Introduction

With Devices, PC's and Tablets becoming ever more numerous it is becoming necessary for all users to perform basic security administration functions. Individuals can no longer depend on automatic default configurations to maintain a personal secure digital environment. Today even the least technically savvy user must begin to practice basic Cyber Defensive tasks to keep their personal systems and data private.

Cyber Defense 101 - For Beginners

Like all applications on defensive measures, Cyber Defense begins with a mind set or philosophy. This philosophy is grounded in the firm understanding that everyone who uses computing devices is a target. No longer can anyone say with certainty that “they are too small or too unimportant to be a target”. In fact many small businesses across the world are finding themselves targeted more as larger corporations establish sophisticated security defenses.

Being a hacking target is one thing. But it is also hard for the average user to know where to concentrate any defensive measures. In large corporations, Security Risk Management efforts now quantify a scored hierarchy of importance. Then after the hierarchy is established security defensive measures are applied to the most critical systems first. Individuals can do this scoring as well. But they should score their most critical systems based on what the Hackers are most likely to attempt to exploit.

Key Point – Everyone is a Target of Hackers

What Hackers are after – The Money Goal

In broad terms a Hacker’s Goal is money. They are either after Money directly or Data that leads to money. They want Data to get access to money, Data to sell for money, or Data to use a computer system’s resources to get money. So an individual who is only concerned about their Bank account could concentrate their cyber defensive measures on the one system that has access to their Bank (oh and probably use ONLY ONE system for Bank access too). Given that money is a Hackers primary target. A user can now start to organize their digital life so they do not become a victim of cybercrime.

Key Point – Hackers want money or something easily converted into money

Becoming a less Visible Cyber Target – Not being an easy target

There is an old joke often told among Cybersecurity professionals:

Two men are walking in a forest. Suddenly a large brown bear appears on the path before them. One of the men calmly starts to tie his shoes. The kneeling man’s companion says, “What are you doing? You know you can’t out run a bear!” To which the kneeling man replied, “I don’t have to out run the bear… I only have to out run you!”

Key Point – Eventually Hackers will compromise systems. But Hackers like everyone else are resource constrained. If you as an individual make yourself difficult to compromise most Hackers will stop and go to an easier target

Cyber Defense Guidance

The Australian Signals Directorate Top 35 list of mitigation strategies shows us that at least 85% of intrusions could have been mitigated by following the top four mitigation strategies together. Those Four Strategies are:

Patching Applications
Patching Operating System Vulnerabilities
Restrict Administrator Privileges
Application Whitelisting

What follows is an explanation of each of the 4 strategies above:

[1 & 2] Operating System and Application Updates - Basic Digital Hygiene

For Personal Computers: There is no better high value mitigation than regular OS Updates. These should be set to automatic, but if you suspect your computer is out of date and has Windows OS, simply go to the address below and follow the prompts to see if it needs any critical patches: windowsupdate.microsoft.com

Note: it is VERY important to go to only this designated website above! Many malware vendors will redirect or hamper updates so be cautious

For Applications: The following applications should be updated regularly and manually checked to see if they are still the latest versions.

Web browser
Adobe Acrobat
Adobe Flash
Anti-Virus

For Devices: For Android Based Devices it is good to allow automatic updates to install. While it’s a pain because there is always some widget that needs updating. It’s good to allow the updates to occur and be connected to secure non-public Wifi when doing so rather than over the wireless network providers bandwidth.

For Apple Devices, users are prompted at the Settings icon with a red dot number when an update is available. While it is not common for apps to be hacked on Apple if you have an older app that connects to outside websites (e.g. Facebook) these should be checked to make sure the latest and greatest version is installed.

Are you enjoying this article?? Follow us on LinkedIn and Facebook..

[3] Restrict Administrator Privileges - Keeping the Safety features in place

The reason that Administrator accounts need to be controlled is obvious. Most home systems simply allow “standard users” to operate as an Administrator account, which is a recipe for disaster. In actuality the Administrator account should be used sparingly, so to limit the privilege is an excellent measure to take.

Key Point – Use your computing device in USER mode and leave the Administrator account separate and use it for true administrative tasks.

[4] Application Whitelisting – No Rogue Programs

A whitelist is a list or register of entities that are being provided a particular privilege, service, mobility, access or recognition. Entities on the list will be accepted, approved and/or recognized. Whitelisting is the reverse of blacklisting, the practice of identifying entities that are denied.

For personal computing application whitelisting is not very practical. But the basic principles of Whitelisting CAN be applied manually to yield some protection. Mitigations like manually monitoring process listings to see if any strange applications are running (e.g. Flash post web browser exit). Then ending that process/application if it seems to be running when it is not supposed to.

How to detect if a system is ‘Hacked’

There are many ways to detect if your system is hacked, but baring the use of sophisticated forensic tools a qualitative assessment is best for most users.

Qualitative Indicators of Compromise (IOC)

System runs slow (possibly because malware background processes are running)
System takes overly long to boot (possibly due to Hacker hardware drivers loading)
System makes strange noises as odd times (could be due to malware hardware driver being poorly coded)
System applications do not run as desired (if System Update, System Restore or Antivirus cannot update it is highly probable the system has been hacked)
You find web services such as web searches are redirected to unusual sites (Possibly Malware/Adware compromise)

In general if you have any of the above happen you should contact an IT professional to resolve the problem. If you are doing this yourself you can try to download/install Malwarebytes and scan for malware.

Similarly, on a network level, it is highly advisable to monitor network performance and behaviours for unexpected symptoms. A technical report explaining how to monitor networks for security purposes in more detail can be found here.

