Ransomware, phishing, scamming: cybercrime is booming, introducing us to new terms and techniques every day. Many companies protect themselves as much as possible, but many also lull themselves into a false sense of security. Sophos, a security software manufacturer, has summarized the 10 most common misconceptions of the past year.
- "Our company is too uninteresting to be attacked"
Criminals take advantage of favourable opportunities – regardless of the company’s size, success, or turnover. Thus, all companies and any person with a digital presence can become a victim of a cyber attack. Especially companies with open security gaps or misconfigurations are their prime target.
- "Our endpoint protection is completely sufficient"
Hackers find new methods every day to bypass endpoint software or disable it without being noticed. Whether using social engineering, obfuscated malicious code or malware attacks: the list is long and traditional antivirus technologies have a hard time detecting and blocking such activities.
In addition, hacked endpoints can be the door to additional, unprotected servers. For example, a backdoor can be installed on a hacked computer so that attackers can always access the targeted network from there. According to Sophos, servers are the most popular target for hackers.
In conclusion: in addition to basic security through endpoint protection, advanced security tools such as behavioural and AI-based detection or proprietary security measures on servers are mandatory to ensure sufficient protection.
- "Our security policies are proven to protect us well"
That may be true – but security policies that are not constantly reviewed and updated quickly become outdated, again creating a vulnerability. It is essential to ensure that security policies are always aligned with the current IT infrastructure.
- "We protect Remote Desktop Protocol (RDP) servers by changing ports and using multi-factor authentications"
Even these two measures do not adequately protect RDP servers. Even if you change ports, hackers will look for vulnerabilities regardless of the ports you use.
Additionally, while multi-factor authentication is important, it only fully protects your company if all employees and every device are truly using it. Furthermore, it is recommended to perform RDP activities within a virtual private network (VPN). However, this only protects to a limited extent if the attackers already have a foot in said network.
In the end, it is recommended to limit the use of RDP as much as possible.
- "We block IP addresses from high-risk regions like Russia, China and North Korea and are thus protected against attacks"
Not a bad idea, yet it should not be relied on exclusively: Meanwhile, hackers can also host their attacks from many actually trustworthy countries located in America or Europe.
- "Because we have many backups, we are immune to the effects of ransomware"
While backups are very important in many cases, they are equally vulnerable targets. Indeed, once the attacker has access to the network, they can encrypt, delete, or disable the backup systems that are connected to the network. In this case, limiting the number of people who have access to the backup has not worked either: The hackers have most likely already figured out all the access data on the network.
Care should also be taken when storing backups in a cloud: Sophos investigated a case where a cloud service provider was contacted by the hackers regarding an allegedly hacked IT administrator account with a request to delete all backups. Shockingly, the provider then complied with the request.
If you are unsure about the safe storage of your backups, just remember the golden and proven 3-2-1 rule: it is best to store 3 copies on 2 different media, keeping 1 backup copy in an off-site location. For this purpose, we at REISSWOLF are happy to offer our data cases, which are stored dry & secure in a high-security archive.
- "Our employees can handle such incidents"
This is the fundamental basis, but it must always be expanded. Hackers are becoming more and more sophisticated: for example, by making phishing emails increasingly difficult to detect. Regular and frequent training of employees is therefore the be-all and end-all to equip them for the ever-improving types of attacks.
- "My data can be recovered after a ransomware attack"
Unfortunately, hackers hardly ever make mistakes nowadays and their encryption processes have improved enormously. In the meantime, automatic backups are also affected by ransomware, which is why it is almost impossible to restore original data. In that case, even specialists are unlikely to be able to save anything.
- "If we pay the ransom, we will get our data back"
This is probably the most bitter misconception: according to the recent "State of Ransomware" study, companies that pay the ransom get only on average 65% of their data back. 39% of companies even get back less than half of their data, and only 8% are able to recover all their data.
Furthermore, data recovery represents only the smallest piece of cake. Since in most cases, computers are completely shut down, software and systems must be rebuilt from scratch. According to the "State of Ransomware" study, these recovery costs are about ten times higher than the sum of the ransom.
- "Once we have survived the ransomware attack, we are completely safe again"
Unfortunately, this is also rarely the case. The effective ransomware attack and the shut down of the entire IT system are only when the activities of the hackers become visible and noticeable. In most cases, the attackers were already in the network weeks before. This allowed them to disable or delete backups, install backdoors or delete important information.
One of the most effective ways to protect against cyber attacks is to keep your knowledge up to date of what works and what doesn’t. That’s why we like to share such helpful tips on a regular basis. For those who don’t have a large IT department of their own, it’s imperative to bring in outside professionals to continue to be successful in business. Stay undamaged!