According to Nick Roberts of DefenceStorm, the most common way that hackers gain access to a network is by stealing valid login credentials. This is done in large part by phishing emails, which include ransomware 93 percent of the time. One of the biggest problems exists with misconfigured or outdated machines. Roberts says, “If you’re not updating those machines or you’re not configuring them properly, they’re going to get exploited.”
Another expert from DefenceStorm, Michael Oldright, suggests that if your firm has limited resources devoted to updating technology, you should segregate your outdated systems into their own VLAN or network segments. In addition to this, firms should limit internet access on outdated machines and increase patch update frequency.
One new tool that is being used to spot criminals who are using stolen logins is anomalous activity detection that can build a baseline for use activity so it can identify suspicious activities that break normal trends. For instance, if a user is logging in during the middle of the night when they are typically only logged in from 8-5, an alert will be triggered. It is important that firms run regular tests on their networks to assure that they are as best protected as they can be by running vulnerability tests to find possible weak spots in their security.