10 Tips to begin 2017 as a Secure Enterprise
January 5th, 2017
Cyber Security is a very hot topic and with more than 3.5 billion Internet users worldwide, That includes, 6 billion email accounts, 2 billion smartphones, 1 billion apple users, 1 billion Gmail accounts, 1.7 billion Facebook accounts, and 300 million Twitter accounts who tweet 7,350 times per second, send 2.5 million emails per second, and transfer 1.5 billion GB of data per day through the internet. All of which are strong opportunities of attack for hackers to exploit.
Looking at all the cyber breach reports in the past year we can see that it has been a busy time for cyber criminals, with public reports describing more than 500 data breaches with more than 500 million records exposed in 2015. 2016 exceeded those number with more than 3 billion records stolen and disclosed, with Yahoo experiencing two mega cyber breaches.
So why do we continue to see so many cyber breaches?
If we examine why many of the breaches in the past year have occurred, it comes down to three major factors that can be categorized into the Human Factor, Identities and Credentials, and Vulnerabilities. With the digital social society, we are sharing more information, ultimately causing ourselves to be much more exposed to social engineering and targeted spear phishing attacks with the ultimate goal to compromise our systems for financial fraud or to steal our identities in order to access the company we are entrusted with protecting. When our identities are stolen it provides the attacker with the ease of bypassing the traditional security perimeter undetected, and if that identity has access to privilege accounts, they can easily carry out malicious attacks.
Here are my top 10 cyber security tips every company should consider in 2017
1. Educate Employees and Prioritize Cyber Hygiene
The weakest link in most organization’s security is the human being. As more sophisticated social engineering and phishing attacks have emerged in the past few years, companies need to seriously consider expanding their IT security awareness programs beyond simple online tests or acknowledgements of policies. As personal mobile devices are increasingly used for business purposes educating employees on secure behaviors has become imperative. All employees should be educated and made aware of cyber security threats. They should be trained with the best practices on how to be the best security perimeter for their company. It is important that employees are educated on how to enable and use the security available to them, well informed about and aware of the corporate security policies, taught how to choose strong and easily remember passwords, and limited on activities they do over public Wi-Fi. The must use secure websites, and even then, think before they click. Cyber hygiene should be a continuous learning and education process for all employees.
2. Have the C-Level experience a Red team assessment
Your executive team must lead by example. The best way to do this is get them involved in a red team cyber exercise to demonstrate how cyber threats occur and how quickly they can damage a company. This will help educate and bring awareness to the top of the organization, which will surely help with any cyber security priorities when the executive team endorses and is behind them. Without the executive team supporting these important priorities they are very likely to fail.
3. Backup your critical data and systems and tailor your recovery plan for different types of cyber threats.
It is critical for all companies to have an effective and efficient disaster recovery plan for all types of business risks. Business continuity is essential and particularly when it comes to cyber security. However many companies do not tailor the disaster recovery plan for cyber threats and this is a mistake that should be remediated in 2017. Many issues have occurred when companies restore a backup to recover from malware infection only to find out the backup was also infected. Other issues include not knowing which date to restore to or going to an old date and then incrementing the backup which can literally take days. When evaluating the risk assessment for cyber threats the disaster recovery plan should be tailored for different types of cyber threats from DDOS attacks, malware infections, data loss or corruption, to ransomware. This will help ensure the business continuity plan is effective when there’s a need to invoke it resulting from cyber attacks.
4. Get your Metrics Sorted
The challenge in the past is that it is difficult to measure cyber security risk for many organizations and this has put the CISO in a tough situation as to how you can show business value when it is not easy to measure. The metrics were not clear and basically, it was about keeping the existing security controls working, make continuous improvements where possible, and placing security on previously adopted technologies. Security has always been an afterthought and sometimes not possible to keep the same high level when security and privacy were not implemented by design. This means the risk always continues to get greater, making the CISO’s already tough job more challenging.
While cyber security is a growing topic in the boardroom the education of the boardroom needs to continue on the business impact of cyber security, clear metrics, the need to have cyber insurance, and a clear incident response and recovery plan.
5. Control and Monitor Admin privileged access to systems
Privileged Accounts are the top target of any attacker to gain access and move anywhere within a network. First, attackers gain a foothold in the network by any means possible, often through exploiting an end-user computer, then working to elevate their privileges by compromising a privileged account, which allows attackers to operate on a network as if they are a trusted IT administrator. It is extremely important to control and monitor the use of privileged accounts within the organization. This should be a top priority for all companies in 2017 to get in control of these privileged and sensitive accounts. This will help companies reduce privilege abuse from both insiders and make it more difficult from external hackers to compromise these accounts.
6. Implement an approach and culture of Least Privilege
Adopting a least privilege strategy, where privileges are only granted when required and approved, eliminates the chances for an attacker to compromise your network by targeting privileged account passwords or hashes. Enforce least privilege on end-user workstations by keeping end-users configured to a Standard User profile and automatically elevating their privilege to run only approved and trusted applications. For IT Admin privileged accounts, control access to the accounts and implement Super User Privilege Management for Windows and UNIX systems to prevent attackers from running malicious applications, remote access tools and commands.
7. Ensure Multi-Factor Authentication is in place
If multi-factor authentication is available, use it. You may prefer an Authenticator application like (Google, Microsoft, Symantec, Authy) to SMS. Make sure you enable alerts and notifications on your accounts so you are warned about any suspicious activity. Multi-factor authentication is an essential technique to make it more challenging for an attacker to compromise an account. It also allows a company to establish a level of trust between the user and system, and challenges the user when suspicious activity occurs.
8. Strengthen Identity Access Management and Protect Privileged Accounts
The traditional security perimeter is proving that it is no longer an effective cyber security control and fast growing technologies like Cloud, Mobile and Virtualization make the boundaries of an organization blurry. For many years organizations have protected their valuable and sensitive information by building a fence around those assets, and all the data that flowed in and out of that organization was either via a single internet access point or on physical devices. This meant that a traditional perimeter was an effective measure because the boundaries were known.
In today’s world where organizations can no longer rely on the traditional security perimeter as the only cyber security measure, it is important that the new cyber security perimeter lies with the Identity and Access of the employee. This is the new and next generation security perimeter that can be effective in a world where systems and data can be located anywhere and be accessed at anytime as long as the identity and access can be validated and trusted.
An effective policy and approach to Identity and Access management can help a company accelerate new technology adoptions, and avoid becoming the next victim of cyber crime.
9. Prepare and Implement a Cyber Incident Plan
It is extremely important that when the inevitable occurs your company is prepared and has planned on how to respond should you find out you have experienced a breach, most likely from a 3rd party. The way in which companies respond to breaches really determines how well and quickly they recover and restore confidence with their customers, shareholders and partners. An effective incident response plan can make all the difference, and should cover how to deal with the incident, who needs to be involved and when, what is the role of the CEO, Legal, PR and IT Security, how to inform impact customers and ultimately how to recover and restore services.
10. Correlate, monitor and audit Security Logs
An important area in which many companies are not doing well is the collecting of essential security and audit logs, especially when performing evidence gathering or digital forensics. This data is vital to determine what, how and when incidents occur and without this vital information the root cause analysis typical becomes an assumption. An effective security counter measure is to correlate and monitor security and audit logs. This could help a company reduce the impact from cyber attacks by finding and eliminating them early.
Latest posts by Joseph Carson (see all)
- Phishing Scams: Your Social Media and Email Security Checklist - March 2, 2017
- Ransomware goes into stealth mode: 7 things you can do to protect yourself - February 27, 2017
- The Password Love Affair: Would you share your password with your partner? - February 14, 2017