If you've seen a good heist movie where the character robs a bank or other establishment you know that reconnaissance is a crucial step in the process of breaking in. Casing the place and finding weak points in security, monitoring guard changes, getting floor plans may be common steps you see in blockbuster heist movies. The terrifying fact is that when it comes to cyber criminals the process for infiltrating an organization's IT infrastructure is not dissimilar to something straight out of Hollywood. Understanding how hackers stake out and do recon on your organization is an important step in increasing your security posture and protecting your data.
The concept of reconnaissance or "recon" in the cyber security sphere refers to the process cyber criminals use to find weaknesses in your network in order to gain a foothold into your organization. There are multiple tools hackers can use to crack your system and poke at holes in your security. This can range from publicly available information about your organization to technical weaknesses in your company's firewalls or IT systems.
So what exactly are cyber criminals looking for?
One of the first things cyber criminals may look for is what type of technology your business is utilizing. This could include what OS your company works with, the software applications employees utilize, are resources used to host public web servers. Because every software or application comes with bugs or faults, understanding what your organization uses day to day can help hackers find a starting point to press your system from. This is why it's important to keep all of your applications up to date. While updates may seem inconvenient or a nuisance they may contain important security updates regarding a flaw in the applications security.
Additionally, hackers can do quite a bit with publicly available information. For instance, public facing servers such as an HTTPS web server may contain multiple vulnerabilities if ports are left unsecured due to incorrectly implemented protocols. A solution to this issue is making sure that all ports into your private network are secured behind a proxy server or firewall.
Luckily, CorpInfoTech can help in the implementation and maintaining firewalls and network security! However, public servers aren't the only things criminals can utilize through publicly available knowledge. Contact information readily available on the internet can give hackers a target for sophisticated phishing and social engineering campaigns. Sending links containing executable malware through email or other means is an effective way for cyber criminals to access our network. An effective way to combat this is to make sure all employees undergo security awareness training to accurately spot a phishing attempt or suspicious request.
Another important piece of information hackers look for is login credentials. Because effective usernames and passwords are your first line of defense in securing applications or logins. If hackers get a hold of your password they may have a one way ticket straight into your system. This is why it is important to practice good password hygiene as well as frequently change or update login credentials.
While there are many other types of information cyber criminals look for when doing reconnaissance on your business, these are some of the biggest weakest links in an organization's security posture. But how do you even know if your organization is being probed?
If you've effectively implemented tools to monitor your system for unauthorized traffic it should be fairly easy to know if criminals are doing reconnaissance on your organization. Firewalls and other detection tools can help alert you if it believes there is an unwanted intruder peeking around your network. While knowing what protocols to use and what systems to implement can be difficult, CorpInfoTech offers managed services to monitor and address malicious traffic in and out of your network. While it can be easy to spot active recon it may be impossible to stop hackers from passively collecting information on your business.
Oftentimes hackers will seek out publicly available information such as contacts, social media accounts, vendors that may be unsecured. While there is no effective way to control this type of reconnaissance it can be mitigated by making sure that all of your 3rd party vendors and clients are secure to avoid supply chain attacks. Additionally, creating a culture of personal and business password hygiene will help tremendously in securing public facing accounts.
Once again it is important to know that CorpInfoTech is here to provide managed services and IT security for small to medium sized businesses. If you are worried that hackers are doing reconnaissance on your organization then feel free to contact us today!
CorpInfoTech (Corporate Information Technologies) provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. CorpInfoTech can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.