It would not be a stretch to say that 2016 was a rough year for cyber security breaches around the world let alone Australia. Many Australians had a rough run with cyber security last year with healthcare providers being a top target. The magnitude of the 2013 Yahoo breach has now come out showing millions of people globally effected, including several Australian government officials. In addition, an increase in ransomware is hitting people and businesses where it hurts the most, the pocket.
As we start on a clean slate in 2017, here are 10 effective resolutions to consider that not only provide the basis for a Security assessment but can also yield a near-term, high-impact positive return against the chronic risk of a breach without protracting a massive effort.
- Invest in/retain top security talent
They say that success is determined by the company you keep, that includes devices, friends, and employees. If you care enough to invest in cutting-edge devices, it is a great idea to invest in the people that can protect them. Technology alone cannot protect one’s organisation from the risk of a breach. Organisations often deploy the latest security device but do not have it properly configured or monitored to make it effective. Apply the right level of human support and skill to optimise solutions you already have in place, either by hiring, outsourcing or a combination of both.
- Security awareness must become a culture
Awareness and training are essential when trying to cultivate a new habit or way of doing things. Set a tone at the top by insisting on employee accountability for adhering to security policies, processes and procedures, not just within IT but across the business and among functional leaders.
- Improve visibility across your environment
Does your organisation have visibility into cyber threat activity on all employee mobile phones, laptops, and tablets that connect to the organisation's network? For example, leveraging Managed Detection and Response solutions can proactively detect and disrupt malicious activity and help reduce the time it takes to evict threat actors from their environment. Fast detection and response is critical since the longer a threat actor is in an environment, the higher the costs and damage.
By instrumenting remote access touch points, you can increase visibility to drive rapid detection. Look to the sky, embrace the cloud as an extension of your security domain. For the foreseeable future, most organisations will live in a hybrid environment where business discussions will drive adoption of the cloud.
- Develop an incident response plan that is well constructed, resourced, and rehearsed on a regular basis
Practice makes perfect in more than just sports. Ensure your teams are ready and have rehearsed the steps to take in the event a breach has occurred. It is beneficial to have either qualified experts in-house or on a retainer to manage the complexity of a breach response. Rapid detection and rapid response are things that cannot be negotiated.
- Improve network design and data segmentation: An important first step is to identify which informational assets are most critical and accurately document your network. Many organisations skip this step, and it is criminal. Only through this can you segment critical data and systems to apply a layered defence with a better network design to protect your assets.
- Implement two-factor authentication: In 2016, our number one recommendation was to implement two-factor authentication across all critical applications and systems, especially corporate email. Compromised usernames and passwords were often used to simply "log on" to client networks via remote access systems (e.g., Outlook Web Access, VPN, VDI), giving an attack the appearance of normal activity and enabling it to go undetected. By adding an additional layer of authentication such as a password + something you have (e.g., a token) is a critical security control.
- Control the use of privileged accounts: Network administrator privileges should be the exception, not the norm. Limit the number of individuals who have privileged accounts to install software, and, if possible, "whitelist" what software is allowed on your network. Administrator accounts should be audited as frequently as possible to ensure they map to an actual Network Administrator who still has a valid need for privileges.
- Sandbox technologies: We identified that phishing was the predominant attack vector in 2016. Humans are curious and helpful by nature, so in spite of the best awareness training, targeted phishing continues to be a successful tactic in the compromise of organisations. To prevent this from happening, implement advanced sandboxing technology. These will detonate email attachments and web links before employees view them. This is critical and could be the difference between an attempted breach and damage control.
- Conduct continuous vulnerability assessments and remediation: Just like in real life, we all need health check-ups for preventative measures. Similarly, good network hygiene is the basis of any effective security program. On a regular basis, conduct third-party assessments to identify vulnerabilities and ensure there is a plan for closing the gaps. You don't know what you don't know.
- Identify threats already in your environment: The average time before advanced threats are detected in corporate environments is more than 300 days! Before you implement new security solutions, consider cleaning your house.
2017 is a new year, and it is bound to be filled with new adventures and trickier challenges on the business front as well as the cyber security front. If security specialists are able to stick to these 10 cyber security resolutions, chances are that they will have created a much safer IT environment for organisations and their clients and employees.
Have a safe and prosperous rest of 2017!