Security issues are keeping IT professionals up at night, and not just with worries. A breach can come at any time of day or night, and they have to deal with it right away. Internet crime costs over $1 billion a year. Criminal organizations emulate business and open-source models, putting sophisticated malware in the hands of amateurs. It's a 24-hour job to stay ahead of them.
The biggest malware threat is now ransomware. It wipes out computer data and forces organizations to pay large sums in Bitcoin to get it back. Places where a sustained interruption would endanger people, such as hospitals, are especially vulnerable. The malware's authors use state-of-the-art encryption, not to protect files but to make them unusable. Blockchain technology lets them collect payments in Bitcoin without identifying themselves.
Large criminal organizations offer Ransomware as a Service, or RaaS, to individuals. They can launch attacks without much technical knowledge.
Cleverly designed phishing email tricks people into downloading the malware. It's not the illiterate spam that once dominated junk folders, but carefully crafted messages. Fake legal notices or package delivery notifications are common. “Spearphishing” mail targets high-ranking individuals, using publicly available information to look legitimate.
Regular offline backups are the best defense against ransomware. If all the important files on a computer are safely backed up, the attack is just an inconvenience.
Spam filtering is also important. Even people who are alert will make occasional mistakes. If most of the spam doesn't reach their mailboxes in the first place, they're less likely to slip up.
IT people, even in small businesses, have to manage networks that are more complex and porous than they were a few years ago. Mobile devices are part of almost every network. Employees may be allowed to access it from their own phones. Devices of all kinds have Port 23 or 80 access. Routers, Wi-Fi access points, and print servers can all be vulnerable.
This growth is a convenience for users but a headache for IT management. If any device isn't configured to be secure, it can offer a back door into the local network. It can plant malware on other devices or get access to shared storage devices.
To prevent this, the IT staff has to make sure every device is secured, unnecessary services are deactivated, unwanted ports are blocked, and software is patched. Monitoring is necessary to catch any break-in attempts or signs of a successful breach.
A huge DDoS attack got widespread notice last year when DNS provider Dyn was swamped for
most of October 21, making numerous websites inaccessible at times. A type of botnet software known as Mirai accounted for a large part of the attack, and notoriously weak devices on the Internet of Things provided the ammunition.
Mirai is open-source software. The motives of the person who published the code aren't clear, but it means anyone who can reach vulnerable devices can start a botnet.
“Layer 7” attacks, which are tailored for specific applications, can use up server capacity faster than attacks based on sheer quantity. This lets a small botnet cause more damage.
Unlike malware and break-in attempts, DDoS can't be stopped outright by better security measures. Adaptive firewalls and application-level detection of hostile packets can mitigate the effect. Having cloud-based failover capacity for emergencies can help a network to get through an attack.
Staying up at night, the right way
Threats such as these show that security is a 24-hour job. If a problem isn't caught quickly, it can put a site offline for hours and require expensive remedies. Many businesses are turning to managed services to make sure their networks are always monitored. A daytime employee who is dragged out of bed for an emergency won't do the best job of fixing it quickly. It's best to have people who are on shift and alert at all times.
At TriCore, we offer end-to-end Managed Infrastructure Services that help enterprises achieve an optimized, secure, and scalable IT infrastructure. As a managed service provider, our approach to managed infrastructure services blends people, processes and technology. Learn more about selecting a MSP with our helpful guide: