As a security consultant, I see companies of all sizes breached at an alarming rate. I see the true consequence go beyond system damage or downtime. I see larger consequences—including loss of confidence and damaged trust. To prevent this, I help organizations defeat intrusions and enhance the probability of detection.
Most cyberattacks are not complex or coordinated. Many simply exploit compromised passwords, faulty configurations, or obscure settings. Using these, attackers access a network and—once inside—escalate their own privileges. Defeating such exploits before someone finds them can improve your security posture dramatically. Below are low-cost, low-impact security controls that reduce the risk to your company's valuable reputation.
Exploiting compromised passwords or other user credential is the most-common way attackers penetrate commercial networks. Setting tougher access controls is the first line of defense.
Policy exploits, faulty controls, and mismanaged network settings are the second most-common means of attack. Review your network settings to greatly reduce vulnerability.
Additional steps I recommend to secure against attack include disabling interactive login for service accounts, using managed service accounts, using NT LAN Manager (NTLM), and disabling both command and power shells. I have seen firsthand how these quick, simple steps can strengthen a client’s security posture and help them defeat many common forms of intrusion.
I have based these insights on experience helping organizations of all sizes located all over the world to detect, defend, and defeat security breaches since 2006. This experience ranges from ethical hacking and vulnerability assessments to comprehensive managed security services programs, incident response, and forensic analysis.
Start a conversation with one of my colleagues to discuss how you can strengthen your current information security strategy. Schedule a consultationRead more...