How to Combat and Recover From APTs
Rather than target a mass audience, Advanced Persistent Threats zero in on specific individuals, who, if compromised, can be used to advance the goal of the attack.
Leverage the cloud and use mail filtering and antispam solutions to remove potentially infected emails or attachments before they get to your network. Use Domain Name Services security products that have a real-time database of spoofed and compromised services.
Conduct penetration testing regularly. Install intrusion detection and intrusion prevention systems over and above standard firewalls. Regularly audit firewall and Security Information and Event Management (SIEM) logs for anomalies.
Train and educate users about security protocols, implement BYOD and VPN policies, and have C-level executives back policies. Visibly enforce these policies and make sure users are trained for the latest threats.
Deploy and maintain antivirus, firewall, whitelisting and sandboxing/containerization technologies. Keep software up-to-date through patching.
Encrypt your data at multiple checkpoints. Encrypted data is useless to the cyber-attacker.
Back up using three methods: File backup to off-site storage for organizational recovery. File backup to local storage for immediate volume recovery. File backup to local storage for immediate file recovery. Fully test backups by restoring critical data and verifying the data’s integrity.
Domain administrators should not use domain administrator credentials for basic break-fix solutions. All you need is local administration. Rather than run as a system, custom software should have its own system-level account and privileges.
Frequently audit all access control lists. Have you insured that all ex-employee and contractors’ accounts and logins have been disabled or deleted?
There is a critical shortage of skilled and experienced IT security pros. Train system administrators in IT security so that when they accidentally stumble upon an anomaly, they instantly recognize and react to it.