Low-Hanging Fruits Vs. Those at the Top of the Tree: Cybersecurity Edition

Companies often go for high-end cybersecurity solutions because dealing with complex problems looks impressive. The appeal of fancy tech and advanced security challenges gives them a sense of achievement and a chance to show off their skills - and says they're serious about staying ahead of cyber crooks.

However, this isn't always the best strategy. Many significant risks arise from simple vulnerabilities and overlooked areas, which is why a balanced approach that tackles both advanced and basic security needs is essential for thorough protection.

But how should businesses go about this? We spoke to Tim Shaw, a member of Fortra's APAC Solutions Engineering Team, to unpack the steps companies can take to achieve balance in their cybersecurity strategies.

Q: Tell us about the different resources organizations can leverage. How does a medium-sized business compare to an enterprise organization?

Tim: Organizations can leverage many resources to improve their security. Due to the scale and complexity of their operations, medium-sized businesses and their corporate counterparts often differ in their approach.

Typically, large enterprises outsource their IT and security needs to big consultancies. This arms them with advanced tools and expertise but often focuses on high-level, complex issues rather than the basics. These organizations may invest heavily in extensive reports and security assessments but sometimes overlook the essential, everyday operational aspects of security.

In contrast, medium-sized businesses, constrained by limited resources, are more inclined to use software tools to address their security needs. They might employ vulnerability assessment software, integrity monitoring, and other cost-effective and manageable in-house tools. This allows them to quickly identify and fix security gaps without denting their wallets too much.

Q: Why do people go for the apples at the top of the tree? What are those items typically?

Tim: Security leaders often aim for the "apples at the top of the tree" because these complex issues can seem more impressive and important. Addressing high-level security challenges can provide a sense of accomplishment and demonstrate advanced capabilities.

Typical top-of-the-tree items include Multi-Factor Authentication (MFA), which in some situations could be low-hanging fruit, although it can be pretty complex to implement. Extra services must be put in place, people must be on board with using it, and so on. In the meantime, simple authentication mechanisms risk being forgotten, such as forcing people to change their passwords regularly.

Another example is a jump host or bastion host, which acts as an intermediary server that enables secure access to other servers within a hosted environment. This secure access to critical systems adds a layer of security but requires significant configuration and maintenance. Another problem is that the more hoops users have to jump through, the more they will attempt to bypass these controls to make things more convenient for themselves.

Q: What advice would you give a security professional who is going into an organization and can see that they are addressing the low-hanging fruit? How can they get started?

Tim: A security professional should first identify and engage with system owners to understand the current state of the environment. It's essential to address the basics before tackling more complex issues. Here's a step-by-step approach:

• Engage System Owners: Discuss the importance of securing foundational elements and get their buy-in.
• Conduct a Baseline Assessment: Identify the low-hanging fruit, such as outdated software, weak passwords, and lack of basic security measures. It's important to make sure backups are in place and well tested alongside a disaster recovery plan.
• Prioritize Actions: Focus on simple yet effective measures like regular password updates, enabling MFA where possible, and ensuring all software is up-to-date.
• Leverage Frameworks: Use guidelines like the Essential Eight and NIST CSF to create a structured plan that addresses basic security measures before moving on to more complex issues.
• Educate and Communicate: Ensure that all stakeholders understand why these basic measures are crucial and how they contribute to the overall security posture.

Q: Talk to us about each of the talking points - why are they so important? How can organizations leverage technology to help protect against those items?

Tim: Start with all the simple stuff. A salesman came up with a brilliant phrase: "Without a plan, you're just a tourist." This is true, even in this industry, if you haven't got a piece of paper in front of you that outlines the issues you need to address first, such as passwords and basic MFA. Check which applications are installed on all the desktops and get rid of the stuff that is no longer supported.

Access control is also crucial because it ensures that only the right people can access specific things. Organizations can use tech, such as role-based access control (RBAC) systems, to assign who can access what. It's like giving different keys to different people so only the ones who should be inside can get in.

Account protection is important because it stops bad guys from sneaking into your accounts and wreaking havoc. Set up strict rules for passwords—make them complicated and change them regularly. There are also measures to lock accounts if someone tries to break in too many times.

Single Sign-On is a lifesaver because it makes life simpler for users and keeps things safer. It's like having one master key that unlocks all your doors instead of carrying a bunch of different keys. Organizations can use tech solutions that let users sign in once and then access all the different programs they need without logging in again and again. It's convenient for users and reduces the chances of someone stealing passwords.

Virus scanning is a bit like having a security guard that can sniff out and destroy bad guys before they can cause trouble. It's essential because it stops malicious software from wrecking your computers or stealing your data. Also, email scanning protects you from phishing scams and malware. It's crucial because email is a common way for threat actors to try and trick users into clicking on dangerous links or opening infected attachments.

Q: How can Fortra's solutions address today's cybersecurity challenges?

Tim: Organizations can use Fortra's suite of products to protect against various cybersecurity threats. We offer solutions that address critical areas, such as phishing, email protection, data loss prevention, and perimeter security.

Our Digital Risk and Email Protection Suite protects against phishing attacks and other email-based threats. This includes a secure email gateway, to see that emails entering and leaving the business are thoroughly scanned for potential risks. Additionally, our Secure File Transfer products ensure that data is safely transmitted, with built-in virus scanning capabilities to detect and neutralize malicious content.

For data protection, our solutions include advanced data loss prevention (DLP) tools. These tools monitor inbound and outbound data traffic to prevent sensitive information from being inadvertently or maliciously shared with unauthorized recipients. DLP rules can intercept and block emails or files sent to incorrect recipients, ensuring that confidential data remains secure.

Fortra's offerings are comprehensive on the perimeter protection front. They begin with a vulnerability assessment to identify potential weaknesses in your security infrastructure. Following this, our penetration testing services simulate real-world attacks to evaluate the effectiveness of your defenses. This leads to our offensive security and adversary simulation services, where we work closely with your security team to prepare them for the types of attacks they may encounter.

Ultimately, a holistic approach ensures that your business is protected and well-prepared to respond to evolving cyber threats.