There are tons of articles out there outlining how to secure your network and which defensive measure to take in order to make sure your business does not lose business data or customer data. Being that Black Harbor specializes in offensive security, we are going to take a different approach to that conversation, and explain what you can do to make sure that you allow hackers into your network and lose all of your sensitive data.
1. Leave all of your device’s default usernames and passwords alone! The manufacturer knows best, right? They set those default usernames and passwords difficulty for a reason, and that allows you so much easier access to your administrator panels, with ease of control for all your devices. This is also going to be the first thing that hackers try when they arrive on your administrative portals, so please don’t make it any harder on the hackers, they have been searching for targets like your for a long time.
2. Expose your web applications to the internet. Hackers are going to want ease of access to your applications, for recon and exploitation reasons, so even if they are only used internally, you never know when you might need to access them from home or on the road, so just put them on the web.
3. Make sure that you delay all updates as long as possible. Outdated software is full of vulnerabilities and bugs and is really important in the process of exploitation. One of the first steps hackers will take when they find your application is to scan it for software versions and vulnerabilities. Outdated software still works, right?!
4. Hide sensitive data in the HTML files, commented out. If you hide sensitive data, like usernames and passwords, IP addresses or other things like that in the HTML files, normal users will not be able to see it, but when malicious users look at those files, they will be able to gain access to your servers much easier.
5. Understaff and underfund the ISO. Your security team should be well staffed and have the tools and training they need to secure your business, but if they are not staffed correctly and don’t have the money they need to do their job, its going to be even easier for hackers to gain access to your sensitive data. A secondary effect for this is that you will never have to defend your security budget to the CISO through theoretical financial visualizations!
This is all written in jest, and the Black Harbor team wants you to literally do the opposite of these five steps and we want to help make sure that your business is secure. Reach out to us at email@example.com and let’s have a conversation about how we can use a penetration test to show you the vulnerabilities you are facing and the risks you are exposing your business to.