Fix your Broken Windows to Make Sure Cyber Criminals Walk On By

Category: News
Published: 23rd July 2024

< Back to Media
Man fixing a window with a glue gun.

Picture two high streets in your head. One is full of rundown, graffiti covered buildings, some with smashed in windows and doors that have been knocked off their hinges. The other has neat frontages with freshly painted facades and well-maintained shop windows displaying vibrant goods.

Where do you think you’re more likely to find a criminal trying their luck? It’s probably the one with all the obvious entry points.

In a similar way, cyber criminals generally operate by exploiting the most obvious vulnerabilities in a network. Once in, they can attack in a number of different ways. They may steal a company’s data, launch a ransomware attack, or attempt to gain access and then sell the credentials up the chain for other hackers to exploit.

Because hackers are looking for an easy point of entry, more often than not the most effective route to blocking an attack is by fixing your most glaring security flaws.

The broken windows theory in cyber security

The situation described above is known as the broken windows theory. It suggests that visible signs of disorder and neglect in urban environments (like broken windows, graffiti, and litter) creates an atmosphere that invites further crime. In cyber security, this translates to obvious vulnerabilities in your network attracting cyber criminals.

Hackers will scan for easy entry points such as unpatched software, weak passwords, and outdated systems. If they encounter robust defences, they’re much less likely to attack and will instead choose to move on to find easier targets. Addressing these visible weaknesses can significantly enhance your security posture and deter opportunistic attackers.

How cyber criminals exploit obvious flaws

Cyber criminals typically employ automated tools to scan for and exploit common vulnerabilities. These tools can identify unpatched software, open ports, default credentials, and other weaknesses. Once they gain entry, they can escalate privileges, move laterally across the network, and exfiltrate valuable data. Often, this information is then passed up the criminal chain for further exploitation, whether through ransomware, data breaches, or selling on the dark web.

Fixing these obvious flaws is not especially complicated but can be difficult to manage. It takes sustained time and effort to build up a level of cyber hygiene that will deter hackers. The UK’s National Cyber Security Centre (NCSC) provides extensive guidance and resources to help organisations bolster their cyber security defences. Following NCSC best practices, such as the Cyber Essentials scheme, can help businesses identify and fix their broken windows, making them less attractive to cyber criminals.

Ensuring that software and systems are up to date, enforcing strong password policies, and using multi-factor authentication are all examples of best practices that can help to prevent unauthorised access. Additionally, providing staff with security awareness training, including basics like locking their computers when not at their desk, will build up your company’s cyber security posture.

Even the most basic cyber security hygiene and security awareness training is useful. It’s estimated that as many as 99% of attacks could be prevented by such simple measures. By fixing these obvious flaws, organisations can disrupt this process and prevent the initial access.

Make your organisation a hard target

Although most hackers will be looking for ‘broken windows’, a basic cyber security environment is not the be-all and end-all. Establishing a foundation of good cyber hygiene is crucial, but it’s just the beginning. Once you have followed the NCSC guidance and are ready to elevate your security, comprehensive threat detection becomes vital.

This involves monitoring endpoints with Endpoint Detection and Response (EDR), monitoring the network with Network Detection and Response (NDR) and consolidating all security logs into a single view through a Security Information and Event Management (SIEM) system that alerts your security team to any abnormal behaviour. This can be achieved in-house or outsourced to a Managed Security Service Provider (MSSP), who can consolidate all of this protection into a Managed Detection and Response (MDR) service.

While no system can be entirely impervious to attacks, making your organisation a harder target can significantly reduce the likelihood of becoming compromised. By addressing the most obvious vulnerabilities and adhering to best practices, you can ensure that the majority of cyber criminals will walk on by, leaving your organisation secure.