computer virus-01

The vast majority of cyberattacks happen to small and midsize businesses - 60% of them fold within 6 months of an attack, according to Inc. Magazine. With cyberattacks on the rise, network security is the number one issue on IT Exec's minds. We started a 3-part blog series, discussing the main types of network vulnerabilities: Hardware, Software, and Humans. In part 1, we covered the first type of network vulnerability, Hardware with the different categories and how they can be subject to vulnerabilities. Now we will be moving to part 2, Software. As before, we will address what makes software vulnerable, how it can be breached, how to prevent it, and what to do if a breach occurs.

 

Part II. Software

How it's vulnerable

Outdated/unmanaged applications, in-house written applications, systems with plug-ins or add-ons, and poorly configured apps are all a prime target for hackers. 

With remote work trending, IT Managers need to be aware of all software downloaded. This can be tricky with employees working from the comfort of their home. Vulnerabilities increase when remote employees also don't execute software updates - which often provide security patches. If an application has not been updated, or fully removed, it's highly vulnerable to a breach. For example, if a Content Management System needs to me removed, make sure all plug-ins and add-ons are also deleted. Developers need to pay special attention to security controls when they code in-house applications - to fix a breach may not be incredibly fast or easy. 

Lastly, when software is configured, IT personnel need to be thorough. By default, software has given account names, passwords, and security protocols - these need to be renamed and customized for the organizations. if not, the software is an easy target. 

How do you know your network has been breached?

Similar to hardware breaches, at first, it might be difficult to detect. Not everyone uses every application, every day. Luckily, systems today are getting more sophisticated to where if an app is breached, for example, a changed password or new log-in location, the user will be notified. 

It's important to stay vigilant. Obviously, if money is missing, a ransomware request has been made, an out of the ordinary social media invite has been received/given, unwanted browser toolbars are present, and/or a password isn't working, then unfortunately - the software has been hacked. 

How to prevent software vulnerabilities

IT personnel should perform frequent network scans and software updates. Network vulnerability scans can detect outdated, or buggy software. Software updated help with secure, but again, it's for software that is known to the IT department. Remote workers should not download anything on their computer without giving prior knowledge to their IT department. It's impossible to protect what is not known! As mentioned above, in-house developers need to code applications with strict security measures and all default software configuration need to be changed during installation. 

What to do if your network is hacked?

Unfortunately, it's not a matter of if, but when. At the point a breach is recognized, it's important to take swift action to mitigate the threat. Below are the steps to take to recover from a data breach in the network: 

  1. If hit with Ransomware, immediately contact your cybersecurity insurer. Insurance companies have exact protocols of how to proceed during/after a security breach and you could lose money and leverage if you don't contact them right away. 
  2. Disconnect the device from the network - including printers or anything else with wired or wireless connections. 
  3. Don't go searching on the internet for malware remedies as these could be potential traps for you to download additional malware. Trust products you know and that are familiar. 
  4. If you are an end-user, report the incident to your designated IT representative to make them aware of the situation. 
  5. Run an anti-virus scan of the device and network. If that does not fix the problem, don't assume the virus has affected the anti-virus software. There are many reasons that the anti-virus might not work - sometimes failing catastrophically with lots of errors but also finds nothing at the same time. If the anti-virus isn't finding anything, it could be that definitions aren't updated or it may be a brand-new variant that no one has classified yet. It may be that using a different anti-virus software will find it, or that it isn't malware at all. 
  6. Restart the network beginning with image level restores into an isolated network. Conduct forensics to determine whether a threat actor was still present in the restored image, and if there is non, workloads can move safely into production. This restores OS, data, and applications while giving forensics time to examine them and make sure they are clean. An alternative would be to build greenfield servers (OS and applications) and restore data, but it still needs to be done isolated in case the data itself is infected and capable or re-infecting the environment. 
  7. Replace all your passwords with new ones - preferably pass phrases and enforce Multi Factor Authentication (MFA) wherever possible. 

Conclusion

With the number of applications and systems that businesses use, keeping it all secure is a big task. It's important to note that the main defense you can take is to have a vulnerability program in place and to patch often. Similar to how network hardware is tracked, it's also vital to have a Software Inventory document. Having a living document that shows every app and systems the business uses, who has access to it, how old it is, etc. leaves little room for security vulnerabilities. 

If you need help getting started with a vulnerability program, download this Network Security eBook as a free resource which includes an asset inventory template. If you wish to speak with an engineer for further assistance, contact us at sales@n3t.com and we'd be happy to connect you with one of our certified Net3 Sales Engineers or Request More Info.