This diagram highlights just a few of the uses an attacker may have for a compromised machine:
The best method of preventing such attacks is by ensuring that your network has under gone thorough testing of the IT environment this can be approached in a number of different ways which will be selected and tailored to the individual needs of your organisation.
This is the process of using the same tools as potential attackers to scan your business network for vulnerabilities and correct them before potential attackers can exploit them. The vulnerabilities will be ranked in order of risk they pose to the organisation and allow us to prioritise how we address them.
External Penetration Testing
An external penetration test allows us to assess the external facing network surface against techniques and tools used by attackers. This allows us to identify areas of weakness within the external facing network.
Internal Penetration Testing
The internal penetration test looks at the internal network in comparison to best practices, and is done from the perspective of both an authenticated and non-authenticated user. This allows the system to be critically assessed for both potential exploit of rogue internal users, and an unauthorised attack.
The best way to counter this attack vector is through the use of tailor made social engineering phishing simulation. Through this kind of testing safe habits can be taught to staff showing them key indicators of emails that they should avoid. The results also provide useful basis for further risk analysis and training for necessary staff members.
Information Security Operations Centre (ISOC)
This is an offsite solution that will monitor your network for irregularities with in data traffic, which indicate an attempted compromise of the business network.
Training is crucial this can cover areas such as safe use of company hardware in public places and identifying potential malicious software and emails. We can provide this training in a professional manner that will help increase staff confidence and help prevent breaches.