As technology disciplines go, cybersecurity is vast, with seemingly no end to complicated attacks and defensive strategies to parry them. Accordingly, security budgets for the enterprise are usually equally vast and no dollar is left unspent when it comes to advanced tooling and roadmaps to maturity.
But sometimes it’s easy to get caught up in the complexity of security as a war of technology and we end up looking past the low hanging fruit that’s right in front of us. There are simple, practically no-cost steps to lower the risk of attack on your organization that even IT leaders often overlook.
A good first step is attempting to reduce the attack surface. The attack “surface” includes any way in which endpoints are exposed to the open Internet, or where users are exposed to bad actors’ malicious links or phishing tactics. Here are just a few ways to accomplish that:
Maintain security hygiene of endpoints
Set a baseline of best possible endpoint “hygiene,” a term used in the spirit of keeping workstations tidy and in the best possible condition to defend against attacks. Some examples of good security hygiene include:
- Keeping software updated to latest versions using shortest practical update/patch intervals
- Using recommended security controls from a documented framework like CIS
- Using some type of asset management to gain visibility into inventory and track status of endpoints
Vulnerabilities, especially the attacker favorite “0-Day”, represent new and likely unfixed attack vectors in the short period after publishing.
Minimize attack surface
In the simplest sense, an endpoint exists to perform work and send or receive network traffic. Minimizing the scope of that traffic can go a long way toward preventing unauthorized access from the Internet. Take these basic steps to lock down a workstation:
- Deactivate unnecessary services
By default, modern operating systems activate many services or daemons during installation that just aren’t necessary for the average office user. Some services will open TCP/UDP ports to listen for connecting traffic. These are easy vectors for attackers since they’re well documented and are often found to have vulnerabilities.
- Disable local scripting interfaces
Being able to script an attack using PowerShell makes an attacker’s task easier. Most regular users have no use for PowerShell. Disabling it can prevent some malware from carrying out their payloads.
- Frequently analyze endpoints
Microsoft has several free security tools available. Among those is Attack Surface Analyzer, which should be run before and after software installations to reveal what kind of access has been opened up.
- Apply software updates when available
Last but not least, patch endpoints frequently. Zero-day and persistent vulnerabilities are the easiest way for attackers to compromise networks.
Reduce or disallow personal use
In the old days, there was a certain amount of acceptable personal use of work machines, but these days it represents more risk than ever before. The majority of ransomware attacks originate from phishing attacks that target a user’s natural instinct to respond. By disallowing access to personal email accounts, the opportunities to get phished are reduced.
Social media is also an effective conduit for posting the kind of links that a phishing attack might use as a tactic. Facebook, Twitter, TikTok, etc. are all great delivery mechanisms for malicious content, URLs, and phishing. It has even been revealed that TikTok uses a keylogger and records all screen taps even outside the app. In the work environment, it might make sense to block these domains at the DNS level if they are not critical for work function (like marketing teams.)
Reduce non-work-related Internet usage by using a proxy server to control access. Modern proxies can be configured to block large swaths of unnecessary websites and hosts that aren’t relevant to work function and represent only risk with no benefit.
The defensive techniques outlined in this article are simple to apply in most environments, requiring little to no additional software purchases. Frequent patching is considered the bare minimum for a security strategy.
Better security hygiene is recommended for any organization from the smallest SMB to the largest multinational enterprise.
Developing a regimen to apply the latest software updates, gain visibility into the unnecessary open attack surface of endpoints, and reduce non-work related personal use of workstations can vastly lower the risk of an expensive, successful cyberattack.