itSynergy: Blog
IT Management Best Practices Hackers Don’t Want You to Know
Proving data breaches really can happen to anyone, the Russian-linked ransomware group Conti was hacked by a Ukrainian cybersecurity researcher in early 2022.
Yes, the hackers got hacked.
The leaked files revealed the IT management best practices that turn the tables on the hackers and put you in control of your business’ security.
5 IT Management Best Practices That Combat Cybercrime
1. Swap out the mental image of a guy in a hoodie
You’ll never defeat cybercriminals with the wrong foe in your head. Conti is not a guy in a hoodie sitting alone in his basement, crouched over his computer.
Today’s cybercriminals are professionals
They work for criminal organizations, like Conti, that are structured like any business. It’s a sophisticated, multidepartment environment.
2. You can be a victim without being a target
The leaked messages from Conti confirm that cybercriminal organizations rarely target specific businesses. The team at Conti tasked with gaining access knows they have a low success rate – probably around 2%. So, they cast an incredibly wide net and are happy with whatever business they capture.
3. Install tools the hackers hate
The leaked chats show that as the hackers tried to gain access to different organizations, they’d collaborate and discuss roadblocks. One software repeatedly came up as problematic: Carbon Black.
We started recommending Carbon Black in 2019 and made it a requirement for clients in 2020
Having a close partnership with a cybersecurity-focused partner will help you select tools that frustrate hackers and preserve your digital security.
4. Plan for each phase of attack
Just like your business, Conti has departments. Except instead of a marketing team, they have specialists focused on breaking into as many organizations as possible. Once the initial access team gets in, another department takes over. Specialists are involved at every step. To effectively defeat these specialists, have a response for each phase of an attack.
1. Prevent initial access
At organizations like Conti, an entire team spends its day trying to solve this problem: How do I get in? How do I get someone to click?
If you only have antivirus, their day will be a cakewalk.
We’re not saying ditch your antivirus. It has a place in your layered cybersecurity solution, but it can’t be your only line of defense. In addition to your antivirus and firewall you’ll want to:
1. Turn on multifactor authentication (MFA)
2. Keep patches up to date
3. Educate your team on the latest phishing tactics and cyber scams
4. Incorporate the most effective tools, like Carbon Black, into your layered security plan
2. Minimize damage from “land and expand”
If a criminal does slip past your defenses, they turn their focus to accessing other devices and files in your system – aka “land and expand.”
Exploiting known vulnerabilities is easy and effective for a criminal. Once they’re in your environment, the hacker will run a tool that scans your systems. It’s an automated process that presents a report of your vulnerabilities. The criminal is then free to choose which system they’ll exploit so they can:
- Impersonate you or your employees
- Destroy files
- Extract money and client data
- Hold you ransom
Staying up to date on patches cut off this opportunity for hackers by resolving known issues that lead to security gaps.
3. Limit what they can steal
Data leakage protection prevents information from leaving your environment. Working with your cybersecurity partner, you set out parameters. For instance, you could say any document with a social security number or bank account information can’t leave your environment. If a criminal does digitally extract it, they won’t be able to access the information because it’s encrypted.
Another option is to have an automatic alert any time a large amount of data leaves your network. The alert can then be reviewed by your IT security experts who will decide if the threat is legitimate or not.
4. Protect yourself against ransomware
A thoughtfully architected backup and disaster recovery plan is insurance against ransomware. The right solution will:
- Help you quickly recover lost data so it can’t be held for ransom.
- Be set up and stored in a way that prevents hackers from gaining access when they infiltrate your system.
5. Evolve with the hackers
Hackers are criminals. They’re also professionals who are devoted to their craft. Many take a methodical, scientific approach. They’ll subscribe to the tools and software you use to defend your business. Through close study and reverse engineering, the criminals find ways to beat it.
Update your defenses
Regularly talk to a security-focused IT consultant about which cyber tools provide the highest degree of protection for your business.
Organized Cybercrime Could Become More Lethal
We’ve already talked about how cybercriminals are always looking for ways to be better at their jobs, but there are 2 other ways organized digital crime can evolve into an even greater threat.
1. Additional funding and resources
Right now, Conti is linked to the Russian government. That could change tomorrow. Another government or different criminal organization could step in to provide funding and resources.
2. Resolving management problems
Conti’s internal messages detail staffing and personnel issues that will feel familiar to any business owner. Turns out cybercriminals aren’t the most accountable or reliable employees. If they manage to hit on a model that decreases turnover and increases stability, Conti could unleash even more sophisticated attacks.
Stay in Control with IT Management Best Practices
It will take a lot more than publishing a cache of messages online to bring down Conti or any other professional hacking group. The organization is decentralized. Even if a law enforcement agency manages to shut down part of the infrastructure, Conti will be able to pop up in a different location, later.
Don’t sit around hoping you avoid their wide net
Get help from a security-focused IT partner. They’ll work with you to create and implement a plan that follows IT management best practices to keep your organization secure.