Stellar Labs hosts a podcast with Raf Martino, cybersecurity consultant at Cyber4Z and a Stellar Labs Knowledge Partner on their “Become a Cybersecurity Specialist” program. Cybersecurity has become more pressing than ever in the last weeks with employees worldwide working from their homes to prevent the further spread of the coronavirus. While this move allows businesses to continue working, it opens them up to vulnerabilities in cybersecurity. Listen to Raf Martino’s podcast: ‘3 key concepts to secure your application against hackers’ below
Raf’s experience in cybersecurity and being hired by developers as an ethical hacker gives him keen insight into what makes companies vulnerable to hackers. Here are some of Raf’s tips on how to ensure your company’s data is safe.
Tip 1: Always update your applications
Keeping all your company’s software updated is essential for security according to Raf: “For example, your web application is running on a web server that is not updated for the last three years. That’s something we see on the internet, but also internally at companies.
And what that means is if somehow you can see as a hacker what kind of version is running, there are multiple websites out there that you can put that version in…if you have a three-year-old version for example, then chances are that there’s a vulnerability you can exploit. And usually those are also publicly available.
So, you can just download the script and point that to that web server and exploit it, which in many cases gives you access to the server itself.” These threats apply to all software. Something as simple as the company’s website and its plugins that haven’t been updated can make it vulnerable to hackers. All components need to stay updated to eliminate vulnerabilities.
Tip 2: Be aware of application default settings
Another common area of vulnerability to be aware of are the default credentials that come with deploying an application, “Well, what you see a lot is sensitive data being disclosed…a lot of personally identifiable data; usually that’s just a matter of forgetting that you published something, somewhere. Which is the same for default configurations of many software applications, which in a lot of cases disclose logins somewhere…So, you have, for example, the login page for the administrator disclosed somewhere.
You might not be aware of that and it might still be using the default credentials.” As cyber security specialists, people like Raf have to practice ethical hacking. That is testing the organization’s systems, with their permission and the requirement to report back their findings. They can find many vulnerabilities. “What we also often see is credentials being logged. So, usernames and passwords, in logs that are open to anyone on the internet.
And that’s something that’s very dangerous of course because hackers can just try those out.” As ethical hackers, Raf and colleagues find simple errors like this often give them administrative access to some of the applications they test which they can then report back on. But the ‘black hat’ hackers won’t report it to you – they’ll take advantage of the vulnerability.
Tip 3: If something looks strange, don’t click
From his years of experience working in cyber security, Raf leaves us with this piece of wisdom: “The best piece of advice is to be aware that it’s very easy to let a hacker in. So, if you see something that seems too good to be true, an email, for example, with an attachment, anything that’s a little bit out of the ordinary, you tend to pick that up, it’s something intuitive.
Just don’t click it, just don’t give in to your curiosity I would say and report it to the people involved with security in your company. But also, if you’re doing this on your own laptop, just be careful with opening stuff at random. That’s the biggest risk you can take.”
Listen to 3 key concepts to secure your application against hackers
Listen to the full podcast: ‘3 key concepts to secure your application against hackers’ here. To learn more about how to train your colleagues to protect your company from hackers, email us at firstname.lastname@example.org or phone +32 78 48 13 45.
Join the learning revolution
If you share your name and email-address with us we will update you on the latest in learning, the podcast episodes we launch and more. Sign up today to be on track tomorrow.