Contact usFind a broker/adviserHow to claimWork with usLogins for brokers/advisers
Home > For brokers & advisers > Broker news

‘Tis The Season For Brute-Force Cyber Attacks – How To Be Safe

Published on Dec 07, 2016
Share this article
white arrow pointing left
Back to Media Centre
Screen displaying coding and a lock


Unauthorised access via a brute-force attack could also lead to unauthorised access to and theft of data which, depending on the nature of the data, could have severe consequences for any business.

“With the festive season approaching, we felt it prudent to send a cautionary note around these types of attacks, and we appeal to brokers to ensure that policyholders are aware of the risks – and suitably covered,” says Ryan van de Coolwijk, cyber product manager in Hollard Broker Markets’ Specialist Liabilities Centre of Excellence.

“Unfortunately the festive season is a peak time for cyber-attacks, particularly as companies are seen as softer targets with focus diverted by festivities and many companies operating on reduced staff.”

Tips to help better protect your clients against brute-force password attacks include:

  1. Internet-facing remote services and connections, as far as possible, should be placed behind authenticated VPN connections or the like.
  2. Second-factor authentication (e.g. one-time pin SMSes) where possible is highly recommended for remote connections.
  3. System and service accounts should be renamed from common account names such as “Administrator” on both endpoints and servers.
  4. Failed login attempts should result in accounts being disabled after a maximum of five attempts, to prevent brute-force attacks from succeeding.
  5. Firewalls should be configured to restrict traffic to known and trusted sources, as far as possible. Firewalls can also be configured to automatically generate rules to block requests from IP addresses generating failed login attempts.
  6. Unused accounts should be removed from authentication platforms at the time of the account, server or service decommissioning.
  7. Additional password controls such as complexity and length (9 characters is becoming seen as the best-practice minimum) should be consistently enforced. Also, any passwords in use should not be shared between accounts.
  8. Monitoring solutions such as security information and event management (SIEM) technologies should be considered to collect logs for near real-time and historical analysis of this data. This will allow for automated alerts, facilitate the early detection of brute force and many other kinds of attacks, and allow investigators and other IT staff to track the source and target systems during an incident much faster. SIEM technologies also offer warnings and alerts in cases where common business processes are not followed, or the use of a privileged account is noted on high-value IT assets.
  9. Regular back-ups should be generated and stored offsite, and/or disconnected from the network to assist in preventing these from being affected by attacks.

“Scams are rife this time of year, so in addition please remain vigilant against phishing and other types of social engineering attacks,” says Van de Coolwijk.

To find out more, please contact Ryan van de Coolwijk at (011) 351 2517 or email ryanv@hollard.co.za.

Disclaimer:

While this blog post makes recommendations regarding potential improvements that can be made to a policyholder’s environment, these should be evaluated by policyholders for applicability to their business environment and potential impact on their operations. We take no responsibility for the implementation of and potential impact these may have on a policyholder’s environment, nor do we warrant that implementation of these recommendations will prevent a network security or privacy breach.

Are you following us on Twitter and LinkedIn for real-time updates?