Let’s continue with the last five of the top 10 security misperceptions today.
To revisit or view the first half of the top 10 security misperceptions, you can check them out here.
These misperceptions need to be understood not only by the IT function, but also senior executives such as the CFO to protect an organisation from financial losses and reputation damage brought by security incidents.
According to Sophos, the remaining misperceptions are as follows:
Misperception 6: We are not a target; we are too small and/or have no assets of value to an adversary
It doesn’t matter how small you are, if you have processing power and a digital presence, you are a target.
The attackers will seek for the opportunities which the organizations are involving into the security gaps, errors or misconfigurations that cybercriminals can easily exploit.
Misperception 7: We don’t need advanced security technologies installed everywhere
The assumption that protected endpoints can prevent intruders from making their way to unprotected servers is a mistake.
According to the incidents Sophos Rapid Response has investigated, servers are now the number one target for attack and attackers can easily find a direct route using stolen access credentials.
If your organisation relies only on basic security, without more advanced and integrated tools such as behavioural and AI-based detection and a 24/7 human-led security operations center – then intruders will likely find their way past your defenses eventually.
It is always worth remembering that while prevention is ideal, detection is a must.
Misperception 8: We have robust security policies in place
Having security policies for applications and users is critical.
However, they need to be checked and updated constantly as new features and functionality are added to devices connected to the network.
Verify and test policies, using techniques such as penetration testing, tabletop exercises and trial runs of your disaster recovery plans.
Misperception 9: Blocking IP addresses from high-risk regions such as Russia, China and North Korea protects us against attacks from those geographies
Blocking IPs from specific regions is unlikely to do any harm, but it could give a false sense of security if you rely only on this for protection.
Adversaries host their malicious infrastructure in many countries, with hotspots including the US, the Netherlands and the rest of Europe.
Misperception 10: Remote Desktop Protocol (RDP) servers can be protected from attackers by changing the ports they are on and introducing multi-factor authentication (MFA)
The standard port used for RDP services is 3389, so most attackers will scan this port to find open remote access servers.
The scanning will identify any open services, regardless of the port they are on, so changing ports offers little or no protection on its own.
RDP activity should take place within the protective boundary of a virtual private network (VPN), but even that cannot fully protect an organization if the attackers already have a foothold in a network.
Ideally, unless its use is essential, IT security should limit or disable the use of RDP internally and externally.