By Lothar Geuenich, Regional Director Central Europe/DACH at Check Point Software Technologies
Lothar Geuenich, Regional Director Central Europe/DACH at Check Point
“The geopolitical situation undoubtedly shows that wars are no longer fought only in the analog world, but increasingly in the digital world. Companies and organizations that at first glance are not geographically or politically directly involved are also targeted by cyber attacks. Managers in IT security departments have to adapt to a number of attack types, while, and this is essential, they always remain in close contact with law enforcement agencies, intelligence services and computer emergency response teams (CERTs), also called incident response teams. The motto is always: prevention instead of reaction. Responding means that an attack has already been successful and damage control is now being carried out. Instead, however, companies can resort to a series of best practices that can intercept various types of attacks, in the worst case, then represent valid initial measures and, if a breakthrough has already been made, minimize the damage.
DDoS attacks are among the most frequently reported attack types. They cannot always be prevented, but there are measures that can significantly mitigate them. These include special intrusion prevention signatures, operating system and gateway configuration settings, automatic management responses, as well as commands for dynamically blocking attack sources. If you want to fend off DDoS attacks completely, a so-called perimeter attack mitigation device is recommended. This is able to protect companies from new network and application threats. In addition, a number of measures should always be on the checklist: protecting the infrastructure from network and application failures, identifying and closing application vulnerabilities, preventing malware distribution and network anomalies, and securing against information theft. In addition, an all-round protection against any other kind of attack is included. This lays the foundation for a defense-ready IT environment. In the case of DDoS attacks, you are very well prepared and remain able to act even in the worst case.
With the special topic of ransomware, you should first start with the gateways to prepare. Intrusion prevention systems (IPS) should be configured in such a way that attacks are really prevented and detected. The next step should be to check the gateway, management and threat prevention configurations to maximize protection and performance. This includes an optimized threat prevention policy and the activation of HTTPS inspection for encrypted traffic. In addition, well-known measures that are always recommended in the business and private environment provide additional security: regular updating of the systems and ongoing data backup.
Apart from that, complete IT security only begins in the technical area and only ends in the mental area. In order to keep threats such as misinformation and phishing out of the system, it is necessary, especially in the increasingly hybrid work environment, to provide employees with sufficient information so that they learn: How do I identify phishing attempts? Which threatening emails and text messages belong directly in the trash? How do I recognize damaged files and attachments? In this way, the employees form their own very important and robust line of defense and develop an awareness of IT security – this applies, by the way, up to the board.”