Cyber Security is a very hot topic and with more than 3.5 billion Internet users worldwide, That includes, 6 billion email accounts, 2 billion smartphones, 1 billion apple users, 1 billion Gmail accounts, 1.7 billion Facebook accounts, and 300 million Twitter accounts who tweet 7,350 times per second, send 2.5 million emails per second, and transfer 1.5 billion GB of data per day through the internet. All of which are strong opportunities of attack for hackers to exploit.
If we look at all the cyber breach reports in the past year – we can see that it has been a busy time for cyber criminals, with public reports describing more than 500 data breaches with more than 500 million records exposed in 2015 and in 2016 this has already far exceeded with more than 3 billion records stolen and disclosed with yahoo experiencing two mega cyber breaches. So why do we continue to see so many cyber breaches? If we look at why many of the breaches in the past year have occurred it comes down to three major factors that can be categorized into Human Factor, identities and Credentials, and Vulnerabilities. With the digital social society, we are sharing more information, ultimately causing ourselves to be much more exposed to social engineering and targeted spear phishing attacks with the ultimate goal to compromise our systems for financial fraud or to steal our identities in order to access the company we are entrusted with protecting. When our identities are stolen it provides the attacker with the ease of bypassing the traditional security perimeter undetected, and if that identity has access to privilege accounts, they can easily carry out malicious attacks.
Here are my top 10 tips that every company should consider to start 2017 more secure and safe from cyber threats with these New Year resolutions.
1. Educate Employees and Prioritize Cyber Hygiene
The weakest link in most organization’s security is the human being. As more sophisticated social engineering and phishing attacks have emerged in the past few years, companies need to seriously consider expanding there IT security awareness programs beyond simple online tests or acknowledgements of policies. Especially as personal mobile devices are increasingly used for business purposes, educating employees on secure behaviors has become imperative. All employees should be educated and made aware of cyber security threats. They should be trained with the best practices on how to be the best security perimeter for their company. It is important that employees are educated on how to enable and use security available to them, well informed and aware on the corporate security policies, how to choose strong and easily remember passwords, limit on what activities they do over public Wi-Fi, use secure websites and think before they click. Cyber hygiene should be a continuous learning and education for all employees.
2. Have the C-Level experience a Red team assessment
It is important to have your executive team lead by example and the best way to do this is get them involved in a red team cyber exercise to really show how cyber threats occur and how quickly they can damage a company. This will help educate and bring awareness to the top of the organization, which will surely help with any cyber security priorities when the executive team endorses and is behind them. Without the executive team supporting these important priorities they are very likely to fail.
3. Backup your critical data and systems and tailor your recovery plan for different types of cyber threats.
It is important for all companies to have an effective and efficient disaster recovery plan for all types of business risks. Business continuity is important and especially when it comes to cyber security. However many companies do not tailor the disaster recovery plan for cyber threats and this is a mistake that should be remediated in 2017. Many issues have occurred from companies restoring a backup to recover from malware infection only to find out the backup was also infected, other issues with not knowing which date to restore to or going to an old date and then incrementing the backup which can literally take days. When evaluating the risk assessment for cyber threats the disaster recovery plan should be tailored for different types of cyber threats from DDOS attacks, Malware infections, Data Loss or corruption to Ransomware. This will help ensure the business continuity plan is effective when the need to invoke it resulting from cyber attacks.
4. Get your metrics sorted
The challenge in the past is that it is difficult to measure cyber security risk for many organizations and this has put the CISO in a tough situation as to how you can show business value when it is not easy to measure. The metrics were not clear and basically, it was about keeping the existing security controls working, make continuous improvements where possible, and placing security on previously adopted technologies. Security has always been an afterthought and sometimes not possible to keep the same high level when security and privacy were not implemented by design. This means the risk always continues to get greater, making the CISO’s already tough job more challenging.
While cyber security is a growing topic in the boardroom the education of the boardroom needs to continue on the business impact of cyber security, clear metrics, the need to have cyber insurance, and a clear incident response and recovery plan.
5. Control and Monitor Admin privileged access to systems
Privileged Accounts are the top target of any attacker to gain access and move anywhere within a network. First, attackers gain a foothold in the network by any means possible, often through exploiting an end-user computer, then working to elevate their privileges by compromising a privileged account, which allows attackers to operate on a network as if they are a trusted IT administrator. It is extremely important to control and monitor the use of privileged accounts within the organization. This should be a top priority for all companies in 2017 to get in control of these privileged and sensitive accounts. This will help companies reduce privilege abuse from both insiders and make it more difficult from external hackers to compromise these accounts.
6. Implement an approach and culture of Least Privilege
Adopting a least privilege strategy, where privileges are only granted when required and approved, eliminates the chances for an attacker to compromise your network by targeting privileged account passwords or hashes. Enforce least privilege on end user workstations by keeping end users configured to a Standard User profile and automatically elevating their privilege to run only approved and trusted applications. For IT Admin privileged accounts, control access to the accounts and implement Super User Privilege Management for Windows and UNIX systems to prevent attackers from running malicious applications, remote access tools and commands.
7. Ensure Multi-Factor Authentication is in place
If multi-factor authentication is available use it preferring to use an Authenticator application like (Google, Microsoft, Symantec, Authy) to SMS. Make sure to enable alerts and notification on your accounts so you get alarmed on any suspicious activity. Multi-factor authentication is an essential technique to make it more challenging for an attacker to compromise an account. It also allows a company to establish a level of trust between the user and system and challenge the user when any suspicious activity occurs.
8. Strengthen Identity Access Management and Protect Privileged Accounts
The traditional security perimeter is proving that it is no longer an effective cyber security control and fast growing technologies like Cloud, Mobile and Virtualization make the boundaries of an organization blurry. For many years organizations have protected their valuable and sensitive information by building a fence around those assets and all the data that flowed in and out of that organization was either via a single internet access point or on physical devices. That meant that a traditional perimeter was an effective measure because the boundaries were known.
In today’s world where organizations can no longer rely on the traditional security perimeter as the only cyber security measure, it is ultimately important that the new cyber security perimeter is with the Identity and Access of the employee. This is the new and next generation security perimeter that can be effective in a world where systems and data can be located anywhere and be accessed at anytime as long as the identity and access can be validated and trusted.
An effective policy and approach on Identity and Access management can help a company accelerate new technology adoptions and at the same time help avoid becoming the next victim of cyber crime.
9. Prepare and Implement a Cyber Incident Plan
It is extremely important that when the inevitability occurs that your company has prepared accordingly on how to respond when you find out you have experienced a breach most likely from a 3rd party for example law enforcement. The way in which companies respond to breaches really determines on how well and quickly they recover and restore confidence with their customers, shareholders, and partners. An effective incident response plan can make all the difference, ensuring how to deal with the incident, who needs to be involved and when, what is the role of the CEO, Legal, PR and IT Security, how to inform impact customers and ultimately how to recover and restore services.
10. Correlate, monitor and audit Security Logs
An important area in which many companies are not doing well is collecting essential security and audit logs, especially when performing evidence gathering or digital forensics. This date is vital to determine what, how and when incidents occur and without this vital information the root cause analysis typical becomes an assumption. An effective security counter measure is to correlate and monitor security and audit logs. This could help a company reduce the impact from cyber attacks by finding and eliminating them early.