Smart Honeypots are ideal for detecting the ‘scanning behavior’ of people, malware or ransomware, completely passively, wherever it is needed. At the center of your network.
Over the past few months, there have been plenty of examples of IT incidents and data leaks. The majority of these incidents originated internally. Think of (former) employees or parties you are doing business with who have access to certain parts of systems and/or networks.
As the head of a company, the director is often in the ‘spotlight’. This makes him or her an ideal target because there is a lot of information about this person that is easy to find. For example, through spear-phishing (attack aimed at a specific company or person) or social engineering, attackers show that not only the shop floor but also, or perhaps even more so, the boardroom is an obvious target.
A small piece of information may be enough to launch an attack. The Personal Assistant at almost all companies has access to often sensitive information about board members or, for example, the Supervisory Board. This includes information about processes, systems, log in details, financial information, and secret files. This makes them valuable targets for those with malicious intent.
They are important and your company probably depends on them, suppliers of services and/or goods. They are not only there for your product but more and more often also to keep the internal affairs of the company running. We have learned from a number of major hacks in the past that these suppliers are not entirely harmless. Every access a supplier has, either physically or via a connection via the inter- or intranet can be potential access for malicious parties. It is therefore very important that companies give these suppliers controlled and limited access.
It is inevitable, for various reasons there is a turnover of employees and suppliers. However, when leaving, there is a large, and underestimated risk. In the course of time, the departing party has most likely gained access to certain systems and has often made use of the company’s hardware. It is of utmost importance to immediately take in hardware, remove profiles and close down any other way of access. Skipping one of these steps or waiting too long between the departure and the closing of access makes one vulnerable to an attack.
Not every company has the possibility to have all knowledge and skills in-house through permanent staff. It is not without reason that there is an abundance of ‘consultants’ in all shapes and sizes. People who do work for you, but are not always on location and do not have a ‘real’ bond with the company. They are therefore not a permanent part of the company. Particularly in the field of IT security, these consultants bring products within the organization of which, logically, the exact operation is not known. The consultants are therefore likely to have far-reaching access to systems, which is why it is very important to review these types of products and their suppliers.
It’s easy to deploy employees at peak times or because a large project needs to be completed. In some sectors, these temporary employees are used on a regular basis. This is also the case in the IT sector, with all the associated risks. There is a good chance that they will have temporary access to online systems, for example, the HR department, but also other portals where data is stored. They may even receive hardware such as a laptop or smartphone to carry out their work. The ease with which these temporary employees gain access to systems is a major risk.
The ‘Cloud’, every company uses it, big or small. In general, we live under the assumption that when we send our data to the ‘Cloud’, it reaches it safely and is stored therein in a secure way. In reality, of course, you just send your data to a server somewhere, usually at an unknown location. Transferring data to the Cloud increases vulnerability and therefore the risk of an attack. The connection to it and the server itself are a nice target in themselves. Those who have to manage the Cloud infrastructure get more and more important privileges. This employee gets deep and broad access to the company’s information, making him/her an interesting target for hackers.
The smart Honeypots of DeepBlue Security & Intelligence are passive, have a low management load, and do not generate False-Positives. They are the perfect addition to already existing security measures and indispensable in any network. For more information, please contact us at info@DeepBlueSecurity.nl.