Data is one of the most valuable assets a company has, but it’s also extremely vulnerable to attacks. In this article we’ll take an in-depth look at how companies can protect their data from cyber criminals and other bad actors who want access or possession for unethical purposes such as spamming people on social media accounts with false info about deals they have going live when really there wasn’t anything worthwhile happening just so you would reply back with your information, or to make you think they are someone else so you flag them as spam in their email account which will ultimately lead to them losing business.
So how do companies protect themselves from attacks? Well the answer is not very simple because each company has its own set of data that needs protection, but there are some things that have been proven effective time after time again. This article will cover what those practices are and why they work plus provide example cases of where they helped put a stop to attacks on businesses big and small!
Security Through Obscurity – The theory behind this practice is by hiding something away, it becomes less likely for it to be discovered since most people are lazy or don’t want to go through too much effort to get what they want. The problem with this practice is that the attacker only needs to be more motivated than you are in order to succeed.
The Pros – This method of security has been proven to work even when thought of as the lamest form of security. If it’s all you got, use it!
The Cons – You are putting your faith into an adversary who will stop at nothing until he succeeds. It may work for a while but eventually someone with enough motivation can find out how to access what you’re hiding and exploit it for their own gain or amusement while hurting your business in the process. Access Control – Like I mentioned earlier, there are many different types of businesses so each has its own set of data that they must protect. Each of these businesses will have their own unique need for access control based on what data is being protected.
To determine the potential solutions to the problem at hand you’ll need to know exactly who your adversary is, be it internal or external, and prioritize your assets based on value in case the adversary succeeds. Just like so many other problems in Information Security this one has multiple solutions with varying degrees of success depending on who your adversary is and how intractable they are trying to be during their attack. Unauthorized access attempts fall into two categories, either via legitimate credentials that were compromised (see password spray attacks) or by illegitimate but clever methods that bypass standard security (password guessing attacks). If the system requires authentication before accessing anything of value it is customary to implement specific methods for authentication before granting access. For some systems this might be a simple username and password approach while others require something more complex like One Time Passwords (OTP), Security Questions, or Biometric authentication. Regardless of the method required to properly authenticate on your system there are steps that can be taken to limit the damage in case an unauthorized person manages to do so. The first thing you should always try is blocking direct access attempts after more than three unsuccessful logon attempts on an account using something like Account Lockouts . This prevents any remote client from cycling through every possible permutation of user credentials until they get lucky enough to get Access Control Lists (ACL) on various high value assets.