveibeenpwned.com/.  This site will show you if your name password etc is found where it shouldn’t be.

LIMIT YOUR ONLINE DIGITAL FOOTPRINTS

  • Make sure to limit your digital footprints from across the web. Your digital footprints can range from passwords to text messages to images and videos and more. Digital footprints leave behind traces of you and your information on the internet and expose data to malicious actors at the ready to Social Engineer you and your company.

UPDATE YOUR PASSWORDS

Keep track your passwords utilizing a password management tool such as Kaspersky Password Manager.  Always avoid reusing passwords and don’t become complacent with using Weak passwords.  Weak passwords are passwords that are easy to guess and gain access to. An example of a weak password would be 12345 or mydogsnameismax. Passwords 14 characters or less are also easy to crack with common hacking tools:

Here is the list of the most popular Password Cracking Tools:

If your password is weak, change it immediately. 8 characters can be cracked in less than 3 hours.

STAY DIGITALLY PROTECTED WHEN ONLINE

Use trusted anti-virus software, threat detection and VPNs to prevent  hackers from entering and attacking your systems and gaining access important information. By using trusted anti-virus programs your risk of viruses drops greatly. Trusted anti-virus programs can scan your device(s) to check for any sort of virus that may be extremely dangerous and harmful that could lead to a serious cyberattack. Along with using a trusted anti-virus program purchase a VPN to go with it. VPN stands for “virtual private network”. VPNs are mostly if not always used to guard against hackers by preventing them from being able to access private subjects like your IP address, search history and any personal data on Wi-Fi networks. A VPN (virtual private network) is an incredibly useful service that keeps your internet connection safe and your privacy online protected and away from the eyes of experienced hackers who are looking to do bad upon you and your business. Make sure the VPN and anti-virus protection you are using is under a protected, secure site.

For more network cybersecurity tips view how to prevent network cyber attacks here

KEEP YOUR PROGRAMS AND SOFTWARE UP TO DATE

Make sure your programs and software are always up to date  and patched with the latest software /hardware updates. Outdated or unsupported software leaves you more vulnerable to cyberattacks and cybercriminals. As technology advances across cybersecurity controls, the threat landscape also advances making cyber security an always evolving dynamic struggle.   By having outdated programs and software you simply are making it much easier for an experienced cybercriminal to gain access to your sensitive data.

Should you be concerned?

Well, yes of course…Check out this site that hackers use to gather information: Shodan

Here are other common websites used during OSINT Hacking Phase:

  1. OSINT Framework – a website directory of data discovery and gathering tools for almost any kind of source or platform.
  2. SpiderFoot – an OSINT tool to scrape data from over 100 data sources on personal, network, and business entities.
  3. Google Dorks – OSINT data gathering method using clever Google search queries with advanced arguments.
  4. Maltego – an OSINT tool for gathering information and bringing it all together for graphical correlation analysis.
  5. Recon-ng – an open-source web reconnaissance tool developed in Python and continues to grow as developers contribute to its capabilities.

Summary

  • Employees are a vulnerable target as 48% of malicious email attachments are office files.
  • 82% of employers report a shortage in cyber security skills.
  • 66% of security breaches are a result of employee negligence or malicious acts.
  • Home workers are the primary target of criminals as cyber attacks have risen 238% since the beginning of the pandemic.
  • 44% of those surveyed said they didn’t provide cyber security training to their staff on the threats of working from home.
  • 68% of the organizations surveyed did not deploy antivirus software for work-issued devices.

Via https://purplesec.us/resources/cyber-security-statistics/#WFH

Pen-Test Project Quote

Penetration Testing Service Provider

Our expert team will help scope your project and provide a fast and accurate project estimate.

Contact Redbot Security

Related Articles

Ransomware Nightmare

Android Malware

The likelihood of a cyber attack on a mobile platform is significantly high, but how difficult is it for a malicious actor to generate malware? You might be surprised.

Read More »
IDOR Fix

Insecure Direct Object Reference (IDOR)

Insecure Direct Object Reference (IDOR) vulnerabilities pose a significant risk to the security of web applications, allowing attackers unauthorized access to sensitive data and functionalities. By understanding the implications of IDOR and adopting secure coding practices, web developers can protect their applications and users from potential exploitation.

Read More »
mass assignment vulnerability- Web Application Security

Mass Assignment Vulnerabilities

Mass Assignment Vulnerability occurs when a web application allows users to submit a more extensive set of data than is intended or safe. The potential consequences of this vulnerability can be severe

Read More »
The Impact of Data Breach

The Impact of a Data Breach

Increasingly, investors see proactive cybersecurity spending as a hallmark of strong corporate governance. It can be factored into how they value a company’s resilience and risk profile

Read More »
How to prevent active directory attack

AS-REP Roasting

Kerberos Authentication Service Response (AS-REP) Roasting, a technique similar to Kerberoasting, has gained prominence as a method for attackers to compromise Active Directory (AD) authentication systems.

Read More »
Pen Testing Industrial Control Systems

ICS/SCADA Penetration Testing: Where to Start

Becoming proficient in Operational Technology (OT), Industrial Control Systems (ICS), and Supervisory Control and Data Acquisition (SCADA) network testing can appear daunting as there are fewer learning resources.

Read More »
Network Pen Testing Companies

Attack Surface Management (ASM)

Today, cybercriminals have plenty of entry points to exploit. Therefore, it has become crucial for organizations to improve their attack surface visibility to have more effective protection. This is where attack surface management (ASM) comes into play. This article will explore all about attack surface management (ASM), including its importance, working principle, and benefits.

Read More »
Common Attacks

Microsoft Windows Laptop Security

Malicious actors prey on weak configurations like locusts. Microsoft, despite knowing that their operating systems, have inherent weaknesses have done little to enhance their initial security outside of remediation for publicly known vulnerabilities.

Read More »
Red Team vs Penetration Testing

Evolving Your Cybersecurity: From Penetration Testing to Red Teaming

While penetration testing is valuable in identifying technical vulnerabilities, red teaming provides a more holistic assessment by simulating realistic threat scenarios. By embracing red teaming, organizations can bolster their defenses, uncover weaknesses, and stay one step ahead of sophisticated adversaries.

Read More »

Cyber threat news feed

Check out the latest cybersecurity news around the globe

Cymbiotic will provide unparalleled security insight with the ability to manage teams, clients, on-demand testing with rapid internal VM deployment […]

Security Management Platform

Cymbiotic is a revolutionary, scalable platform providing unparalleled security management: on-demand testing, secure reporting, and remediation tracking, while also acting as an advanced attack surface management platform ... for every network.

Pen-Test Project Quote

Penetration Testing Service Provider

Our expert team will help scope your project and provide a fast and accurate project estimate.

Contact Redbot Security
Show Buttons
Hide Buttons