In a recent conversation someone asked me what are the basic things they can do to ensure they are protected against the latest cyber threats and after my response I thought "This would make a decent blog topic" so here we are.
The world in which we live in today is full of hybrid workers and this has broadened a businesses attack surface and increased business risk associated to cyber attack. Evidence of this is easy to find with a quick look at the latest news articles which talk about private company networks falling prey to ransomware.
These 3 areas are important practices and are very simple.
Knowledge is power
Lock your doors & windows
Act fast
Knowledge is power
To limit your risk you need to know what assets you have. Do you have 50,000; 100,000; or 500,000 computers and servers in your organisation?
Where are they?
What are they?
What’s running on them?
What services do they provide?
Answering those questions is what asset discovery and inventory is all about. It’s the foundation for minimising cyber risk.
The old saying makes sense
"You can’t manage what you don’t know you have"
To manage your endpoints, you need three levels of knowledge:
What assets do you have, and where are they?
What software is running on them, and is it licensed?
How do the machines on your network relate to one another, and what is their purpose?
All companies, regardless of size, need this information, which in modern IT changes constantly. Network assets come and go, especially with “bring your own device” (BYOD) a common and growing policy in many organisations.
Some assets may appear on the network only occasionally. With more companies encouraging employees to work-from-home (WFH), complexity increases. The operational disadvantages of not knowing is security vulnerability. If you can’t manage an asset, you can’t secure it. And you can’t manage it if you don’t know you have it. There may be attack vectors you’re entirely unaware of like an unpatched vulnerability.
Lock your doors & windows
Sounds simple but most people would not leave their house without locking their doors and shutting their windows but businesses often operate a totally different model, just as above if you don’t know that you have an open window how are you supposed to close it.
Cyber criminals are getting better at finding weak links, exploiting vulnerabilities and misconfigurations before security and IT ops teams know about them. Regulatory pressure is also turning up the heat on organisations already struggling to manage the reputational and financial fallout of breaches.
At the heart of any good cyber risk management strategy lies vulnerability and configuration management.
The vulnerability management lifecycle has five stages:
Discover what assets you have and what security protocols are in place.
Assess the types of security and vulnerability standards you want to evaluate against and deploy tools to figure out how to collect relevant information.
Prioritise the importance of items you want to address and how soon they should be tackled.
Remediate vulnerabilities by updating patches and changing security configurations and policies.
Verify and reassess to validate the changes you’ve made have conformed to security policies.
As important as technology is, let’s not forget the basics, which begin with the right policies, plans and SLAs. It could be something as simple as: “We’re going to develop a vulnerability management lifecycle that we define, and here are the SLAs for each cycle period.” Once SLAs are in place, it may become clear that automated tools are the best way to achieve these goals.
Act fast
This is obvious but it is critical to respond to a cybersecurity incident fast, whether it’s a data breach, a ransomware event, or one of several other types of cyberattacks, acting fast can dramatically reduce the impact such a breach or attack will have on the business.
If you are subject to a attack you must follow a standard process to solve issues, we have a simple process flow that will help it is called the PCRL, something we use on lots of challenges but works really well in this area.
Problem - What is the issue
Cause - How did it happen
Resolution - What are you going to do to resolve
Learning - What did you learn from it
Summary
The reality is, ransomware and other cyberthreats are here to stay. Highly sought-after networks and critical infrastructure will always be a target. We recommend a cyber risk assessment which will help define your risks and also provide a basic remediation plan.
Our cyber risk assessment is available here
Here are few of our other cyber security blog posts
Reducing cyber insurance premiums
Top 5 phishing subjects
Importance of good password security
Contact us today to understand your risk profile and let us help lock your doors & close your windows.
Thanks for reading
Daniel Bumby
0114 553 3600