What do cyber-criminals do when they need more computing power? They steal it, of course, and something connected to your network could be captured and enslaved in a global botnet army if you haven’t hardened your systems. This is what occurred in 2016 when a huge Denial of Service attack targeted high profile websites and hosting providers.* Here’s how it happens.
A cyber-criminal searches the internet for devices that have weak, default or no passwords or other holes that can be exploited. When they find an open door, they confiscate the computing power and turn it in the direction they want it to go. The owner of the device is none the wiser unless they are closely monitoring their network and notice a huge spike in outbound traffic.
Security cameras and other Internet of Things (IoT) devices have been favorite targets for takeover because their security has largely been neglected. However, any hardware or software can have potential unlocked doors where hackers can enter to not just create botnets, but cause havoc to your business by downloading ransomware or gathering intelligence for high stakes phishing campaigns.
Ready for some good news? You can lock these entry ways down with systems hardening. Systems hardening is, in fact, a practice that should be applied to just about anything connected to your network, from your printers, phones and cameras, to your servers, operating systems, firewalls and databases.
Turn It Off or Lock It Down
Systems hardening is simply turning off hardware and software functions that you’re not using, and utilizing good password management to control access to accounts and data. Some of the tactics included in systems hardening are:
- Changing default passwords
- Utilizing multi-factor authentication (MFA)
- Deleting unused accounts
- Managing user access with least privilege
- Disabling unused software features
- Disabling unused operating system features
- Turning on security features
- Patching and updating software
The difficulty with systems hardening generally comes from a lack of knowledge about how to configure hardware and software for maximum security. You have to know what to secure and how to secure it. Even with popular software like Microsoft, it takes expertise to know where all the settings are and then how best to utilize them.
Systems Hardening Reduces Potential Attack Surface
Systems hardening is a layer of your security strategy that reduces cyber risk by decreasing the possible entryways to your network. Its use is interwoven with other tactics in your security strategy that together allow you to stand up a strong defense to increasing cyber threats.
Discover Unlocked Doors with a Cybersecurity Assessment
You can ask your IT team if they’re utilizing systems hardening in your cybersecurity strategy. Or you could schedule a cybersecurity assessment and get an objective view of your security posture. Do it today and stop wondering.
Schedule a cybersecurity assessment.
*http://blog.cloudflare.com/inside-mirai-the-infamous-iot-botnet-a-retrospective-analysis/