Cyber crime: Exploit kits in the enterprise

Page 3 of 3:

Page 3

The second step is to plug the identified holes in your security defence. This could be as simple as ensuring that all software updates have been deployed on all devices connected to the company's network and addressing patch management across the organisation.

Carrying out rudimentary tasks such as ensuring that employees are using a secure browser, staying informed of the latest cyber security threats, and using auto-update features for all computer programs can also help businesses to prevent a large majority of exploit kits from succeeding.

3. Protection

One way of helping to prevent exploit kits from stealing information is to use techniques like code signing and digital signatures. Code signing allows businesses to protect their users' data from software that has been tampered with by malware.

Using certificate-based digital signatures that enable a business to verify the identity of the software published, companies can prove that the software has not been changed since it was published. For example, when you download a program from a reputable software house, a pop up box should appear in the bottom right-hand corner of your screen to show the download is safe. In order to prevent hackers from using forged code signatures, businesses must take steps to protect the process for creating these digital signatures.

In the event that the exploit kit succeeds, you need to ensure that your assets are protected. The best way to do this is through data encryption. Employing data encryption methods will mean that even in the event of an exploit kit succeeding in accessing user data, tamper resistant devices will protect the confidentiality of critical networks using customised encryption algorithms and processes.

4. Evaluation

IT managers know better than most that the online threat landscape evolves at a rapid rate. Just like human viruses mutate in the real world, so do computer viruses. As such, security cannot be treated as a set once and forget function.

All security processes need to be evaluated on a continual basis to ensure your organisation is not just protected from the risks of today, but also the threats of tomorrow.

Davey is a three-decade veteran technology journalist specialising in cybersecurity and privacy matters and has been a Contributing Editor at PC Pro magazine since the first issue was published in 1994. He's also a Senior Contributor at Forbes, and co-founder of the Forbes Straight Talking Cyber video project that won the ‘Most Educational Content’ category at the 2021 European Cybersecurity Blogger Awards.

Davey has also picked up many other awards over the years, including the Security Serious ‘Cyber Writer of the Year’ title in 2020. As well as being the only three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) Davey was also named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro Magazine called ‘Threats to the Internet.’ In 2011 he was honoured with the Enigma Award for a lifetime contribution to IT security journalism which, thankfully, didn’t end his ongoing contributions - or his life for that matter.

You can follow Davey on Twitter @happygeek, or email him at davey@happygeek.com.