Cyber-attacks have moved to the front page of the news. The attack on Colonial Pipeline and JBS Foods went to the heart of the US energy and food supply systems. Hospitals and health organizations were hit in 2020 impacting over 18 million patient records and costing $ 21 Billion. No one is immune as 43% of attacks are against small businesses. So being big or small does not escape the attack. The criminals behind these attacks are building more sophisticated profit-oriented organizations, even investing in AI (Artificial Intelligence) and talent to keep a few steps ahead of the defense.
We are all part of the defense and it’s challenging to keep up with the bad guys. Assuming some level of IPS, firewall and antivirus are in place within your company here are 6 steps to take that many companies either do not do at all or neglect doing consistently or correctly. By no means are these steps a comprehensive approach to cybersecurity.
1. Security Awareness Training
Security Awareness doesn’t remove the element of human judgment, but it does help make human judgment better thereby giving you better odds against the bad guys. Security Awareness Training providers provide training materials, online training programs, baseline testing, simulated phishing attacks, and reporting results. A leader in this area, KnowBe4, has reduced the phishing-prone percentage from a baseline of 37% to 4.7 % over 12 months. Costs range from $ 4 to $ 30 per user for the year based on the program details and the total number of users involved.
2. Email Gateway Security
Email gateways servers act as a gateway through which every incoming and outgoing email passes. The purpose is to monitor all emails and only let the good ones go in our out. Incoming emails are monitored for spam, phishing attacks, malware, or fraudulent content. Outgoing email can be monitored to ensure sensitive data is not leaving the organization or that it is encrypted. Email gateway security providers are needed for both on-premises and cloud email solutions. Office 365 email on its own does not provide this. It needs to be combined with Microsoft Defender for Office 365 or a third-party product like Darktrace Mimecast or Proofpoint
3. Operating System Patching
Statistics show known vulnerabilities that have not been patched can be the source of more than 60 % of security breaches. Some are vulnerabilities that have had patches available for years. Vulnerabilities in total will be discussed further down but one part of vulnerability patching and one that is quite common is Operating System Patching for Microsoft, Linux, and other OS. We are used to doing this on the personal side as many of us have our laptop or PC set to automatically download and apply patches as they become available. These patches add features, fix software bugs, and eliminate security vulnerabilities with Vulnerability Management Services.
4. Vulnerability Management
Almost 18,000 new software vulnerabilities were reported in 2020 which set a record. Everything is becoming software so beating this record will be the norm going forward. As stated earlier, unpatched vulnerabilities play a significant role in allowing cyber attackers easier access to entry. Software providers work hard to develop patches for these vulnerabilities but for customers patching in such large numbers is challenging. It requires a solution like Qualys, Tenable, or Nexpose that smaller businesses may not feel is justified. These tools automatically inventory assets, determine current patch level, unpatched vulnerabilities, and provide the solution to eliminate the vulnerability. The solutions may include patching, configuration, or upgrading versions.
5. Incident Detection and Response
The 4 steps presented above are related to the Identify and Protect segments of the Cybersecurity Framework. The reality is that a well-executed prevention plan does not guarantee that an attack or breach does not happen. Some level of detection and response is required for any enterprise – even smaller ones.
Building this capability in-house is challenging for small to mid-size enterprises. Currently, Cybersecurity is a high demand/low supply skillset. The number of open positions is growing faster than the number of available resources. Cyber-attacks are becoming more sophisticated using top-notch talent, money, and advanced technology.
The AI cybersecurity company, Darktrace, has created a solution for both small and large enterprises that face this challenge. The Darktrace AI platform (Enterprise Immune System, Antigena, and Cyber AI Analyst) mimics the resilient approach that the human body takes when faced with a known or unknown threat.
6. MFA (Multi-Factor Authentication)
The most efficient security control for Account Takeover (ATO) attacks and social engineering attacks is MFA. With MFA, users must combine two or more verification technologies (something you know, something you have, or something you are) to access their personal information. Something that the user knows is considered the first level of verification (the password), then if we can add something that the user has (a smartphone) and/or something that the user is (biometric control), it can be said that the platform is protected by multi-factor authentication.
Summary:
A disciplined, continuous, and thoughtful approach to protecting your enterprise systems is a requirement. The steps outlined above are a good baseline to build or enhance. Email and vulnerabilities play a significant role in cyber-attacks. In addition, every organization must assume they will be attacked so detection and recovery need to be implemented. These steps primarily focus on these two areas of exposure and the need to be ready when attacks are successful. For businesses with smaller IT teams finding a partner that can provide expertise and execution without having to build their own team is a good starting point. For more details, visit our online portal & secure your company with allari now!
