There’s nothing more impactful than a proactive cybersecurity strategy. What’s your preferred scenario: the one where you’re reeling from a lethal data breach with thousands of customer profiles compromised, or, the one where your team identified and diffused a problem before it had time to wreak havoc? The key difference between a company that recently made headlines over lost user data and one that continues to move along with no business disruptions is a proactive approach. Cyber crime is always evolving, and organizations must approach cybersecurity programmatically and continuously improve their capabilities to protect against attacks. Tackling the fundamentals will stave off most of the incidents that frequently occur, and a solid strategy will help prepare for the most common attacks while setting the organization on a path to contend with the risks that they individually face. At times, it may seem that developing a cybersecurity program is simply too daunting. Successes are never reported, and failures dominate the headlines. The good news is there are some essential tips that you can follow to implement better security practices throughout your organization. Here’s a list of the practices that I’ve seen can make the biggest impact. You can use this as a checklist to see how you measure up or realize perhaps that you still have some work to do to build the strongest possible cybersecurity stance.
Prepare for Incidents
A cybersecurity incident may occur later today, or potentially it has already occurred. There’s never going to be a better time to implement the fundamental steps of incident response preparation than right now. You could wait until you feel like you’ve made progress in other areas, but I recommend you schedule a repetitive walkthrough of your incident response process. Put it on the calendar, and then sit down with your team in a table-top exercise to review your communication plan, escalations and fundamental steps for handling an incident. Each time you perform this walkthrough, you’ll improve your capability. What’s more, including other important functions like business leadership and corporate communications in these exercises will help you respond when the real thing occurs.
Increase Visibility and Identify Blind Spots
The adage you can’t protect what you don’t know you have is valid. An inventory of systems and a solid understanding of the data you have and where it goes is essential, but you also need to know what you can see and what you can’t. Start building a picture of what your environment includes and what you have the ability to see. Pay attention to the areas that you lack visibility into, which may be outside of your network in areas like vendors, partners and other third parties. Like preparing for an incident, schedule time to review your vision space and blind spots frequently and continue to learn where you lack visibility and what you can do to get a better view of your world.
Sure Up the Most Attacked Vectors
A general review of the various data breach and incident reports show that users are attacked at a high rate. They are generally attacked by email using phishing attempts and by phone via vishing attacks. Preparing your organization’s users by giving them valuable training and tips for avoiding these attacks, then looking for ways to bolster your defenses with prevention technologies, is time and money well spent. At an extremely high rate, these phishing and vishing attempts utilize malware as part of the attack. Consider that basic anti-malware solutions are a basic ingredient but that you may also need some added protections. As a first fundamental step, make sure that anti-malware technology is deployed on all systems, that it is updated regularly and frequently and that it scans in real-time and not just during a weekly schedule. It is also very important to consider that anti-malware on its own won’t stop all malware and it has to fit into a layered approach of defenses. You wouldn’t purposely walk across a firing range just because you had a Kevlar vest on, and you shouldn’t feel bullet proof with your anti-virus software.
Find and Fix Vulnerabilities
A good analogy to convey the importance of updates and patches is to think of your business as a ship. Every outdated app, security policy and program is another hole in the hull. With too many holes, soon your ship is drowning in threats, reducing safety, efficiency and causing a myriad of problems. An active, efficient security program means you must patch regularly. Are there systems and programs you no longer use? Remove them. Are there vulnerabilities in firmware or other configurations? Patch them. Outdated, obsolete software of any type is a surefire way to create needless vulnerabilities in your enterprise.
Consider Needed Technologies
Now that you are covering the essential functions, you can now consider some useful protection technologies.
- Two Factor Authentication – Two-factor authentication is a very effective way to immediately improve enterprise security, adding an additional layer of protection for logins. Let’s face it, passwords are hard. Users tend to reuse them, and because of data breaches that have already happened, most of the passwords your users will think up are already in a dark web database somewhere right now. So enable a user-friendly two-factor authentication technology as soon as you are able.
- Encryption – Once you know what your important data is, utilize technologies to encrypt it, and also encrypt communications between systems where ever possible.
Security is not a “one and done”, “set it and forget it” proposition where you implement some technology and move on to other things. It’s crucial to employ active monitoring, either through your own IT staff or an MSP provider. It is absolutely essential to have network and system monitoring as part of your cybersecurity program. What you do not seek you will not find, so you will have to actively pursue threats, or they will elude your protections. There is no such thing as fool-proof security system. The sooner you accept it, the better you can prepare. And as you prepare, you will realize you need help. Utilize third parties or consultants; seek out advice and stay updated on top strategies. Bottom line, your business should follow these guidelines if they aren’t already. There’s no better time than the present to implement proven and effective methods to defend against attacks and malicious actors.
About the Author: Brian Engle is the CISO and Director of Advisory Services, a role in which he leads the delivery of strategic consulting services for CyberDefenses's growing client base with risk management support, information security program assessment and cybersecurity program maturity evolution. Prior to working at CyberDefenses, he was the founder and CEO of Riskceptional Strategies, a consulting firm focused on enabling the development of successful strategies for implementing, operating, and evolving risk-based cybersecurity programs. Brian’s previous information security roles include Executive Director of Retail Cyber Intelligence Sharing Center (R-CISC), CISO and Cybersecurity Coordinator for the State of Texas, CISO for Texas Health and Human Services Commission, CISO for Temple-Inland, Manager of Information Security Assurance for Guaranty Bank, and Senior Information Security Analyst for Silicon Laboratories. Brian has been a professional within Information Security and Information Technology for over 25 years, and serves as a past president and Lifetime Board of Directors member of the ISSA Capitol of Texas Chapter, is a member of ISACA, and holds CISSP and CISA certifications. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
