Shut down the services that aren't absolutely necessary. Are you storing customer information in a database? If so, you need to encrypt the data. All of it would be best, but if that's impossible at least encrypt sensitive data, such as credit card and account numbers and private customer information. Doing so will ensure that if the unthinkable happens and an intruder is able to access your customer data, it will be useless. You can use software such as Application Security's DbEncrypt (www.appsecinc.com/products/dbencrypt/) or an appliance, such as Ingrian's i140 (for a review, see "When the Front Line Is Breached, Ingrian i140 Puts Up a Good Fight"), to encrypt specific fields within your database. Or you can write your own method of encryption -- anything is better than clear text. Certainly, the more complex the method, the better, but a little protection is still better than no protection.
How are your firewalls configured? You'd be surprised at the number of misconfigured firewalls that allows traffic you don't want to flow through to your servers. Allow only port-based traffic to flow from the firewall to your back-end servers on the ports that you specify. If access is available only via Port 80, then only traffic on Port 80 should be allowed and only to that specific server. Start with a "deny all" attitude, then open up only what is necessary.
While this is by no means an exhaustive list of attacks that could occur, they are some of the most common means by which your infrastructure can be exploited.
Cookie Poisoning: Cookies can be a dangerous way of storing sensitive information. Because cookies are simply text-based files, attackers can visit a site and modify the cookies to gain access to your systems.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
