Sixty percent of small companies go out of business within 6 months of a cyberattack.  (Source:  “ Internet Privacy in the Digital Age,” Champlain College, 2014)

A cybercriminal breaches their network through security holes, steals IP and customer data or deploys ransomware, and moves on to the next target.

Every business with holes in its network is vulnerable, small or large.  Even if you have a written cybersecurity plan (half of IT decision makers do not), you can be wide open for a cyberattack.

How do you find those holes? That's what we're talking about in this month's WOOF!. But first, some details on what you're up against.

A Network Breach in Action

A network breach can occur on any network.  Small business networks aren’t immune—in fact, hackers are increasingly targeting them.

How does a network breach occur?  Here are the steps.

Step 1:  Warning Signs.  Invalid login attempts appear in the server security logs.  Accounts that don’t exist are trying to log in.  This is someone trying to find a hole.

Step 2:  Breaking In.  If no one sees the warning signs and steps up security, the cybercriminal can keep trying until they find a hole.  Once inside, they’ll send probes out onto the network, looking for information.  Typically, they look for personnel or customer records, which they can sell to fraudsters.

Step 3 (Option 1):  Repeat.  If the network is unmonitored and has a few security holes, breaches can go unnoticed for a long time.  The cybercriminal can repeat their probes over & over until they find some valuable data to steal.

Step 3 (Option 2):  Devastation.  If the cybercriminal feels like it, they can deploy ransomware inside your network.  Your files are encrypted, computers locked up, and you get a “pay the ransom or lose your data” notice.

Any computer is vulnerable to ransomware in a breached network.  Even the domain controllers.  Once that happens, the last defense is a good backup strategy!

Fixing the Network after a Network Breach

Once you discover a breach, you have an expensive repair on your hands.  

• First, shut down all the servers, and disconnect the entire network from the Internet.
• Check your firewalls and shutdown ports which may be used to exploit the network.
• Next, turn the servers back on one at a time.  Use computer forensics to test each one.
• If clean, turn the server off again and move to the next.
• If infected, you’ll have to clean the system.  Oftentimes with ransomware, the only solution is to wipe the server, and rebuild it from backups.
• Once all the servers are clean, reconnect Internet access.  People can get back to work.

How long can this take?  Let’s assume a server room with:  

1. 2 domain controllers
2. One Exchange server
3. A Terminal Services server
4. One file server with 500GB in stored files
5. One application server

In this environment, the process of rebuilding and restoring can take over 7 days, with around 20 work-hours per day.  Ouch.

What is Network Vulnerability Testing?

A “vulnerability” is a weakness in your computer/network security that allows an attacker to cause some form of damage.  Network Vulnerability Testing helps you find those security holes, before they turn into network breaches.

The process is also called Vulnerability Management or Vulnerability Assessment. 

“Damage” can take many forms.  Stealing data from a server, crashing your office network, using your network to send spam, releasing ransomware, etc.  Testing looks for these vulnerabilities, and helps you fix them before a breach occurs (a process called remediation).

How Does Testing Find Vulnerabilities?

Testing tools examine the network’s components and activity, including any cloud connections.  They determine any points where a vulnerability does (or could) exist.  The tools “learn” how your network operates, so they can figure out where vulnerabilities may arise in the future. 

Then, using this information, we recommend actions to remediate those vulnerabilities.  As well as policies to prevent future vulnerabilities coming into existence.

Testing Guards Against Network Breaches

Typically, you need more than one vulnerability to trigger a breach.  The most common combination?  Insecure passwords, plus a port open on a server allowing remote access.

Unfortunately, such vulnerabilities are common.  Users often keep the same passwords indefinitely.  IT loads new applications, which need ports opened.  Networks grow and change.

So do cyberattack methods.  Anything exposed to the Internet is potentially vulnerable.  That’s why doing regular vulnerability testing is a critical prevention step.

Best Practices for Network Vulnerability Testing

Good network security minimizes the chance of security holes appearing.  Vulnerability Testing finds any remaining holes so you can fix those too.

Here are the cybersecurity practices we advise for minimizing security holes:

• Install a firewall between your network and your ISP connection.
• Put server GPOs in place to ensure password complexity and limit lifespan.
• Run regularly scheduled vulnerability scans from inside and outside the network. 
• Run daily backups, and keep copies offsite.  Not only does this safeguard your data, it eliminates one vulnerability – backups stored on-site, open to theft or deletion during a breach.
• At least once per quarter, run test restores to make sure your backups remain viable.

Best Practice for Network Vulnerability Testing include:

• Run vulnerability tests once a quarter.
• Test all the systems involved in SOX/HIPAA compliance.
• Generate and keep reports.
• Fold vulnerability closures into your regular IT maintenance.

Don’t become one of the 60% of small businesses taken down by cyberattack.  Network Vulnerability Testing helps you find and seal up the holes.

Concerned about your network’s security?  Email us at woof@planetmagpie.com to find out how we can lock it down fast.