Key Point – The only way a non-security expert would know if a system is mostly clean of malware is for an Operating System AND Anti-Virus update to occur without being halted. Since almost all malware disables Operating System and AV updates to keep the initial flaw from being closed

Appendix A

This is an excerpt from the latest United States Department of Homeland Security US Computer Emergency Response Team (US-CERT) recommendations. The guidance below is for additional guidance and information.

US‐CERT recommends that organizations adhere to the following best practices to strengthen the security posture of their information systems:

Develop Intrusion Detection System (IDS) signatures to monitor for the aforementioned IOCs
Investigate outbound network traffic observed over TCP port 53 that does not conform to the DNS protocol
Restrict access or probing of the aforementioned domains and IP addresses
Maintain up-to-date antivirus signatures and engines
Ensure systems are fully patched and updated; employ least-privileged accounts
Restrict users' abilities (permissions) to install and run unwanted software applications
Enforce a strong password policy and implement regular password changes
Exercise caution when opening email attachments, even if the attachment is expected and the sender appears to be known
Enable a personal firewall on agency workstations
Disable unnecessary services on agency workstations and servers
Scan for and remove suspicious email attachments; ensure the scanned attachment is its "true file type" (i.e., the extension matches the file header)
Monitor users' web browsing habits; restrict access to sites with unfavorable content
Exercise caution when using removable media (e.g., USB thumb drives, external drives, CDs)
Scan all software downloaded from the Internet prior to executing
Maintain situational awareness of the latest threats; implement appropriate Access Control Lists
Consider installing Application Whitelisting, Cloud Antivirus, Enhanced Mitigation Experience Toolkit, or similar host-level anti-exploitation tools

Basic Cyber Hygiene

Practicing basic cyber hygiene would address or mitigate a vast majority of security breaches handled by today’s security practitioners:

Minimizing administrative privileges (In most cases, this is the primary target for malicious intruders)
Application directory whitelisting (This prevents malicious software and unapproved programs)
Application patching (e.g., third-party vendor applications)
System patching (e.g., operating system vulnerabilities)
Dual-factor authentication (e.g., Personal Identity Verification card)

General User Accounts are Targets

US-CERT is seeing common vulnerabilities exploited and threat actors compromising general user accounts instead of administrative accounts:
Threat actors can conduct business on the network as an authorized user
Undermines discussion and debate around whether to encrypt data because it doesn't matter
Authorized user account is set up by default to read/write/share encrypted data

Network Segmentation

These cyber incidents have continued to emphasize the importance of network segmentation:
When an organization’s network is not segmented from others, this could mean hundreds of sub-networks affected versus one
- Separate administrative network from business processes with physical controls and Virtual Local Area Networks.

Do you have any questions or comments? CONTACT US or leave a comment below!

Aug 1, 2024

Embracing Digital Transformation in Manufacturing: A Journey to Efficiency and Innovation

Join us as we explore the journey of a Singaporean manufacturer who partnered with Yokogawa to enhance operational efficiency. From assessing digital readiness to implementing a stable data foundation and a digital energy monitoring solution, discover how they achieved remarkable improvements in performance and sustainability.

Apr 18, 2024

Oil & Gas Operations and Decision-Making in the Cloud Era

Recently, KBC launched the Acuity Industrial Cloud Suite, consolidating its simulation software solutions. It aligns with KBC's portfolio to address challenges in energy transition, process optimization, value chain optimization, and asset management. For insights, we interviewed Rolando Gabarron, a senior consultant in product management.

Apr 2, 2024

Behind the scenes of Pioneers: Pursuing objectives while also focusing on personal growth with Esmeralda Roxas

In the dynamic landscape of professional careers, the journey of growth and adaptation of Esmeralda Roxas at Yokogawa stands out. From her humble beginnings in system sales engineering for upstream oil and gas to her current role in network security, her trajectory is a testament to resilience, proactivity, and a thirst for knowledge.

Dec 21, 2023

The Necessity of Converged IT/OT SOC in Strengthening Cybersecurity for Today's Industrial Landscape

In the rapidly advancing technological landscape, industrial organizations face escalating cyber threats. To fortify cybersecurity, embracing a Converged IT/OT SOC is imperative. Yokogawa's cloud-based IT/OT SOC service provides a holistic defense, offering integrated visibility, proactive measures, and real-time monitoring. As cyber threats evolve, businesses can stay ahead with Yokogawa, safeguarding operations effectively in the cybersecurity race.

Dec 19, 2023

Yokogawa Recognised as a ‘Leader’ in Verdantix Green Quadrant for Process Safety Software 2023

Yokogawa has been acknowledged as a key software platform provider in the Green Quadrant report published by Verdantix and achieved the title of a 'Leader' in Process Safety Management. This recognition stands as a great achievement for Yokogawa, showcasing excellent performance in areas such as Control of Work, Mobile, Platform Interoperability, Integration, and Sustainability, including ESG considerations, among other notable areas.

Dec 18, 2023

Behind the scenes of Pioneers: Mahalakshmi R, Deputy Head, Yokogawa India Service: A Trailblazer in Leadership and Career Success at Yokogawa

In a recent interview, Mahalakshmi, Deputy Head at Yokogawa India Service, revealed her remarkable 28-year journey with the company. A leader in training and customer service, she has driven innovative projects and fostered a culture of success. Let's explore the key elements that have defined her leadership and career at Yokogawa.

Nov 30, 2023

Optimizing Energy Efficiency for Industrial Enterprise Buildings & Offices

Explore Yokogawa's EEMS revolutionizing energy efficiency in industrial buildings, recognizing their substantial impact on global energy consumption and CO2 emissions. This blog delves into EEMS's digital prowess for optimizing energy dynamics through real-time monitoring and a centralized platform. Uncover insights into smart meters, sensors, and communication protocol challenges and solutions.

Digital Solutions Blog

SecureIT - Basic Cyber Defense