The HOW and WHY of Cybersecurity Endpoint Attacks:  Why do they happen?

They how and why of cybersecurity are numerous and varied.  Here we’ll discuss endpoint attacks specifically, and some of the more common attack vectors.  We’ll also touch on a few primary ways to prevent these breaches, and why business owners should care.

How are they getting in? Here are several common attack types

User Initiated

There are several different ways that a user might initiate an attack.  Phishing is a common method where an attacker fraudulently contacts an individual to get personal information such as passwords, credit card numbers or other data.  These attacks are common, and increasingly sophisticated.

Another email threat is infected attachments.  An end user will get mail with a normal looking word file or PDF attached.  Usually there is some messaging about why they need to open the attachment right away.  When the attachment is clicked instead of opening it delivers a silent payload.  This could be a keylogger or other malware.

Users can also pick up malware on the web when browsing infected sites.  Some without even clicking or downloading anything.  Toolbars, and coupon software can also be gateways for malware and adware.  Users need training on how to avoid these common problems.

Misconfigurations

A device can be made vulnerable by the way it is configured.  Running outdated software, not keeping up with security patches, and inadequate access controls are a few common endpoint misconfigurations.  Running unnecessary services or features, inadequate remote access controls, or poor hardware management are other problems that can cause an endpoint to be misconfigured.

Endpoints should be audited regularly to ensure that the original secure configuration has not changed, that security patches are maintained, and other problems aren’t present.

Misconfigured networking equipment can be an even larger security hole.  A firewall that is misconfigured with open ports, poor password hygiene, or old firmware can put your entire network at risk.  Regular configuration audits can help ensure that your config is still secure.

Weak Passwords

One of the simplest attack methods is passwords.  This is mostly because humans seem to have terrible password hygiene.  Weak passwords can be easily cracked with the right tool.  Many people also reuse their passwords across all different accounts.  This is a huge problem because if that password is breached the attacker can now gain access to everything.

Continuing to use a password that was already compromised in a data breach is also a bad idea.  Many compromised passwords are for sale on the dark web.  Continuing to use them is an invitation for bad things to happen.

Good password hygiene should be used along side multifactor authentication wherever possible to keep your accounts safe.  Password managers can help.

Weak Physical Security

Another area that isn’t considered as much when discussing cybersecurity is physical security.  The truth is that if a bad actor can get physical access to your equipment, they can do a lot of damage.  You want to keep them out.

This starts simple.  Make sure you have locks on your doors.  All sensitive equipment such as servers should be held in a secure location with a separate lock on that door as well. 

Security cameras are a great idea if you have a significant amount of equipment on premise.  A security system for the doors is a must as well.  Take the steps to physically secure your building so that it’s not easy for someone from outside to get access.

Zero Day Attacks

“Zero-day” is a broad term that describes recently discovered security vulnerabilities that hackers can use to attack systems. The term “zero-day” refers to the fact that the vendor or developer has only just learned of the flaw – which means they have “zero days” to fix it. A zero-day attack takes place when hackers exploit the flaw before developers have a chance to address it.

These types of attacks are some of the most dangerous because there is no patch or fix to put in place.  Proper security layers on endpoint and perimeter level as well as keeping up with operating system security patches can help give some protection.

Primary Ways To Prevent These Breaches

User Awareness Training

Protecting and educating humans can be one of the most difficult jobs for an IT guy.  End user awareness training seeks to help educate users about the most common threats they might encounter such as phishing and others.  It will even send out phishing tests to see who in your organization are “clickers”, then educate, then test again to see if we’ve made progress.  A little education can go a long way in protecting your users.

Email Security Suite

Another solution that can be helpful in protecting against SPAM, phishing, and other cyber attacks coming in via email is an email security suite.  The best ones will block spam, can reduce some of the phishing attempts that make it to your mailbox, and protect against malicious attachments.  If you want to protect against phishing and business email compromise having an email security solution in place will help.

Patching Automation

Security patches from Microsoft are released every week and can be cumbersome to manage.  However, if you don’t apply them, you could be putting your endpoint at risk.  To solve this problem IT providers will use software tools that allow them to automate patching.  This keeps machines up to date and safe while taking the burden of applying patches off the user.

Configuration Audits

Another item that can help protect against various misconfigurations that could present a security problem is regular audits.  This helps you identify if the configuration on a device has changed and if any new vulnerabilities exist.  If found, they can be remedied.

Password Manager

Good password hygiene goes a long way to solving the problems with passwords getting hacked.  However, since we’re humans and seem to take the easiest path to shortcut our work, a password manager can be a great tool.

Password managers allow you to create one master key, then store all your various passwords so that they can be auto applied when logging into various sites.  One of the main reasons humans tend to have bad password hygiene is that they can’t remember 50-100 passwords at one time.  A password manager can help solve those problems.

Multifactor Authentication

Microsoft has reported that having proper multifactor authentication in place can help defeat 99% of password attacks.  This is a critical tool and should be implemented everywhere possible.  Definitely on your email.  Web based applications can often be set up with MFA as well and should be wherever possible.

Physical Security

We recommend talking to a building security contractor that can take a look at your space and help you put the right solution in place for physical security.  Security system, cameras, key fobs, and door locks can all be a part of a complete solution for physical security.

Endpoint Detection and Response

A good EDR software can help your organization to protect against potential zero-day vulnerabilities.  They use heuristic analysis and AI to determine malicious processes and help protect against threats.  There is no perfect solution for zero day attacks but having proper security layers and EDR in place will definitely help.

A Layered Approach

As you can tell there are many different potential attack vectors.  There are also many different solutions you can put in place to protect your network.  The best security solutions are like ogres and onions.  They have layers.  A layered security approach put in place and administered by a pro is the most likely to help keep you safe.

Free Security Analysis

If you have questions about the security of your network or data, the best time to act is now.  i.t.NOW offers a free analysis of your current security solution and recommendations on how to close any gaps that are found.  Call us today for a free security report.