We all know cyber-crime is growing rapidly but since the inception of covid19 the cyber-crime took a massive jump and various industry sources say that just within the past year cyber threats have grown by 800%. We are in a time where cybersecurity can not be ignored at all.
Many organizations on various levels have faced cyberattacks, I received emails and phone calls inquiring about what better cybersecurity measures they can take to protect their digital assets.
So I decided to write a series of posts on cybersecurity. This is the very first blog of this series:
Many people believe that their business is small and cybercriminals will not target them. It’s a big myth. Cybercriminals do not look at the size or revenue of the business before attacking it.
Another thing is that the majority of cyber attacks are automated. Cybercriminals configure some automated scripts known as bots and these bots continuously look for vulnerable servers and applications and hit them.
In this whole automated attack process; the size and revenue of the business do not matter at all, as bots or automated scripts are designed to look for vulnerable targets, not the size and revenue of the business.
Another big myth that the majority of people have is SSL/TLS and Firewall protect their business applications and servers.
Let me clarify that SSL/TLS which stands for Secure Socket Layer/ Transport Layer Security; only ensures secure communication between the client and server. But still having SSL/TLS does not mean that the communication between application/server and clients/users is fully secure. So many other factors work here which I will talk about later.
When it comes to firewalls, most people use cloud flare WAF. Cloud flare is a DNS-based web application firewall, it only works when the cybercriminal attacks your website using its domain name. If the attacker uses the IP address of your server to attack the server then cloud flare WAF won’t be able to do anything as the attacker won’t go through the DNS server.
For cybercriminals, it’s not at all a big deal to identify the actual IP address of your web server.
Now the big question is how organizations can protect their digital assets? What kind of cybersecurity measures organizations should take to protect their IT assets?
Cybersecurity can not be addressed using any single security solution such as a firewall or IDS/IPS. Organizations should have a strategic multi-layer cybersecurity process to combat and mitigate modern cyber threats.
Some of you may say that multi-layer cybersecurity will be very expensive for small and medium-sized businesses.
Again it’s a big myth among corporate leaders that multi-later cybersecurity will cost a lot of money. In reality, cybersecurity does not require big investments. You simply need to learn and follow some golden rules of cybersecurity and that will be enough to counter modern cyber threats.
The very first golden rule of cybersecurity is one server one service: the majority of us use servers where so many services are installed such as multiple programming languages, multiple databases, email servers, FTP services, and a lot more other packages and services that are not at all required.
Your website is built on top of PHP 7.4 and using MySQL as a database, so technically your server should only have PHP 7.4 and MySQL installation, nothing apart from it. But our servers with Cpanel and Plesk come with a whole lot of services and application packages which our web application hardly uses or we install all the unnecessary stuff without understanding anything.
This creates many security issues. More services and packages mean a bigger attack surface for cybercriminals. I have personally witnessed many servers with the end of life, unsupported, and outdated services installed. Attackers target these outdated services or packages and attack them using various exploits and malware.
Another golden rule of cybersecurity is: Always install security patches into your servers and keep servers fully updated.
Nothing is immune to cyber threats and no software developed in this world is vulnerability-free. Organizations continuously test their software and release security patches. Microsoft releases security patches on the second Tuesday of each month.
When it comes to Linux they are pretty much faster than Microsoft, The average vulnerability patch release time of Linux is just 7 hours. So keep an eye on security patch releases, install them as early as possible and keep your servers secure and immune to cyber attacks.
Continuously perform vulnerability scans to discover any hidden vulnerability which can be exploited, Perform the vulnerability scan, identify vulnerable ports and services and patch them before they get exploited by any cybercriminal or automated script or bot.
- Make sure you have proper access control and authentication mechanisms on your application and servers. Public-facing applications should be executed using a no-shell, no-login user.
- Harden your Linux server, enable IP tables, and SE-Linux. Only open required ports publicly.
- Only use strong usernames and passwords. Don’t use well-known usernames such as Admin, Administrators, etc. Passwords should be at least 14 characters long and should be made using the combination of upper case, lower case, numeric and special characters. Along with password policy, organizations should also have a strong username policy to better address cybersecurity.
- Use a server-based web application firewall along with some DNS-based firewalls such as Cloud flare for additional layers of protection.
- Install SSL/TLS certificates to ensure communication level security. SSL protocol is outdated and insecure; it has been replaced by TLS protocol long ago. Make sure you use TLS1.2 or higher as anything lower than TLS1.2 is vulnerable and insecure.
- The TLS1.2 certificate size should be at least 2048bit.
- Another very important activity is log monitoring. Keep an eye on system logs as logs will give in-depth information about your system activities.
It’s a big list of activities. In my upcoming blog, I will talk about how you can execute these cybersecurity activities in your organization. I will share details about the tools and techniques which can help you deploy all the required cybersecurity measures.
Thank you for reading.