Stephane Nappo, CSIO at Society Generale, rightly stated that “it takes 20 years to build a reputation and few minutes of cyber-incidents to ruin it.” We are always seconds away from a cybersecurity attack because, according to the 2019 Official Annual Cybercrime Report (ACR), there is a successful ransomware attack occurring somewhere once every 14 seconds.
In this article, we identify the main risks and present both simple and sophisticated techniques required to implement a robust cybersecurity policy.
The First Step is to Document the Risks
As an astute businessperson, you have documented policies and procedures governing every aspect of your business. Implementing a solid cybersecurity plan is no different. While there is a clamor for that universal checklist, the nature of your business and its IT setup define what the items in such a checklist should be.
Nevertheless, a cybersecurity policy document should address the main elements of a business presented below.
1. People
In 2013, IBM stated that 95% of the security attacks have an element of human error. Also, insiders account for more than 60% of all cyberattacks. Notably, insider malpractices cause heavier losses compared to external hacks.
2. Passwords—make them work for you
Chris Prillo, CEO of LockerGnome, summed it up nicely: “Passwords are like underwear: don’t let people see it, change it very often, and you shouldn’t share it with strangers.”
3. Track your assets
IT asset management tools give you an instant snapshot of your IT assets. These tools can be used to prioritize your critical assets. Consequently, time, money, and resources can be allocated according to the value and vulnerability of an asset.
4. Patch-Up
Hackers attacked Equifax, a credit risk assessment company, in May–July 2017. This hack affected about 2.4 million customers and cost the company nearly $4 billion. The prognosis? A patch for the vulnerability the hackers exploited was available 3 months earlier and was not applied.
5. Endpoint security
Devices such as laptops, smartphones, and tablets are often used as locations to mount an attack. Moreover, malware is often masked as Adobe Reader, Flash, or MS Office files.
6. Reconnaissance and Identification
Because data is 21st-century gold, hackers will try to steal it from you. Regularly scanning your IT components for vulnerabilities is vital to reconnaissance. In particular, critical components have to be tested and secured frequently.
7. Perimeter Policing
The golden rule of perimeter policing—suspect everyone and everything. Challenge anything out of the ordinary—dubious websites, apps, browser and file extensions, third party patches, and drivers, and other similar entities. Also, components accessed by external users—routers and webservers—should be surveilled at higher levels.
8. Encryption
Have you encrypted your critical data? Do you use HTTPS to access external websites?
9. Outsourcing your exquisite headaches
You should consider outsourcing the security of complex components of your IT infrastructure. Cloud vendors provide you infrastructure and services on-demand, within a highly secure environment. As a result, Cloud vendors simplify your audits by drastically reducing the IT components to be audited. Through their audits, these vendors certify the security of your functions outsourced to them. I have worked with a similar organization in the past named Aquiasolutions which deals with taking an organization’s complete IT infrastructure into consideration for a security audits.
10. Test your in-house applications
In-house applications are a hacker’s favorite. Testing these applications for security holes is important before such applications are deployed.
Why Internal Audits are so important?
Internal audits help you detect and address vulnerabilities before a hacker can exploit them. Regular internal audits are key to finding gaps between your security policy and its actual implementation. Documenting these audits and creating a baseline of findings is crucial to improving security.
Importantly, involve domain experts to audit your sophisticated IT components and other critical resources. A second opinion on the security of your critical resources can prove invaluable later.
Audit tools like Tracesecurity can facilitate seamless integration of various auditing activities into meaningful reports for all stakeholders.
Small Steps will go a Long Way in Securing Your Infrastructure
To begin with, consider the simple steps that can yield big results for you.
1. People Training: Train people and get them to take a security quiz; get a signed undertaking committing them to your cybersecurity policy.
2. Password Management: Enforce password complexity. Using two- or multi-factor authentication can strengthen security; enforce password changes regularly; to secure and track passwords, use password managers like LastPass or Dashlane.
3. Endpoint security: Evaluate, install, and maintain a reliable antivirus program; disable JavaScript (Adobe) and Macros (Microsoft). Please check out this blog on Extension Security.
4. Asset Management: Procure an asset management software, such as Zoho Creator, for as low as $ 5 a month.
5. Asset Ownership: Ensure each asset has an owner; ownership promotes accountability concerning the security policy.
6. Disable unwanted options: USB ports, ftp ports, gaming ports, unused router features, etc., should be disabled when using the official network.
Complex Countermeasures can be streamlined using Tools
There is no escaping a certain set of sophisticated approaches when managing your cybersecurity. Nonetheless, tools can ease much of your work by providing the necessary information and through automation.
1. The Big Picture: MITRE ATT&CK—adversarial tactics, techniques, and common knowledge—is a global, accessible repository of adversarial tactics based on real-world observations. The pre-attack prepping tactics presented here are particularly valuable.
2. Patch Management: When a patch is released, hackers try to exploit the corresponding vulnerability almost immediately. While reputed vendors push out patches regularly, vendors of obsolete hardware and software, as well as freeware, do not publish patches frequently.
As a precaution, patches have to be tested on pilot targets for any adverse effects before large-scale rollouts.
Moreover, installing patches in a large IT installation can be time- consuming. Prioritization of resources according to vulnerability and value can mitigate some of the urgency around patching.
Most importantly, automation using tools, such as Manage Engine Patch Manager Plus and PDQ deploy, can ensure reliability and promptness when rolling out patches.
3. Scanning: Testing your assets regularly can ensure timely detection of vulnerabilities. There are different types of scanners for different assets.
- Nmap is a widely used free network scanner.
- Acunetix, used by NASA and the US Air Force, is free for a year.
- Tinfoil is a free webserver scanner that gives you actionable reports.
- Sucuri is a free, yet widely used webserver scanner.
- Scanmyserver , for detailed webserver vulnerability reports, is free as well.
4. In-House Apps: Hosting an in-house application on hardened hardware can mitigate a bulk of the associated risks. Use the principle of minimum rights to limit access to an app’s various functions. Use the latest libraries in the production environment.
Please check out this article on Application Vulnerability for a comprehensive treatment of application security.
5. Incident Response: Even the most judicious can be hacked. If you’re prepared, you can limit the impact of the attack by drastically reducing the attack surface. The most important aspect of quick response to incidents is to form response teams beforehand—different teams with expertise to deal with various types of incidents.
Please read this article on Incident Response for more information.
Cybersecurity is a never-ending battle. Christopher Graham, a well-known security expert reiterates that “the knock-on effect of a data breach can be devastating for a company. When customers start taking their business—and their money—elsewhere, that can be a real body blow.”
—————————————————————–
A computer hacker is any skilled computer expert that uses their technical knowledge to overcome a problem. While “hacker” can refer to any skilled computer programmer, the term has become associated in popular culture with a “security hacker”, someone who, with their technical knowledge, uses bugs or exploits to break into computer systems.
Endpoint security is the process of securing the various endpoints on a network, often defined as end-user devices such as mobile devices, laptops, and desktop PCs, although hardware such as servers in a data center is also considered endpoints. Precise definitions vary among thought leaders in the security space, but essentially, endpoint security addresses the risks presented by devices connecting to an enterprise network.
In cryptography, encryption is the process of encoding a message or information in such a way that only authorized parties can access it and those who are not authorized cannot. Encryption does not itself prevent interference but denies the intelligible content to a would-be interceptor.
You can also stay updated by subscribing to iTechCode.