Table of Contents
ToggleTop 10 Basic Defences against Security Breach
According to security experts, private and public sector organizations are usually an easy target for cyber attacks. And unless organizations get the basics right, they will keep falling prey to battling fraudsters, ransomware rings, or nation-state hackers. In times like these, it is crucial to make sure that Organizations shore up their basic defenses, like using Multi-Factor Authentication [MFA], and as soon as they suspect an incident, they must take it seriously and act quickly.
Why is there a need to prioritize the basics?
Several Organizations have long implemented the Multi-Factor Authentication [MFA] and a Security Incident Response Plan. They have also continued to actively improve any defenses that may have been lagging. And yet, organizations that support critical infrastructure still lag behind when it comes to the security basics.
Before the advent of Artificial Intelligence [AI] and Machine Learning [ML], security experts have been warning that the basics too often get overlooked. But still, cybersecurity has remained partially a story of organizations continually tackling new problems, just to leave them half-finished and move to a new one. Usually, organizations are hyper-obsessed with the latest technology and get caught up in just about whatever the industry is selling. But the truth is that organizations are still failing to get the basics right.
Information Security Mitigation Strategies
In 2011, the Australian Signals Directorate published the top four (4) information security mitigation strategies which are considered by many experts as the best place to start.
- Whitelist Applications
- Patch Applications & Operating Systems
- Update to the latest versions of Applications & Operating Systems
- Minimize Administrative Privileges
Who is at risk?
Organizations in the financial, defense, government, and oil & gas sectors are the most likely targets for cyber attacks.
Even the best prevention in the world cannot guarantee that an organization will not get breached. To identify exactly what all organizations should be doing to survive a data breach, organizations should learn how to build a Data Breach Response Playbook or a Security Incident Response Plan. The single most important factor is to set up everything, ahead of time, get buy-in from all levels of the Organization, including the Board, and then practice the Playbook.
Top 10 Basic Defenses against Security Breach
Chief Information Security Officers (CISOs), especially in government agencies, aerospace and defense sectors, should conduct a 4-week review to shore up defenses, resilience of the basics and they must ensure that they can get back up and running after a successful attack.
Here’s a four-week “Security Sprint” of Top 10 items that organizations should focus on as per Attorney Chris Pierson, CEO of cybersecurity firm Blackcloak.
- Board: The Board and Executive leadership team should be properly communicated about the need for dedicated resources for ensuring that the organization is prepared and is able to do a 4-week cyber-sprint, including securing people, obtaining extra funding and support.
- Keys: All the encryption keys and privileged administrative passwords should be rotated regularly & as a standard practice.
- Passwords: Password reset for all Users and external login access should be made a mandate with a fixed frequency. This frequency can be as long as 180 days, but setting it up is highly recommended.
- Multifactor: Every system must use Multi-Factor Authentication [MFA]. The specific mechanism can be one of many different options available for MFA, for example, OTP to email or phone, an Authenticator, a Security Question, or a Smart Token.
- Endpoints: Every endpoint should have an active, working, and updated protection in the form of Antivirus, Anti-malware & Endpoint Firewall. All the nodes that do not have any protection should be terminated & if the termination is not possible, then they should be isolated & put on a separate network.
- Patching: Every critical vulnerability should be patched. Organizations should apply the latest patches to all computers, whether they are used by a Person or are part of a Server Network.
- Disaster Recovery: Availability of all necessary backups and the ability to work with warm or hot replication sites should be confirmed.
- Hygiene: All User Accounts should be closed for those who are no longer employed by the Organization.
- Phishing: A message along with a 60-second educational piece on phishing should be pushed out to every User.
- Monitoring: Turn up controls for IPS, email monitoring, web traffic monitoring, and IDS, Gateway Firewall, and Web Application Firewall (WAF) protection to a higher level.
These are some of the low-hanging fruits that can help prevent a successful cyber attack without introducing too much friction. Most organizations can achieve them in four weeks and successfully create a better balance between protection and recovery. But this 4-week target cannot begin counting down until organizations have put a Plan in place!
Neumetric, a cyber security services, consulting & products organization, can help you reduce your security cost without compromising your security posture. Our years of in-depth experience in handling security for organizations of all sizes & in multiple industries make it easier for us to quickly execute cost-cutting activities that do not bring value to you, while you continue focusing on the business objectives of the Organization.