Don't make it easy for an Attacker!
After many years of practicing as a security professional, advising clients of all sizes and industries, one thing that still surprises me today, is the high number of companies that are still not taking some very basic steps to improve their security posture……. Thereby making it much easier for attackers to learn about and carry out at will, a range of attacks against an organisation’s valuable information assets.
?Isn’t it time you did something to make Attackers work much harder to learn about and gain access to your organisation’s information assets?
For example, regularly applying security patches would stop an attacker using the vast majority of existing exploits, leaving them with the options of either discovering or purchasing a zero-day, which is much harder! Let’s face it, a lot of attackers are opportunists and will move on to the next company if an organisation is harder to attack.
Enabling DMARC to combat phishing attacks, end users and companies have all suffered from spam and phishing on the Internet. So why do we still continue to see the RiskXchange threat detection engine, detect tens of thousands of companies every day that don’t have DMARC enabled? By not having this enabled makes it very easy for an attacker to carry out phishing attacks against an organisation.
Enabling HTTPS across all areas of an organisation’s web application and especially the areas where you collect usernames and passwords, will make it much harder for an attacker to gain access to confidential user or company information being collected via web forms.
I could go on with dozens of examples, but I’m sure you get the general idea.
There are numerous basic steps that if taken, would require a Malicious Attacker to put much more effort into their attack – exactly the type of effort that in the real world, would push an attacker towards much easier targets.
You might wonder, if these steps are so basic, why aren’t they common practice across the thousands of organisations that we see every day? The simple answer is that there is a fundamental prerequisite for executing these basic controls, that many organisations lack: Visibility.
Visibility to see how your Email and DNS services are configured, how many public facing services are still using old and unpatched applications, or how many of your web applications are leaking confidential company or customer personal data. After all, you cannot secure what you cannot see – but it’s what you can’t see that Malicious Attackers can see and target the most on a daily basis.
Get Visibility and see what an Malicious attacker sees!
That’s why we built the RiskXchange Free Threat Assessment – a free offering, open to all organisations, providing immediate visibility into everything - which is basic, yet tremendously impactful: insecure hosts, company information being leaked and insecure applications and much more.
A seamless process, with zero interaction from the assessed, can empower any organisation to make the life of whoever attacks it harder.
Much, much harder.
Learn more about the RiskXchange Free Threat Assessment HERE