With the massive shift in hacking capabilities, it is crucial to be aware of the threat landscape that is changing and affecting SMEs in more ways than ever. The most common mistake we encounter is poorly managed or entirely unprotected servers; is your business serving data to hackers on a plate?
Despite growing efforts to spread awareness of the best cyber security practices, 668,254,250 compromised records were recovered by DynaRisk in October 2019 alone - over 50 million of which were from misconfigured servers. Web servers and applications that are not configured properly are all too common, exposing sensitive data to cyber criminals. It is essentially an open invitation to hackers to take copies of, dump and use stolen records in fraudulent activities.
What is a misconfigured server?
Server misconfiguration attacks happens when configuration vulnerabilities are detected and abused in web and application servers. These weaknesses arise when security settings are defined, implemented, and maintained as defaults. Vulnerabilities come in various forms such as: debugging enabled, wrong folder permission, using default system credentials (username/passwords), unnecessary services running on the machine, misconfigured SSL certificates and enabling directory listing on the server, which leaks valuable information.
Example of an open directory that is leaking data
Configuration flaws can occur within all elements of the web app provision, including the platform (operating systems), web server, database and framework. Failure to completely lock down or strengthen the server can lead to unauthorized parties bypassing the authentication measures and accessing confidential information.
Is your business vulnerable?
If you answer yes to any of the below, your business is at risk.
- Do you have any software that needs updating or patching? This includes operating systems, web/app servers and all code libraries.
- Do you have any unnecessary features - such as ports, services and accounts - installed or enabled?
- Are there any default accounts (that are no longer in use) still enabled?
Simple steps to prevent misconfiguration
Good cyber hygiene starts with a number of small steps; your employees should use strong, unique passwords across all systems and data should be shared using secure processes. It is imperative to control access to your customers' sensitive data. For instance, set up different accounts for admin users, specifically for when they are using their administrative privileges, versus acting as a regular user of the system. Diligent checks of third parties are also essential. However, ongoing monitoring of your processes can help you prevent and combat data breaches.
In terms of technical actions, there are some essential measures a company needs to implement in order to enhance its security strategy:
- Open ports raise security concerns as criminals can compromise the security-facing servers. Therefore, disable unnecessary IP ports;
- Set up IP filtering and firewalls to protect your internal network from unauthorised access;
- Hide the server, so it cannot be found by cyber criminals using IoT search, by blocking specific IP addresses;
- Avoid using easily identifiable names such as your company name, production, development or staging. This will only help criminals identify more easily the database owner and take advantage of it.
Example: Stolen database using named after the owner company’s name that made it easy for criminals to identify the owner and ask them for ransom.
Encryption will make data unreadable for anyone except for those possessing the right encryption key. GDPR requires companies to implement data encryption in order to preserve the integrity of confidential information. However, encryption alone does not guarantee data protection against criminals; it's just one element that should be integrated into the overall security strategy.
Using outdated software can expose your company to a number of risks; one of the easiest ways to decrease vulnerabilities is to deploy regular software updates and patches whenever they are available. The teams responsible should be aware of newly released patches as soon as they are released, testing them in a mirrored environment first to ensure they don’t cause issues elsewhere within a system.
Disabling default accounts
Check if there are any default accounts and whether their passwords have been changed. Default credentials can cause a whole host of security issues so it is important to disable and delete accounts that aren't being used anymore.
Monitor cyber risks
Consider running security scans and perform system audits on a regular basis, particularly after making architectural changes; this will help to detect potential misconfigurations or missing patches and reduce the vulnerability landscape.
Knowledge is power when it comes to protecting against cyber attacks. Educating and training employees forms the base of an effective prevention strategy. As cyber security is still an inconceivable concept for many individuals, attention is rarely paid until an incident occurs - which of course is too late. Your employees should be trained to detect any potential cyber threats that could damage the integrity of the company's credentials and overcome them. Staying ahead of the curve means regularly monitoring and adapting to new threats – with continuous education, cyber security incidents can be more easily detected and remedied.
With the right tools you can make the learning journey more engaging, and teach your staff that cyber security needn’t be laborious and confusing. Our SME product can form part of a resilient cybersecurity strategy, providing your employees with tailored tools and something tangible to work with.
Get in touch with our sales team today to discuss ways in which we can help to protect your employees and business.