Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Mastering Windows Security and Hardening

You're reading from   Mastering Windows Security and Hardening Secure and protect your Windows environment from cyber threats using zero-trust security principles

Arrow left icon
Product type Paperback
Published in Aug 2022
Publisher Packt
ISBN-13 9781803236544
Length 816 pages
Edition 2nd Edition
Arrow right icon
Authors (2):
Arrow left icon
Matt Tumbarello Matt Tumbarello
Author Profile Icon Matt Tumbarello
Matt Tumbarello
Mark Dunkerley Mark Dunkerley
Author Profile Icon Mark Dunkerley
Mark Dunkerley
Arrow right icon
View More author details
Toc

Table of Contents (21) Chapters Close

Preface 1. Part 1: Getting Started and Fundamentals
2. Chapter 1: Fundamentals of Windows Security FREE CHAPTER 3. Chapter 2: Building a Baseline 4. Chapter 3: Hardware and Virtualization 5. Chapter 4: Networking Fundamentals for Hardening Windows 6. Chapter 5: Identity and Access Management 7. Part 2: Applying Security and Hardening
8. Chapter 6: Administration and Policy Management 9. Chapter 7: Deploying Windows Securely 10. Chapter 8: Keeping Your Windows Client Secure 11. Chapter 9: Advanced Hardening for Windows Clients 12. Chapter 10: Mitigating Common Attack Vectors 13. Chapter 11: Server Infrastructure Management 14. Chapter 12: Keeping Your Windows Server Secure 15. Part 3: Protecting, Detecting, and Responding for Windows Environments
16. Chapter 13: Security Monitoring and Reporting 17. Chapter 14: Security Operations 18. Chapter 15: Testing and Auditing 19. Chapter 16: Top 10 Recommendations and the Future 20. Other Books You May Enjoy

Recognizing breaches

If you follow the news, you are probably aware that there is no shortage of breaches nowadays. They are happening so frequently that it is not uncommon for several breaches to occur weekly or even daily. What is even scarier is that these are just the ones that we hear about. To give you an idea of how serious the issue has become, the following list has some of the more notable breaches that are documented on Wikipedia’s List of data breaches page. There are many sources on the internet identifying top breaches, but Wikipedia has the most comprehensive information we have found with references to each of the listings:

Figure 1.8 – Wikipedia list of data breaches

Figure 1.8 – Wikipedia list of data breaches

You can find the source of the preceding screenshot at https://en.wikipedia.org/wiki/List_of_data_breaches and a list of security incidents here: https://en.wikipedia.org/wiki/List_of_security_hacking_incidents.

As you review the breaches and understand how they occurred, you will see a common trend where, for the most part, the breach occurred from hacking or poor security practices. You might also notice that other common methods of breaches include lost or stolen equipment. These statistics are alarming, and they indicate how critical it is to secure and harden our systems as best as possible.

It is also important to point out that the tactics of some malicious actors are not to breach records but to hold a company at ransom for a large payout. One of the more notable ransomware attacks recently was against Colonial Pipeline, which is one of the largest fuel pipelines in the US. This ransomware was so impactful that it forced the company to shut down its fuel distribution operations, causing gas shortages for consumers throughout the east coast. Another attack becoming more common is that of the supply chain, where hackers look to compromise a vendor that can then in turn compromise all its downstream customers. One of the most infamous such attacks was the SolarWinds cyberattack, where hackers implanted malicious code into their software, which was received by thousands of customers. Once installed, hackers were provided the ability to infiltrate customers’ networks.

To give you an idea of the importance of securing and hardening your environment, the International Business Machines Corporation (IBM) data breach report of 2021 provides some data points that are not to be taken lightly. In 2021, the average cost of a data breach was $4.24 million, which is the highest average cost since the report began. The most common initial attack vector was compromised credentials. In addition, the report shows that the average cost of a user record from a data breach is $161 per record. A quick calculation of this multiplied by 100,000 customers calculates a potential loss estimated at $16.1 million. When you look at the number of breached records shown in Figure 1.8, you will understand how this could be extremely damaging to a business’s value and reputation.

You can download and view more details on the IBM Cost of a Data Breach Report here: https://www.ibm.com/security/data-breach.

Tip

An interesting site for reference is Have I Been Pwned. This site will show you whether any of your accounts that use your email address have ever been breached and, if so, where the breach was: https://haveibeenpwned.com/. You can also sign up for notifications for any breaches using your email address or submit a specific domain to be notified on.

There are many sources available where you can view security news and follow the latest trends and best practices. Here are some recommended resources to help keep you up to date with the latest happenings in the security world today:

Next, we will discuss the security challenges we face in today’s world and within the enterprise.

You have been reading a chapter from
Mastering Windows Security and Hardening - Second Edition
Published in: Aug 2022
Publisher: Packt
ISBN-13: 9781803236544
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image