Popeye
With more than 3.5 billion Internet users worldwide who transfer 25,000 Gigabytes of data per day, cybersecurity is a hot topic. Global spending on cyber is now trending towards 100 billion dollars, yet the number and severity of breaches continues to increase.
Looking at cyber breach reports in the past year, we can see that it’s been a busy time for hackers, with public reports describing more than 1050 data breaches with more than 3 billion records exposed in 2016 with 2017 on track to exceed that number; Yahoo, Equifax and Uber experienced mega cyber breaches.
Something isn’t working.
So why do we continue to see so many cyber breaches?
The answer is murky at best. If we examine why many of the breaches in the past year have occurred, it comes down to three major factors: human error, our credentials, and source code vulnerabilities. Today we’re sharing more information online than ever before, exposing ourselves to social engineering attacks with the ultimate goal to compromise our systems for financial fraud or to steal our identities. When our identities are stolen it provides the attacker the ease of bypassing the traditional security perimeter undetected, and if that identity has access to privileged accounts, they can easily carry out malicious attacks. As companies develop more and more software, there seems to be a lack of priority around security during the development phase. This introduces backdoors and exploits into software systems that are detected months after release.
The good news is, there are steps you can take to protect your code and your team.
Here are 10 ways you can beef up your security to ensure your 2018 will be the strongest yet:
1. Build awareness
The weakest link in most organization’s security is its people. As social engineering attacks increase in sophistication, companies need to expand their IT security awareness programs beyond acknowledgements of policies.
As mobile devices are increasingly used for business purposes, educating employees on secure behaviors has become imperative. All employees should be educated about cyber security threats. It’s crucial that employees know how to use the security available to them, are well informed about corporate security policies, taught how to choose strong and easily remember passwords, and limit activities on non-trusted networks. Cyber hygiene should be a continuous learning process for all your employees.
Get it done.
2. Get a handle on your supply chain
With most companies relying on third party partners to help them execute projects, customer data and proprietary information is shared with companies outside their security boundary. The cloud has made it extremely easy to share everything with anyone with a simple click. It’s important to have a control point available that allows your data to be controlled via access permissions so partners can only see what they’re allowed to see and employees are prevented from sharing “entire” folders because it’s painful to share each item individually.
For all the fear mongering — the facts show that recent breaches are due to very simple problems with sharing sensitive information in public source code repositories. Don’t let it happen to you, keep an eye on public S3 buckets or source code systems. It takes a combination of user alerts and automated security policies to do it right. Thankfully, there are a plethora of providers out there that can help you regain control of your supply chain’s access to your data.
3. Backup your critical data and have a disaster recovery plan ready
You don’t need insurance until you need it. It’s critical for all companies to have an effective and efficient disaster recovery plan for all types of business risks. The problem is that many companies don’t tailor their disaster recovery plan for cyber threats. Problems happen when companies restore a backup to recover from a malware infection only to find out the backup was also infected. Other issues include not knowing which date to restore to or going to an old date and then incrementing the backup which can take days at a time.
When evaluating the risk assessment for cyber threats, the disaster recovery plan should be tailored to different types of cyber threats from DDoS attacks, malware infections, data loss or corruption, to ransomware. This will help ensure the business continuity plan is effective when there’s a need to invoke it resulting from cyber attacks.
4. Launch a culture of least privilege
Adopting a least privilege mindset, where privileges are only granted when required and approved, eliminates the chances for an attacker to compromise your network by targeting privileged account passwords. Enforce least privilege on end-user computers by keeping end-users configured to a default profile and automatically elevating their privilege to run only approved and trusted applications.
For IT Admin privileged accounts, control access to the accounts and implement super-user privilege management for Windows and Mac and Linux systems to prevent attackers from running malicious applications, remote access tools and commands.
5. Strengthen identity access management
The traditional security perimeter is proving that it’s no longer an effective cyber security control, and fast growing technologies like Cloud and Mobile make the boundaries of an organization blurry. For many years organizations have protected their valuable and sensitive information by building a fence around those assets, and all the data that flowed in and out of that organization was either via a single internet access point or on physical gear. This meant that a traditional perimeter was an effective measure because the boundaries were known.
In today’s world, organizations can no longer rely on the traditional security perimeter as the only cyber security measure. It’s important that the new security perimeter lies with the identity and access of the employee and in particular the source code the developers may be bringing into the organization. This is the new and next generation security perimeter that can be effective in a world where systems and data can be located anywhere and be accessed at anytime as long as the source code, identity, and access can be validated and trusted.
6. Get your security metrics figured out
It’s difficult to measure cyber security risk for many organizations, and this has put the CISO in a tough situation. They have to know how to show business value even when it’s not easy to measure. Metrics are king, and without an effective measurement framework, you are shooting blind. While cyber security is a growing topic in the boardroom, the education of the boardroom needs to continue on the business impact of cyber security, clear metrics, and a clear incident response and recovery plan.
Cyber metrics are not just good security, they’re good business.
7. Manage privileged access to systems
Privileged accounts are the top target of any attacker to gain access and move anywhere within a network. First, attackers gain a foothold in the network by any means possible, often through exploiting an end-user device via simple social engineering (a confidence trick), then working to elevate their privileges by compromising a privileged account, which allows attackers to operate on a network as if they are a trusted user. It’s crucial to control and monitor the use of privileged accounts within your organization.
This should be a top priority for all companies in 2018: to gain control of these privileged and sensitive accounts. This will reduce privilege abuse from both insiders and make it more difficult for external hackers to compromise these accounts.
8. Ensure multi-factor authentication is in place
Migrate away from SMS-based authentication.
It’s broken.
The service providers are weak at best at ensuring I can’t call in and take over your phone number with a few simple pieces of personal information. Invest in proven solutions like multi-factor authentication (MFA). If it’s available, use it. If it’s not, make sure you understand what data you’re sharing because MFA is a base-level security practice now. Have a look at hardware-based MFA as well as providers like Google.
Many are really making strides in this space. Make sure you enable alerts and notifications on your accounts so you’re warned about any suspicious activity. Multi-factor authentication is an essential technique to make it more challenging for an attacker to compromise an account. It also allows a company to establish a level of trust between the user and system, and challenges the user when suspicious activity occurs.
9. Correlate, monitor and audit security logs
An important area in which many companies are not doing well is the collecting of essential security and audit logs, especially when performing evidence gathering or digital forensics. This data is vital to determine what, how and when incidents occur and without this vital information the root cause analysis typical becomes an assumption.
An effective security countermeasure is to correlate and monitor security and audit logs. With GDPR coming in May 2018, logging everything is more important than ever. Look at SIEM type systems to help with the filtering and aggregation of logs and events in the space; a number of affordable SaaS-based products are surfacing. This could help a company reduce the impact from cyber attacks by finding and eliminating them earlier on.
10. Prepare and implement a vulnerability disclosure process
Don’t hide customer breaches, like Uber did. It’s extremely important that when the inevitable occurs, your company is prepared and has planned how to respond should you find out you have experienced a breach. The way companies respond to breaches really determines how well and quickly they recover.
Your brand is on the line.
An effective incident response plan can make all the difference, and should cover how to deal with the incident, who needs to be involved and when, the role of the CEO, Legal, PR and IT Security, how to inform impacted customers, and ultimately how to recover and restore services.
Remember, GDPR mandates a 72 hour response time so having a plan is more critical than ever.
Stay tuned for more updates on security in the cloud by following me or get on Twitter to stay up to date.