“If security were all that mattered, computers would never be turned on, let alone hooked into a network with literally millions of potential intruders.” - Dan Farmer, Dan Farmer, Cyber Security Analyst, Researcher, Programmer
If you have read the previous post in our Cyber security series: Emergence of XDR, Importance of MDR, Importance of MFA and the True cost of a Data Breach, you might be wondering: “How do I solve these for the long term?"
Well, the answer is not simple. It starts with organizational policy review, revision, and enforcement.
Having a strong password policy is the first step in ensuring that your data is secure. Create password vaults and have frequent password changes required. Creating a mnemonics or passphrases as the base requirement will eliminate the default passwords of “Password1234” and force your users to think strategically.
Training and Education
Employee training and development programs on an ongoing basis on new threat vectors and what to look out for in phishing and spearing attempts. The key here is to keep the training relevant and current to ensure engagement from the end users. Research has shown that if the training is monotonous and static the trainees’ loose interest and focus. Security is a 24/7/365 process and requires everyone to be always vigilant.
Creating a vested interest in the end-users on why having a safe and secure security posture is important will also go a long way in having the engagement and vigilance that organizations crave. If an employee understands that a data breach could cost the organization thousands of dollars as well down time resulting in lost growth opportunities, reduction in workforce and even as drastic as shutdown it will create an additional layer of vigilant first point of intrusion prevention. Create policies to forbid co-workers from taking pictures of their access cards and posting it on social media. A bad actor and recreate the access card with the information provided and gain physical access to your secure building and sensitive areas within the building.
Having constant tests and rewarding good security hygiene could also encourage a deeper and meaningful engagement from your co-workers. Create a culture of Spot and Report of malicious behaviour to help with prevention.
Next is isolation and segmentation of access. Restricting access to certain Data Bases or servers that the departments have no need or use for is also essential in creating a secure security posture. Have a principle of least privilege rule. 94% of breaches are reported to involve privileged credential abuse. Use multifactor authentication (MFA) for privileged accounts. All remote internet facing access (RDP) should be accessed only though VPN. Layering this solution with a Detect, Block, and Report tool could help against brute force attacks. One of the biggest contributors to unchecked privileged access is Seniority or Promotion to an end-user. It is imperative that Security techs are constantly reviewing privileged access to and revising it based on role and responsibilities of the end-users to reduce the points of failure.
Always be as current as your applications and business allows you to be with the Patches and Upgrades. Nearly 60% of data breaches in the past 2 years can be traced back to a missing operating system patch or application patch. "Everyone is aware that phishing attacks are a top root cause for data breaches," says Jay Goodman, strategic product marketing manager with Automox. "What we found is there is a surprising amount [of] OS patches, application patches, and misconfiguration mistakes that led to root the cause for data breaches."
Patching can be pricy and have some downtime, however the alternative is a lot more expensive and have could have significant downtime.
And lastly, even with all the security measures, prevention, and training there is still a possibility of a data breach. Organizations need a robust and isolated disaster recovery Solution. This needs to be isolated from the network to prevent corruption and exposure. The rule of thumb here is to follow 3-2-1 method. 3 copies of your data on 2 different types of media with at least 1 of them stored offsite (DR). Frequently test your DR for recovery time and Recovery point to ensure that it meets your organizational RPO and RTO objectives.
If you need any help with any of these steps, please feel free to contact us and we would be happy to audit your security practice and provide tips, tools and expertise to help you with your organizational needs.