In recent years, the number of incidents in which cybercriminals steal data or take down websites has increased in gigantic numbers. Every week there are reports of Dutch companies that have fallen victim to cybercrime. In many cases, this has to do with outdated software used with known vulnerabilities, employees clicking on links with too much confidence or to other OWASP top 10 vulnerabilities. Due in part to the corona crisis, with many people working from home and therefore much more data going over the air, the number of cyber attacks has increased. In addition, the upward trend in recent years can simply be explained by the fact that digitization is also proceeding at a rapid pace, so there is much more data that can be of interest to criminals.
If a company is hit by a cyber-attack and data is stolen or accounts taken over, the consequences can be severe: trust is damaged, customers walk away, any damage to the systems must be repaired. All in all, this can be costly. Many companies only take action on security once they have been attacked. This, of course, is behind the times and can go wrong. It is important to get ahead of cybercriminals and fix as many vulnerabilities within an organization as possible to make it as difficult as possible for cybercriminals. This way, the chance that data will be captured or that your system will be taken over is many times smaller.
How do I prevent a cyber attack?
- Have your developers review all 3rd party plugins, integrations, libraries and software to see if updates are available. This fixes many known vulnerabilities (CVEs) that have already been published. In some cases you don't want to or can't update just anything, check to see if security updates are available. These updates will ensure that you system will continue to function as normal but the 3rd party integration we will again be more resistant to known vulnerabilities.
- Advise your employees how to deal with phishing emails and other forms of social engineering. Still one of the main issues for major cyber attacks. Inform your employees never to just install anything, click strange URLs, forward files to strangers and so on. It sounds pretty obvious but this still often goes wrong with dire consequences. Trying to give employees as limited access as possible to these actions might also help well, not all employees need to access sensitive data and untrusted URLs might be filtered out.
- To fix unknown vulnerabilities, performing a comprehensive penetration test a very good choice. This can find many vulnerabilities that may have been a gateway for cybercriminals or a way to siphon off data. After the penetration test, you will have a report describing exactly what the vulnerabilities are, what the CVSS score is and what impact it might have. You can then fix all the vulnerabilities to get your organization back to a higher level of security!
I also perform penetration testing as an ethical hacker. Do you have any questions and/or interest? Please feel free to contact at