Protective measures in the year of the hackers – methods for your own protection!

M.Sc. Jan Hörnemann

Protective measures in the year of the hackers – methods for your own protection!

2020 is a very exciting year so far from the perspective of IT security. Due to the Corona pandemic, many employees had to work in the home office, or still do. This partial rapid step towards the “remote office” has created many security gaps that can be exploited by attackers. We have looked at various protective measures against hackers to make your systems more secure. We look at the step before the attack up to the reactive measures when an attack is in full swing.

2020 the year of the chipper

The year 2020 is not over yet and already forecasts show that this year will be the year with the most detected cyber attacks. The reason is obviously that the current year is strongly influenced by Corona. In a very short time, many companies had to make sure that it was possible to work from home. This very urgent need ensured that the home office places were partly set up too fast and therefore incorrectly configured.

Just like hackers, employees try to access the system remotely from the home office. If this remote access is not configured correctly or is equipped with very weak authentication options, it is a gateway for any attacker.

Protective measures against hackers

In order to prevent such cyber attacks there are different possibilities, which can be divided into three different phases: prevention, detection, reaction.

1. Prevention

The first phase, prevention, is about preventing an attacker. The attacker is made very difficult to penetrate the system through various measures. Besides updates on the end devices and strong passwords, we have chosen 4 other protective measures against hackers, which we would like to mention in this phase.

    1. Firewall: When it comes to prevention in IT security, most people immediately think of a firewall. A firewall analyses incoming and outgoing data traffic and tries to detect attacks. A firewall should go beyond a simple packet filter, because for more complex attacks it is not enough to block certain ports, but the content of the individual data packets should be analyzed.
    2. Virus protection: Virus protection should be installed on all end devices that work with the system. It happens amazingly fast to end up on a phishing site or to download a malicious file. To prevent this malware from executing and infecting the entire system, virus protection should be installed on every end device.
    3. Second factor: Besides using strong passwords, it makes sense to use the second factor, which makes authentication much more secure. Especially in areas that are important to protect, e.g. remote access, a second factor should be mandatory. Even if an employee loses his password in a phishing mail or the attacker can guess the password, he will not gain access to the system thanks to the second factor.
    4. Access rights: In most systems the access rights are tied to the user account. In large systems, this means that there are countless accounts, some of which have been given more permissions than you are actually entitled to. This can make it easier for attackers to penetrate the system, for example by “phishing” an intern whose account has many permissions. The solution is Access Right Management, which can ensure that the activities of user accounts are monitored in real time to detect possible attacks at an early stage. This real-time monitoring is a smooth transition to the 2nd phase of the protection options.

2. Detection

Despite good prevention, there is no 100% protection against an attack. Since companies should always assume that they are potentially under attack, it is important that there are protective measures against hackers who can detect an ongoing attack.

    1. SIEM systems: The best solution to detect an attack is a Security Information and Event Management (SIEM) system. Such a system analyzes all data of software and hardware components of the system. If all activities are recorded and analyzed in real-time, many attacks can be detected. However, this method is not sufficient, because a SIEM system needs to be continuously developed. Attackers develop new methods every day to attack undetected. So that also the newest
      attacks can be detected, the SIEM system has to be continuously developed further.
    2. Honeypot: A honeypot is a system that wants to be attacked. A company places a system that is insecure in its own network. This system is only there to attract attackers who are reported afterwards. A popular strategy is to disguise a honeypot as a backup server, because these servers are usually the first to be analyzed in case of an attack. As soon as the honeypot notices that a foreign system wants to read files, it reports an alarm and the cyber attack can be detected at a very early stage.

3. Reaction

There is only one response to this and that is data backup. This is often the last resort for many companies. If an attacker has already started to encrypt all hard disks, the only option left is to back up all data and then try to roll it up in a new system.

Basically the three upper phases are all important protective measures against hackers. In addition to the preventive phase, the reaction phase should not be forgotten, because every company should at least have a plan what to do when an attack is already in full swing. The past shows that there are more and more cyber attacks, so it is important to deal with such measures.

There are countless other protection measures against hackers, but in our experience, the above mentioned are among the most effective and affordable solutions for every SME.

Photo of author

M.Sc. Jan Hörnemann

Hello dear reader, my name is Jan Hörnemann. I am a TeleTrust Information Security Professional (T.I.S.P.) and have been dealing with information security topics on an almost daily basis since 2016. CeHv10 was my first hands-on certification in the field. With a Master of Science degree in Internet Security, I have learned about many different aspects and try to share them in live hacking shows as well as on our blog. In addition, I am active as an information security officer and have been qualified by TÜV for this activity (ISB according to ISO 27001)