- June 24, 2019
-
Matthew F. Fox
- 4 min
U.S. businesses are being urged to prepare for possible retaliation from Iran after the Trump administration launched a cyberattack against the country’s rocket and missile launching systems, as recently communicated by current and former U.S. government officials.
Despite the recent attention around offensive cyber-strikes, most government spending is focused on the defense of data and networks. Businesses of all sizes must invest in proper security and data protection to reduce attack surfaces and associated risk, as a single individual can bring business operations to a halt if you are not prepared.
While the most publicized events involve offensive attacks, there has been a measurable increase in activity around phishing, ransomware, and other attacks that target businesses of all sizes.
NASA’s JPL Hack
Last week, NASA confirmed that its Jet Propulsion Laboratory was hacked in April of 2018. The audit document detailing the incident reveals that an unauthorized Raspberry Pi was targeted by hackers, allowing them access to the JPL’s network, reaching the Deep Space Network array of radio telescopes and other systems.
The extent of the breach was so significant that the Johnson Space Center, responsible for programs like the International Space Station, completely cut itself off from access to avoid further incidents. The audit report states, “Johnson officials were concerned the cyber attackers could move laterally from their gateway into their mission systems, potentially gaining access and initiating malicious signals to human space flight missions that use those systems.”
The lack of protection for a high-profile target such as NASA’s JPL points out common shortcomings and risks, many of which could be easily mitigated by adhering to security best practices. The post-incident audit revealed poor IT asset visibility, security violation resolution shortcomings, poor patching of identified security vulnerabilities, and lack of role-based security training and even round-the-clock incident reporting capabilities.
This begs the question, “if this can happen to NASA, how do I keep it from happening to your business?” There are plenty of measures businesses of all sizes can take to avoid situations like this.
Keep Your Systems Updated
Vulnerabilities are found in computer systems on a regular basis, and it’s important to keep yours up-to-date with the latest patches to minimize the risk of a known vulnerability being exploited. Regularly applying available updates to operating systems and software helps minimize risk and has the potential to offer benefits like new features and improved performance.
Performing regular updates for a few computers isn’t a large task but maintaining entire fleets can be a challenge for most businesses. Managed service providers, including Valiant, utilize Remote Monitoring and Management tools to proactively monitor networks and computers, automatically performing updates and other processes to maintain a secure and reliable environment.
Data Protection Strategy
Lost revenue during an operational outage is a given for most businesses and the financial damage is further compounded by the need to compensate staff, even if they are unable to properly function without the critical systems and applications they need.
Operational outages can be caused by many factors other than an offensive attack on a business. Power failures, extreme weather, and even human error can lead to downtime, and a properly executed and regularly tested data protection strategy can minimize damage.
A data protection strategy must identify the data stored on your network, how it is backed up, and how to restore it should an incident occur. The addition of a business continuity plan further minimizes damage by utilizing systems that maintain access to data even in the event of a major incident, minimizing operational downtime even in extreme conditions.
Valiant’s partnership with Datto enables us to provide enterprise-grade data protection to businesses of all sizes and restore access to data within minutes.
Security Best Practices Training
Implementing security best practices for your business empowers your entire staff with the ability to detect and avoid attacks.
A properly trained staff is your first, and often the strongest, line of defense against offensive attacks. According to the SANS Institute, 95% of all attacks on networks are the result of successful phishing attacks and arming your staff with an understanding of phishing attacks can protect your business from major incidents.
Other best practices include the usage and proper storage of strong passwords, usage of multi-factor authentication the implementation of data loss prevention tools.
Valiant offers security best practices training to all clients to assist in the prevention of data loss and phishing attacks, and our suggested best practices are routinely audited and updated to ensure our clients are aware of the latest methods to detect and avoid risks before they become costly incidents.
Work With Experts
Network security is a specialization, and an area of skill that is commonly missing from small businesses with a limited technology headcount. Given that an entire business’s operations may rely on technology, it’s critical to work with experts that are able to identify and mitigate risks and build strategies that keep your technology stable and secure.
Valiant Technology’s philosophy on network design places an emphasis on stability, security, and scalability to help create positive outcomes for our clients – and have done so for nearly 2 decades. Are you concerned that your network may be vulnerable to attack? Schedule a meeting with our team to learn how we can help.
