“If security were all that mattered, computers would never be turned on, let alone hooked into a network with literally millions of potential intruders.” - Dan Farmer, Cyber Security Analyst, Researcher, Programmer
Cyber threats are an inevitable risk constantly within our orbit in various forms and degrees of sophistication. Organizations of all sizes are prone to an attack at some point - but the severity of the attack and the time it takes to recover from one, all starts from within: Organizational policy review, revision, and enforcement.
Password Management
Having a strong password policy is the first step in ensuring that your data is secure. Create password vaults and have frequent password changes required. Creating a mnemonics or passphrases as the base requirement will eliminate the default passwords of “Password1234” and force your users to think strategically.
Training and Education
Employee training and development programs on an ongoing basis on new threat vectors and what to look out for in phishing and spearing attempts. The key here is to keep the training relevant and current to ensure engagement from the end users. Research has shown that if the training is monotonous and static the trainees’ loose interest and focus. Security is a 24/7/365 process and requires everyone to be always vigilant.
Creating a vested interest in the end-users on why having a safe and secure security posture is important will also go a long way in having the engagement and vigilance that organizations crave. If an employee understands that a data breach could cost the organization thousands of dollars as well down time resulting in lost growth opportunities, reduction in workforce and even as drastic as shutdown it will create an additional layer of vigilant first point of intrusion prevention. Create policies to forbid co-workers from taking pictures of their access cards and posting it on social media. A bad actor and recreate the access card with the information provided and gain physical access to your secure building and sensitive areas within the building.
Having constant tests and rewarding good security hygiene could also encourage a deeper and meaningful engagement from your co-workers. Create a culture of Spot and Report of malicious behaviour to help with prevention.
Access Management
Next is isolation and segmentation of access. Restricting access to certain Data Bases or servers that the departments have no need or use for is also essential in creating a secure security posture. Have a principle of least privilege rule. 94% of breaches are reported to involve privileged credential abuse. Use multifactor authentication (MFA) for privileged accounts. All remote internet facing access (RDP) should be accessed only though VPN. Layering this solution with a Detect, Block, and Report tool could help against brute force attacks. One of the biggest contributors to unchecked privileged access is Seniority or Promotion to an end-user. It is imperative that Security techs are constantly reviewing privileged access to and revising it based on role and responsibilities of the end-users to reduce the points of failure.
Patch Management
Always be as current as your applications and business allows you to be with the Patches and Upgrades. Nearly 60% of data breaches in the past 2 years can be traced back to a missing operating system patch or application patch. "Everyone is aware that phishing attacks are a top root cause for data breaches," says Jay Goodman, strategic product marketing manager with Automox. "What we found is there is a surprising amount [of] OS patches, application patches, and misconfiguration mistakes that led to root the cause for data breaches."
Patching can be pricy and have some downtime, however the alternative is a lot more expensive and have could have significant downtime.
Disaster Recovery
And lastly, even with all the security measures, prevention, and training there is still a possibility of a data breach. Organizations need a robust and isolated disaster recovery Solution. This needs to be isolated from the network to prevent corruption and exposure. The rule of thumb here is to follow 3-2-1 method. 3 copies of your data on 2 different types of media with at least 1 of them stored offsite (DR). Frequently test your DR for recovery time and Recovery point to ensure that it meets your organizational RPO and RTO objectives.
If you need assistance with any of these steps, please feel free to contact us for a complimentary security health check. We'll happily audit your current security practice and provide tips and recommendations to help you with your security needs.