Five Steps to Keep North Korean Hackers Out of Your Network - Page 2

“I’ve done a demo for years using an infected mobile phone to attack other systems in the network and exfiltrating the connection via text messages (mobile modem) so it never crosses the perimeter. Every way devices communicate that isn’t being monitored is a big threat for data loss,” Weidman said. This means that you must lock down your mobile phones and other external devices.

3. Use application whitelisting, so that any application that’s not on the list cannot run. This would prevent malware from running even if it’s in your network. You can perform application whitelisting on servers and on endpoints, but you may not be able to run it on IoT devices. So it’s an important to keep those secure using other means.

4. Keep patching religiously. “That doesn’t mean just the OS,” Sjouwerman said. He said that it’s critical to also make sure that all applications are patched, because hackers can easily penetrate a system via a compromised application. Sjouwerman recommends using a tool to verify application update status such as Flexera Personal Software Inspector for personal use. There’s also an enterprise version called the Flexera Software Vulnerability Manager. You must also patch your network infrastructure equipment, including switches, firewalls and network appliances. The Flexera products ease the burden for applications by scanning every application on your computer or on the network and comparing them to a massive database. Then Flexera updates or patches as required. But you must still have someone with the specific task of patch management for network devices and infrastructure.

5 Really train your staff to detect and respond appropriately to cyber-threats. This means repeatedly training your staff in detecting a phishing email and in what to do when they find one. Nearly all of the recent major breaches affecting enterprises have begun with a phishing attack. While there are security appliances that can find some of those phishing emails, attackers are getting very sophisticated in how they create their attacks. So it takes a sharp eye, but it’s worth the effort. Weidman said that the one thing that makes her penetration testing difficult and which would make an attacker’s attempts difficult is a prepared victim. She described the people who don’t become victims. “People who don’t fall victim to phishing attacks at all,” she said. “I know I’m dreaming but if a target really had it together about phishing and not just email—but SMS, social media like Twitter, messaging apps like WhatsApp, etc. that would be a big deterrent.”

This sounds like a lot of work and it is. In fact, Sjouwerman says that to be really effective, one third of the total IT budget must be allocated to security if you really want to protect your enterprise.

But it’s important to remember that the current threat from North Korea isn’t after your money or even your intellectual property. The current target is your network itself. The plan is to turn your network against you and use it as a weapon in a cyber-war.

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...