How To
How to Protect Your Business from 2019’s Worst Hacks and Vulnerabilities
“Those who fail to learn from history are condemned to repeat it.”
It is critical to learn from yesterday’s vulnerabilities before they become tomorrow’s hacks. It is through this lens that we look back on some of 2019’s worst hacks and vulnerabilities.
BlueKeep Vulnerability
On May 14th Microsoft revealed a security vulnerability so severe that it took the unusual step of releasing a patch for Operating Systems which it no longer supports. The remote desktop vulnerability known as BlueKeep impacts Windows XP, Windows 7, Windows Server 2003, Windows Server 2008 and Windows Server 2008 R2. The vulnerability requires no interaction from an end user so once a machine is infected it can quickly spread to other vulnerable systems within the network.
It is imperative that organizations not only employ automated patch management solutions, but also have the capacity to audit and report on patch deployments. With Windows 7 and 2008 reaching their end of life date on January 14, 2020, it’s important to replace them with modern operating systems like Windows 10 and Windows Server 2019.
Amazon S3 Bucket Leaks
2019 was a year of massive data leaks affecting companies such as Capital One, Netflix, TD Bank and Ford. These leaks occurred when bad actors discovered misconfigurations that allowed public access to data stored within Amazon Web Services, or AWS.
The public Cloud is a powerful resource that has and will continue to transform all facets of technology. However, many organizations lack the internal expertise to deploy a public Cloud solution that adheres to cyber security and data integrity best practices. A trusted partner like Thrive has teams of dedicated Cloud professionals that can help organizations develop a Cloud migration strategy that securely meets business goals.
NASA Hack Due to an Unauthorized Device
A report published in 2019 detailed a breach of NASA’s Jet Propulsion Lab (JPL) that resulted from an unauthorized device connected to its network. Hackers used the device to gain deeper access into the JPL networks and steal sensitive data related to the Mars rover missions.
Several cyber security best practices could have helped to prevent this hack.
- Network Access Control (NAC) solution: A NAC can automatically segregate unauthorized devices into an isolated network.
- Implement Proper Network Segmentation: Proper network segmentation can contain the breach and prevent a compromised device from gaining access to other resources.
- Security information and event management (SIEM) solution: Once a device begins attacking the network a SIEM can detect the activity and alert the appropriate IT resources.
Protect your business from 2019’s vulnerabilities and defend your data from 2020’s hacks. Contact Thrive today to learn about the best solutions to compliment your cyber security platform.