By Joseph Carson
With 3.5 billion Internet users sending billions of gigabytes across the Internet each day, it’s no surprise that cyber security issues are growing. In 2016, more than 3 billion records were compromised. Global brands have been tainted by megabreaches, and high profile hacks have upended campaigns, law firms, hospitals, and more.
The majority of attacks are caused by insider threats (negligence, accidents, and malfeasance) and systemic vulnerabilities. Attackers compromise credentials in order to commit financial fraud, steal information, or infiltrate companies for more complex exploits including espionage, sabotage, and blackmail.
Here are my top tips for fortifying your cyber security efforts this year and beyond:
1. Educate employees and prioritize cyber hygiene
People are the weakest security link in most organizations. Companies should expand their security awareness programs beyond simple tests or policy acknowledgements. Employees must be trained to act as the front line security perimeter for their company, including how to use security tools and apply policies, how to detect social engineering ploys, and how to choose strong passwords. Basic cyber hygiene should be constantly reinforced: limit use of public Wi-Fi, use secure websites, and think before you click. Training should be compelling, continuous, and company-wide.
2. Involve executives in a red team cyber test
Your executive team should lead by example. Involve them in a red team cyber exercise to clearly illustrate how cyber threats unfold and how they can damage a company. This will help win executive support for cyber security initiatives and build a pervasive culture of security and accountability. Without executive endorsement, enterprise risk increases. Boards and executives should assess the business impact of cyber security, evaluate cyber insurance options, build better incident response plans, and create data-driven security programs.
3. Backup your critical data and fine tune your recovery plans
Business continuity is especially important in the cyber security context, yet many still do not tailor their disaster recovery plans to address cyber threats. This is a mistake that should be remediated. For example, to expeditiously recover from a malware infection by restoring from backup, you must take steps to ensure the backup itself is not compromised, and won’t take days to complete. Recovery plans should be based on company-specific risk assessments and tailored to various threats: DDOS, malware, and ransomware. Don’t forget to test and rehearse plans on a regular basis.
4. Get your metrics sorted
CISOs are in a tough spot; they have to show business value for cyber security investments, but it can be difficult to measure cyber security risk. Getting meaningful metrics from controls, processes, and software should be a priority. If you can’t analyze system data, you can’t identify gaps, trends, or failures. Enterprise risk management and continuous improvement depend on robust data collection and analysis.
5. Control and monitor admin privileged access to systems
Privileged accounts are a primary target. First, attackers gain a foothold using their bag of tricks, often exploiting an end user’s computer. They then work to compromise a privileged account so they can operate on the network as if they are a trusted IT administrator. Managing these sensitive accounts should be a top priority for all companies this year and beyond. Tighter controls and more effective monitor-and-alert systems will help companies reduce privilege abuse by both insiders and external hackers.
6. Implement a least privilege approach
You can reduce risk by adopting a least privilege strategy, wherein access is only granted through a rigorous approval process, and only when clearly required by job function. Limiting privileged accounts creates fewer targets for hackers and more control for IT. Enforce least privilege on end user workstations by restricting end users to a standard user profile and automatically elevating their privilege only for pre-approved and trusted applications. For IT admin privileged accounts, strictly control access and deploy Super User Privilege Management for Windows and UNIX systems to prevent attackers from running malicious applications and remote access tools.
7. Ensure multi-factor authentication is in place
If multi-factor authentication is available, use it. Authenticator applications like Google, Microsoft, Symantec, and Authy are preferable to SMS-based solutions. Multi-factor authentication makes it more difficult for an attacker to compromise an account. It also allows companies to establish a level of trust between user and system, making it easier to detect out-of-pattern activity and notify users promptly. Be sure to enable suspicious activity alerts, especially on privileged accounts.
8. Strengthen identity access management
Traditionally, organizations protected valuable information by building virtual fences around data assets. As corporate and network boundaries blur through global supply chains, mobile devices, cloud services, and virtualization, a better defensive strategy is required.
The new cyber security perimeter should be grounded in the identity and access level of individual employees. This next generation approach is designed for digital business; virtualized systems and data can be located anywhere and must remain accessible to authenticated users. Robust systems for identity and access management allow companies to accelerate new technology adoptions while evading cyber crime’s crosshairs.
9. Prepare and implement a cyber incident plan
Inevitably, your systems will be breached. Incident response determines how quickly companies can recover and how effectively they restore confidence with customers, shareholders and partners. An effective plan can significantly reduce financial and reputational harm by detailing: who needs to be involved and when; the role and actions of the CEO, legal, PR and IT; how to inform affected customers; and ultimately how to recover and restore data and services.
10. Correlate, monitor and audit security logs
Many companies are still not making effective use of essential security and audit logs. This data is vital for determining what, how and when incidents occurred. Without this key information, root cause analysis is a guessing game, and no lessons can be learned. The impact of cyber attacks is significantly reduced when they are detected and eliminated early.
Statistics and headlines can make cybercrime seem like a deluge that can’t be stopped. But if they exercise these security practices diligently, companies can build powerful controls. Executives should lead the charge this year by creating a culture of security, focusing on identity and access control, driving improvements with data, and implementing effective response and recovery plans.
Joseph Carson is Certified Information Systems Security Professional (CISSP) with 20+ years of experience in enterprise security & infrastructure. An active member of the global cyber security community, Carson is the Chief Security Scientist at Thycotic, a leading provider of password management to more than 7,500 organizations.