How to avoid serious network security accidents?

The development of technology has increased the risk of network security , From the sharp increase in the number of online fraud to more and more human errors , The key sensitive information of the enterprise is under greater threat , What is more , Some serious network security risks will also affect the life safety of personnel .

Although there is no guarantee of absolute safety , However, the enterprise organization must try its best to avoid serious safety accidents that may affect the survival and development of the enterprise . In national policy 、 With the active support of laws and regulations , More and more enterprises' safety awareness is improving , But in response to some major emergencies , There are still some shortcomings . This paper summarizes the major network security accidents that some enterprises and organizations may face , And the corresponding protection policies are given , Hope to provide more targeted safety protection experience and knowledge for enterprise organizations , For a rainy day .

1. Continuously strengthen safety control

Enterprise organizations want to solve the problems of cloud disclosure and system exposure caused by configuration problems , First of all, we should improve our attention to configuration accidents and configuration problems .

Various configuration accidents , Some are real mistakes or omissions （ Two factor authentication is not required to access sensitive resources ）, Some systems lack adequate protection against social engineering attacks , Others are because business organizations don't know about deliberate misspelling attacks and other attacks .

There are many solutions to this problem . Enterprise organizations can set more reasonable default permissions , For example, all content is private by default , Clear steps must be taken to make certain content publicly visible before it can be used ; You can also set strong passwords that are not repeated for cloud services , And use two factor authentication , Avoid things like Colonial Pipeline Attacks and other security incidents caused by password disclosure ; Besides , Business organizations can also use Shodan and Censys And other vulnerability scanning and Internet scanning tools to regularly evaluate the potential attack surface of the enterprise .

2. Keep reliable data and system backup

Extortion attacks may bring economic losses to enterprises , Is a more serious type of attack , But business organizations often have a fluke mentality , Few enterprises actively customize the protection scheme against such attacks . Although some enterprises and organizations have a large number of old software products to deal with blackmail attacks , But it's full of loopholes , Therefore, enterprise organizations should recognize the importance of upgrading 、 The cost of maintaining these old system products , Which is more important than the business interruption and financial loss caused by the blackmail attack when it really happens .

Although many industry enterprises believe that extortion attacks do not necessarily cause economic problems , But for enterprises such as hospitals , It's a matter of life and death . Although such attacks cannot be completely avoided , But enterprise organizations can respond to attackers through backup , Implement effective programs to back up critical data , It can ensure that key business processes can be quickly recovered after an attack , Further reduce the impact of ransomware attacks .

3. Data classification management

Because all the data needed to keep the business running smoothly is huge , Difficult to backup all 、 The high cost , Data theft and blackmail software attack may steal only important sensitive data in the enterprise . therefore , There is no point backing up large amounts of common data . And once data leakage and blackmail software attacks occur , This is even worse for the company . therefore , The best precaution is a thorough analysis of the available data , Back up important data , Delete unnecessary data or transfer less important data . such , Even if the system is attacked , Enterprise organizations can also protect data that is really important .

4. Automated response management for threat alerts

On a daily basis , The noise in massive threat alerts is also a problem that has been puzzling enterprise organizations , For this problem , Automation can help . Organizations can configure automated tools that prioritize threat alerts , To determine the importance of different alarms , Automated tools with the ability of context analysis have more advantages in the classification and grading of Threat Intelligence and the ability of automated response .

If you want to further improve the safety protection capability , Enterprise organizations can adopt the classic defense in depth model . In this mode , If the threat appears in the internal environment , Enterprise organizations can carry out all-round internal inspection 、 Block and respond , There is a greater opportunity to stop the threat . Defense in depth mode is helpful to almost all enterprise security teams , It provides a cost-effective way for small teams 、 Less time-consuming ways to enhance security ; At the same time, for the security team of large enterprises , It frees up more time and resources to deal with more important problems .

5. Plan the recovery process in advance

As the saying goes “ There will be a gap in a hundred secrets ”, No matter how tight the security system of the enterprise organization is , There may always be loopholes . Business organizations can buy the best tools on the market , But attackers are also adapting to new technologies , Make the attack very powerful , The passivity of the defender is inevitable , There are some new attacks that organizations may not be able to prevent .

In this case , It is important to plan the recovery process in advance . When planning the recovery process , Step by step , Don't rush for success , The recovery process needs to be carried out under the assumption of failure . Therefore, the enterprise organization can combine the internal threat detection and response mechanism , Choose to implement preventive measures . Some typical prevention mechanisms include ： Conduct network security training for employees 、 Adopt strong password without repetition and two factor authentication . in addition , The establishment of detection and response mechanism shall include analysis log 、 Network security insurance, regular data backup and other processes , Don't be careless about this .

6. Protect application system source code

The problem of source code theft and disclosure has existed for a long time , Go back to 2004 Year of Microsoft Windows Events and 2006 Year of Diebold Voting machine events . Source code theft is often caused by enterprise multifactor authentication （MFA） Improper program configuration 、 The attacker hit the library access account 、 There are loopholes in the system inside the enterprise that allows remote access to local files or malicious information that should not be disclosed git Repository, etc .

One way to prevent source code theft is to protect all code data without discrimination , Try to follow the principle of minimum access . for example , It requires that only the staff responsible for processing the source code have access to it , But the drawback of this method is , It interferes with the developer's workflow , Make developers face access barriers 、 Problems such as blocked development .

So the best solution is , Ensure that confidential information never appears in the source code 、 Password and key . for example , Some software packages have the function of preventing accidental and intentional disclosure of source code , For example, it is used to scan e-mail and other network traffic to find data leakage prevention software on sensitive data tools , Organizations can use such software to protect source code .

7. Strengthen the safety awareness of employees

In addition to doing a good job of practical preparedness , It is also important to ensure the safety awareness of all employees in the enterprise organization . While carrying out practical work , While improving the network security awareness of all employees of the enterprise , This is the best way to protect yourself .

In fact, many protection measures to ensure the security of enterprises and personal networks are very basic , For example, set strong passwords that are not repeated for important websites 、 Use two factor authentication 、 Make sure the software and operating system are up to date 、 Avoid clicking on suspicious or illegal links 、 Make backup .

However , In the face of large-scale and complex working environment mentioned above , It is not easy to do a good job of safety protection consistently , here , Improving the safety awareness of all employees of the organization can play a great role . Let the enterprise staff more actively cooperate with the safety measures , Even if the safety check 、 Routine auditing and other work may seem costly and tedious , But if the enterprise organization is a potential target of the above attacks , We can understand that it is important to establish a good enterprise safety awareness .

Reference link ：https://www.darkreading.com/risk/7-ways-to-avoid-worst-case-cyber-scenarios?slide=1​