Cybersecurity Tips 

Simple Steps to Take to Improve Your Data Security

cybersecurity tips

WHAT IS CYBERSECURITY?

Cybersecurity is a set of controls used to protect your business against digital attacks and attackers that aim to exploit or destroy sensitive information. This sensitive information can range from:

  • Personally Identifiable Information (PII) – data that identifies a specific individual or any information that can be used to distinguish one person from another is considered PII.
  • Personal Health Information (PHI)
  • Payment Card Information (PCI) and Card Data Environments (CDE), other critical data such as system passwords, network architecture, forbidden access to to critical systems.
  • Intellectual Property, Trade Secrets, and Sensitive Client Information

Critical Infrastructure

Having your bank account hacked on your personal computer can definitely ruin your day.  However, the consequences of a cyber attack can be devastating and life threating especially when discussing cyber threats to Industrial Control Systems (ICS)

“In 2021, Russian hackers breached computerized equipment that operates the largest fuel pipeline in the U.S., causing the Colonial Pipeline Company to shut down its pipeline, which originates in Houston, for six days to contain the attack. The breach triggered fuel shortages and a spike in gas prices on the East Coast.” Texas Tribune

ICS are found in many industries such as electric, water and wastewater, transportation, oil and natural gas, chemical, pharmaceutical,  and manufacturing (e.g., automotive, aerospace, etc). Because there are many different types of ICS with varying levels of potential risk and impact, there are many different methods and techniques for securing ICS, one of the most important method is Penetration Testing.

Consequences of an ICS incident/breach:

*  Impact on national security—facilitate an act of terrorism
*  Reduction or loss of production at one site or multiple sites simultaneously
*  Injury or death of employees
*  Injury or death of persons in the community
*  Damage to equipment
*  Release, diversion, or theft of hazardous materials
*  Environmental damage
*  Violation of regulatory requirements
*  Product contamination
*  Criminal or civil legal liabilities
*  Loss of proprietary or confidential information
*  Loss of brand image or customer confidence

“A Hacker Tried to Poison a Florida City’s Water Supply, Officials Say – The attacker [increased] sodium hydroxide levels in the Oldsmar, Florida, water supply to extremely dangerous levels”  Wired

Learn more about ICS/SCADA and critical infrastructure testing here

Did you know?

54 percent of companies say their IT departments are not sophisticated enough to handle advanced cyberattacks.”  Sophos

“The worldwide information security market is forecast to reach $366.1 billion in 2028.”  (Fortune Business Insights)

“56 percent of Americans don’t know what steps to take in the event of a data breach.”  (Varonis)

“Uber tried to pay off hackers to delete the stolen data of 57 million users and keep the breach quiet.”  (Bloomberg)

“On average, a company falls victim to a ransomware attack every 11 seconds.”  (Cybersecurity Ventures)

simple cybersecurity tips

UNDERSTANDING WHAT AN ATTACK MAY LOOK LIKE AND THE CONSEQUENCES OF ONE

Many times a cyber breach can go undetected for months, with the malicious actor listening to network traffic, watching for unencrypted passwords and waiting for the the opportune time to lock your data or gather sensitive data to sell to other cyber criminals.  Knowing what a cyberattack looks like and becoming aware of issues before its too late is important, especially when securing your critical data and systems.

Network Security is more complicated – here are a few network tips to ensure you are aware of cyber attacks in the beginning stages – Network Security. For more basic cybersecurity awareness, here are a few indicators that you may have been breached:

  1. You receive emails stating you have ransomware.
  2. Fake antivirus messages pop up on your desktop
  3. You notice tools on your tool bar that you have not installed.
  4. You start to notice you are being redirected to unwanted websites.
  5. Offline and online you receive multiple pop ups
  6. Your friends start to receive emails or invites that you did not send
  7. Some of your passwords no longer work
  8. Your computer installs programs without your consent
  9. Your mouse moves on its own
  10. Task manager and registry access has been disabled
  11. Your bank statements have unknown transactions

Are you getting a lot of recent spam phone calls, strange texts and an unusual amount of phishing type of spam emails (emails that contain links to click) A useful online tool for seeing if your name and email is in a breach database is https://haveibeenpwned.com/.  This site will show you if your name password etc is found where it shouldn’t be.

Tips to prevent cyber breach

Here are some basic Tips to help keep yourself and your company safe:

LIMIT YOUR ONLINE DIGITAL FOOTPRINTS

Make sure to limit your digital footprints from across the web. Your digital footprints can range from passwords to text messages to images and videos and more. Digital footprints leave behind traces of you and your information on the internet and expose data to malicious actors at the ready to Social Engineer you and your company.

UPDATE YOUR PASSWORDS

Keep track your passwords utilizing a password management tool such as Kaspersky Password Manager.  Always avoid reusing passwords and don’t become complacent with using Weak passwords.  Weak passwords are passwords that are easy to guess and gain access to. An example of a weak password would be 12345 or mydogsnameismax. Passwords 14 characters or less are also easy to crack with common hacking tools:

Here is the list of the most popular Password Cracking Tools:

If your password is weak, change it immediately. 8 characters can be cracked in less than 3 hours.

STAY DIGITALLY PROTECTED WHEN ONLINE

Use trusted anti-virus software, threat detection and VPNs to prevent  hackers from entering and attacking your systems and gaining access important information. By using trusted anti-virus programs your risk of viruses drops greatly. Trusted anti-virus programs can scan your device(s) to check for any sort of virus that may be extremely dangerous and harmful that could lead to a serious cyberattack. Along with using a trusted anti-virus program purchase a VPN to go with it. VPN stands for “virtual private network”. VPNs are mostly if not always used to guard against hackers by preventing them from being able to access private subjects like your IP address, search history and any personal data on Wi-Fi networks. A VPN (virtual private network) is an incredibly useful service that keeps your internet connection safe and your privacy online protected and away from the eyes of experienced hackers who are looking to do bad upon you and your business. Make sure the VPN and anti-virus protection you are using is under a protected, secure site.

For more network cybersecurity tips view how to prevent network cyber attacks here

KEEP YOUR PROGRAMS AND SOFTWARE UP TO DATE

Make sure your programs and software are always up to date  and patched with the latest software /hardware updates. Outdated or unsupported software leaves you more vulnerable to cyberattacks and cybercriminals. As technology advances across cybersecurity controls, the threat landscape also advances making cyber security an always evolving dynamic struggle.   By having outdated programs and software you simply are making it much easier for an experienced cybercriminal to gain access to your sensitive data.

Should you be concerned?

Well, yes of course…Check out this site that hackers use to gather information: Shodan

Here are other common websites used during OSINT Hacking Phase:

  1. OSINT Framework – a website directory of data discovery and gathering tools for almost any kind of source or platform.
  2. SpiderFoot – an OSINT tool to scrape data from over 100 data sources on personal, network, and business entities.
  3. Google Dorks – OSINT data gathering method using clever Google search queries with advanced arguments.
  4. Maltego – an OSINT tool for gathering information and bringing it all together for graphical correlation analysis.
  5. Recon-ng – an open-source web reconnaissance tool developed in Python and continues to grow as developers contribute to its capabilities.

Summary

  • Employees are a vulnerable target as 48% of malicious email attachments are office files.
  • 82% of employers report a shortage in cyber security skills.
  • 66% of security breaches are a result of employee negligence or malicious acts.
  • Home workers are the primary target of criminals as cyber attacks have risen 238% since the beginning of the pandemic.
  • 44% of those surveyed said they didn’t provide cyber security training to their staff on the threats of working from home.
  • 68% of the organizations surveyed did not deploy antivirus software for work-issued devices.

Via https://purplesec.us/resources/cyber-security-statistics/#WFH

Redbot Security

Redbot Security offers advanced network and application penetration testing services and can customize a scope to fit any budget and project size. Real world attack scenarios in a controlled environment with easy to follow attack paths and repeatable proofs of of concept.

Redbot Security client projects range from application penetration testing, internal/external network penetration testing, wireless network penetration testing to large industrial mission critical ICS/SCADA network penetration testing. All penetration testing is performed by our experienced penetration team of Sr. Level Engineers.

Contact Redbot Security

Related Penetration Testing Posts, Articles and Additional Penetration Testing Information