Brian Engle, Chief Information Security Officer and Director of Advisory Services for CyberDefenses, offers IFSEC Global readers 10 pieces of advice on how to protect your business from cyber-attacks.
Cybercrime is increasingly lucrative, surpassing other forms of crime.
Unfortunately, the barrier to entry to this field are low, with ransomware now even available as a subscription service. And the odds of getting caught are low too, meaning the risk of serious consequences is not an effective deterrent. As businesses expand their digital dependence, critical services and overall aspects of our daily lives are enabled and managed by increasingly vulnerable systems.
The attack surface and impacts of cybersecurity events continue to grow at a staggering pace.
The threat landscape leads to an important question that applies to everyone at every level of an organisation. How do you help shield your organisation from cyber security threats?
The threats faced by organisations may include attacks from skilled and advanced attackers, but the broad swath of attempts from commodity malware, ransomware, viruses, opportunistic hacking, social engineering, and the numerous other commonplace threat types continue to be a nemesis for many organisations.
No matter the current state of your security programme, there are ways in which you can build stronger defenses to thwart these attempts or mitigate the potential damage.
It’s impossible to build an adequate defense when you don’t know where you currently stand. Periodic cybersecurity assessments are a central element in any good security programme because it highlights the strengths you can amplify and the weaknesses you can improve.
Starting with an assessment gives you a clear idea of the steps you need to take to secure your environment so you can prioritise the resources and avoid losing time and money on wasted efforts. Once you’ve got your arms around a traditional gap analysis, take your cybersecurity assessment to the next level by applying a risk management approach. Set the right priorities and appropriately analyse those items that you may consider deferring.
You are only as strong as your least informed employee. Attackers are savvy about finding a point of entry into your systems and network.
This could be an unsuspecting employee with weak passwords or who falls for a phishing or social engineering attempt. Make sure your team knows how cybercriminals can trick them, how to identify a suspicious email or phone call, especially those that seem to be legitimately from friends or another department. Advise them on how to protect the organisation from these attempts.
Consider having strong policies aligned with cybersecurity best practices and make sure your team is well-versed on them. Also, develop a team atmosphere as part of your awareness training initiatives. Encourage all members to help watch out for each other and become an extension of your security team.
Any software utilised by your company should be the latest version. Old apps are susceptible to zero-day exploits and attacks, which can steal information, penetrate networks, and cause severe damage.
While anti-virus software routinely updates on its own, other programs may not have this function. Routinely check all major software on at least a bi-weekly basis. Consider implementing vulnerability management processes that check for missing patches and exposed vulnerabilities. Then make sure you apply the needed patches and updates.
Attacks can happen at any time and from anywhere. Implement 24X7 monitoring capabilities to stay constantly vigilant and catch attacks before they can cause damage.
Security Event and Incident Monitoring (SEIM) software can alert you to suspicious user activity or data anomalies that may indicate an attack is underway. Security Operations Center services can provide additional support in the form of security analysts trained in interpreting the alerts and homing in on the ones that signal trouble. Additionally, they know how to act quickly to shut down an attack.
For all of the protections and defensive capabilities that you implement, anticipating that they will never be 100% effective is part of a comprehensive strategy. A well thought-out and thorough incident response plan will pave the way for a swift and effective reaction if your organisation does experience a successful attack.
A good incident response plan will spell out the right escalation path, so the most equipped team members are notified immediately if there is a problem. It will ensure that everyone understands the steps that need to be taken, who is responsible for which part of the response and even how to communicate to organisation leadership, external stakeholders and the public when necessary.
When assessing the tools that your team uses, make sure that you have taken the time to define access privileges either by team member, job function, level or role. In short, make sure that only administrators have access to the full functionality of a tool, system or network.
The rest of the staff should only have access to the functions, data and areas that pertain to their job. This way, if an attacker does gain access through someone’s credentials, the amount of damage they can cause will be limited to the rights defined solely for that person.
As you focus on securing your digital assets, don’t overlook the importance of securing your physical environment too. In many cases, attackers gain access to login credentials, trade secrets, infrastructure schematics and other valuable and exploitable information by being onsite and gaining physical entry into buildings or data centres.
Employ security best practices like badged door entry, camera surveillance and a policy of supervising visitors. Also, prepare your staff to protect their environments when they are away from the office by being vigilant at remote workplaces while travelling or visiting the local coffee shop. Keeping calls and conversations, as well as screens, private while in these external environments are just a few tips to consider when your personnel are outside of the protected confines of the home office.
While it’s invaluable to use cybersecurity assessments to constantly look for your blind spots, and it is essential that you implement capabilities to constantly monitor your systems, networks and environment for intrusions or suspicious activity, it is equally important to monitor the external networks and landscapes that could impact you.
Cyber intelligence is an important component of an effective cybersecurity programme. Through Darkweb monitoring and other cyber intelligence tactics, you can gain insight into attacks that may be in the planning phases, the criminal networks likely to target you and how they plan to do it. You can also identify credentials or information that may already be circulating in underground markets. With this knowledge, you can craft an accurate defense strategy.
Many significant breaches that have affected large, global brands started through a vulnerability that attackers found in small third-party vendors and suppliers. Make sure cybersecurity practices are part of the criteria in your vetting process when you’re considering working with any vendor. What do they do to protect their networks, systems and data? What is their data disposal policy? Do they adhere to the regulations that apply to them? Are they as diligent about vetting their employees as you would be? Implementing a process to review the security measures of your key vendors, updating your assessment periodically, and integrating them in the coordination of incidents and threat monitoring as much as possible will make sure they are holding up their end of the bargain and not putting your organization’s security at risk.
Lastly, if your company uses mobile devices – such as laptops, tablets or other devices through a BYOD policy – have a way to remotely protect data. In the best-case scenario, you should track devices. In the worst case, shutdown login capabilities if a device is stolen. At minimum, ensure that encryption is used to protect the information that the device may contain. While cybercrime primarily deals with digital information over the Internet, lost devices are still a real possibility. An attacker can gain access to a trove of information from just one stolen device, so prepare for the scenario accordingly.
Keeping your company safe from cyber threats requires diligence and effective IT cybersecurity strategies. Combining common sense with good practices like the tactics we’ve listed, can help circumvent cyber-attack attempts. Even better, these solutions are cost-effective and usually result in spending less on cybersecurity because your activities are tightly aligned to the threats.
It was explained here that an incident response plan will cover a swift and effective reaction when facing a cyber-attack. This is some useful info that my sister could benefit from. I’ll help her find a professional business that could provide her options to protect her company’s data.
https://mtbs.ca/
[…] assessments are an additional expense, but they are well worth the money. Even an annual assessment by a security expert can dramatically improve the security of your website. And, it takes the […]
Great information, thanks for sharing it with us.