The cyber threat landscape has vastly changed in recent years, and the apparel manufacturing industry is seeing a large uptick in cyber-attacks. These attacks are costly, ranging from around $50K on the low end to as high as $2M in immediate damages, including the impact to operational productivity when a target is unable to ship product for several weeks. According to Cybersecurity Ventures, cybercrime damages are predicted to cost the world $6 trillion annually by 2021, up from $3 trillion in 2015. Global ransomware (one of the fastest growing types of cybercrime) damage costs are predicted to hit $20 billion in 2021, up from $11.5 billion in 2019. Ransomware attacks saw a 350 percent increase in 2018, according to one estimate. Cybersecurity Ventures expects that businesses will fall victim to a ransomware attack every 11 seconds by 2021, up from every 14 seconds in 2019.
To understand the problem, you must first understand the cause. There are two primary causes of cyber-attacks:
1. Credential stealing via “phishing”, which is the fraudulent attempt to obtain sensitive information or data by disguising oneself as a trustworthy entity in an electronic communication
2. Breach of systems that are not properly secured
Protecting against any and all potential attacks is a complex process, but below are some basic areas to address as a best practice:
Educate your users
A common way for cyber hacking to happen is via email. Emails are being sent to users which seem to come from recognizable vendors such as Microsoft, Zoom etc., in which the recipient is prompted to reset a password. These emails direct users to a phishing website, where they inevitably enter credentials such as a username and password, which is immediately received by the attacker who will then use that information to access your systems. To protect against phishing, companies must establish clear protocols with email users:
• Inform users of the dangers of clicking links in emails or opening attachments they aren’t expecting and ask them to forward anything suspicious to your IT team. Remind all users regularly of the importance of being vigilant and their responsibility to help protect your company from the potential impact of a breach.
• When onboarding new staff, provide very direct instruction on the dangers of opening or engaging with the wrong email.
• Send fake phishing attacks into segments of your users, then educate the people who still fall for it, do this quarterly.
Add rules server-side
As an added step to educating users, companies may want to add rules to their mail servers to quarantine emails or add “warning” headers to inbound emails.
• Add a warning header to every inbound email alerting recipients that the email is not from within the company, and reminding that that, before clicking any link or opening any attachment, they should contact the sender or IT support to confirm that the email is legit.
• Add checks for impersonation attacks: Each inbound email should be checked against the company’s complete user list – if a name matches, a header can be added to the inbound mail with a warning that the email is potentially an impersonation.
• Add extra checks for any email purportedly from a vendor, such as a verification check to confirm that the email is being sent from a legitimate source.
• Block emails from free top-level domains such as .tk, .ga, .ml.
• Enforce SPF and DKIM policies – either tag or don’t deliver emails that fail
However, monitoring email alone is not enough. Best practices include a look at other channels that may create opportunity. Bad actors will use a multitude of platforms for phishing and may even target individuals on multiple platforms at the same time. For example, a user might receive a phishing email with an attachment they would be interested in, and at the same time, they might also receive a message on a social media account (Twitter, Facebook or LinkedIn, etc.) referring to the email and further enticing the recipient to check it, and the cyber-criminal might even take the bold step of looking up the recipient’s phone number and giving them a call to ask them if they received the email and to prompt them to open the attachment. Contact details and social media profiles are more readily available online today than ever before and a very clever hacker might be able to reach a recipient simply by calling a company’s switchboard. The more steps someone takes to make an attachment appear legitimate, the greater the likelihood that a recipient will ultimately open it and in doing so, compromise the company’s entire network.
Breach of systems that are not properly secured
Secure your backups
Backups should only be accessible one-way, and be away from everything. The set-up should ensure that backup server can access the machine being backed up, BUT the machine being backed up cannot access the backup server. Additionally, the server should be in a different physical location to the data being backed up. If the network is breached, the backup server could be scanned, flaws could be found, and the backup server could be breached and erased. In fact, this is a common scenario with crypto attacks. Generally, having the backup server in a separate physical location is a sound practice. If there’s a fire in the building or a natural disaster at the office, the backup server is at risk for damage or destruction.
Know what you have and control it
Install an agent on every single computer that can a) pull data from any machine at any time, b) install/uninstall applications, c) review these systems, and d) shutdown systems that are no longer in use.
Have a patching strategy
Once you’ve identified all your systems, make sure they are always up-to-date. Use the agent to enforce updates and reboots and to alert you if systems aren’t adhering to the policy.
Have a firewall strategy
Ensure all servers and workstations only have the necessary firewall ports open. Use your tool to identify any systems that are not adhering to policy.
Identify and minimize your endpoints
What systems are open to the internet? Do you know? If there are open systems, they need additional policies in place, such as faster patching or a web application firewall. Systems open to the internet should be kept to a minimum. If your users aren’t responsible for a breach, one of these endpoints most likely will be.
Close down direct RDP Services
Remote desktop is vital for many organizations, you should continue to use it – but all users should go via a gateway rather than directly to an RDP machine.
Use a safer password policy
We know passwords can be cracked easily, so having a memorable longer password or even a phrase is key – one that the user will not have to write down to remember. Using biometrics where possible is even better. It’s important to note that enforcing password rotations leaves us with poor passwords because users will nearly always just add “1”, or “2”, or “!” to the end of an existing password.
Audit your accounts
When a user leaves your organization or a service is removed, disable all associated accounts. Your team should run regular audits to ensure any and all accounts belong to something or someone. If an account is for a service and not a user, make a note of the associated service so it’s easily identifiable when you remove that service.
Use next-gen anti-virus protection
Solutions such as CrowdStrike allow your system to join a large security cloud which updates quickly when new 0-days are found. Anti-virus solutions also monitor what is actually happening in real-time when an application runs. If an application is performing actions that look suspicious: escalating access, scanning multiple machines, or renaming multiple files. Cloud security platforms will raise an alarm and do their best to stop suspicious activity.
Aim for a Zero Trust security model
It is best practice to assume a bad actor is already in your system one way or another, and rather than relying on a ring fence approach (a firewall surrounding everything with nothing in the middle), configure every system so it’s as locked down as possible, educate the users to be wary, and ensure the user experience is as easy and safe as possible.
(Zero Trust is a very in-depth concept. More information on Zero Trust can be found here)
The Exenta Difference
Manufacturers and distributors are being actively targeted by cryptolocker attacks, don’t be the next one hit!
At Exenta, we are passionate about our customers and our goal, every day, is to ensure that our customers fully experience the impact our robust, industry-specific solutions have to not only streamline operations and increase revenue, but also deliver a higher-level of job satisfaction and work-life balance to your entire workforce. Our approach to training and support is second to none. In our many years of operation, we have replaced every known competitor, but have never been replaced by one.
Exenta is supported by a dedicated support staff, ensuring you have one point of contact for any issue, backed by our team’s deep expertise guaranteed to resolve any issue quickly. We see every inquiry through to a satisfactory conclusion. At Exenta, we offer 24/7 personalized support to help defend your company against cyberattacks. Experience the Exenta difference today.