Today we are talking about the top reasons your company gets hacked.
Human error leads the top of the list with two big mistakes that can lead to being hacked: social engineering and improper set-up. Falling for social engineering can lead employees to expose information that they shouldn’t have and improper configuration can create vulnerability. Social engineering can expose internal vulnerabilities which may lead to a cascading series of mistakes which can result in hacking. This is why we always promote layered security. Dropping in firewalls or one piece of equipment is simply not enough – especially if mistakes are made during set-up. Installing one firewall incorrectly could be worse than no firewall at all.
Third, is process and structure over time. Setting the equipment up but not having the processes and the follow-through to keep them up to date, to monitor the logs – (as in an IDS system or SIMS) if you don’t take corrective action then you have wasted money on those tools to mitigate threats, prevent hacks and respond quickly when you have been hacked.
To summarize, you need a combination of technical skill and know-how, a product or set of tools to solve the problem and you also need process and structure so that the other two components don’t go to waste.
As the potential to be hacked keeps growing and the complexity of systems and architectures continue to grow within the IT space you need a robust team diversely represented by consultants, experts and cloud providers to ensure your protection in the cloud under their knowledge and expertise.
Think you’re un-hackable? We think you’re wrong.
But what steps does RackTop take in our cloud to mitigate some of these security risks and specifically how do we prevent being attacked? While we won’t share all of our counter-measures and secrets in this space we have network security layers with firewall intrusion detection, we monitor and audit logs, we look at activity, we provide careful and cautious delegation of authority and roles and access controls from the system administrator perspective so that one rogue user is not able to take down the system. We implement all of the best practices to spot an adversary and to respond to potential threats.
In our cloud, protection begins with a secure, private cloud – as opposed to a public cloud that lets anyone in. This one first step is the cornerstone to building multiple-layered defensive protection.