Defend Against IT Security Threats

Posted by Mark Williams on 17 December 2019

Defend Against IT Security Threats

IT Security and Cybersecurity will continue increasing in importance across the IT landscape throughout 2020 and beyond. We have listed the three key things that we believe every IT Manager or IT Security Professional should know.

  1. Malware Types

    There are three common forms of malware (malicious software); a trojan horse, a worm or a virus. Every piece of malware is a combination of one or more of these common forms.

    A trojan horse is malware which claims to be something it is not in order to run. It does not replicate and relies of humans falling for the trap to run its program. A worm is a piece of code which spreads itself and a computer virus is malware that hosts itself inside other files, software and in storage to replicate.

    It is important to understand these three forms of malware because if you happen to find one on your systems you can research how it is made and then investigate how it could have infiltrated and spread in order to take actions to mitigate future threats.
  1. Root cause exploits

    Each year there are thousands of new software vulnerabilities and millions of unique malware programs. However it is only the root cause exploits that allow each of those into an environment – and there are just 12 of them. If you were to stop the root cause exploits, you would stop malware. Here are all 12 listed below:

    - Physical Access
    - User Error
    - Insider/partner/consultant/vendor/third party
    - Denial of service
    - Misconfiguration
    - Data leaks
    - Eavesdropping/MitM
    - Password attacks
    - Social engineering
    - Malware
    - Unpatched Software
    - Zero-days

  2. Essential Defences

    Almost to help mitigate all or some of those root cause exploits, here is a list which we would consider good practice to implement, regularly review and test:

    - Logging (Including network level and administrator access)
    - Intrusion Detection
    - Authentication
    - Encryption/Cryptography
    - Secure Configurations
    - Antivirus
    - Firewalls
    - User Awareness Training
    - Patch Management

If you need assistance in completing a full security audit of your IT estate, or you would like to hear more on what a full security audit includes please contact the Pensar team.
Security and Compliance