Now that we’ve made the case for educating the people and preparing the organization for an intrusion, now it’s time for part three.
Ready?
Best practices. Who’s and what are these best practices? More importantly, if you know of these best practices, are they in place within your organization?
Lower The Threshold For Threat And Information Sharing
Sharing is caring, right? Or at least this is what most adults have been taught since a young age. The same has had a positive ripple through the data security profession.
Sharing threat information can help organizations access data that they would otherwise be unable to obtain. Working together, organizations can improve their security posture by taking advantage of their partners’ expertise, experience, and capabilities. This proactive approach can help keep everyone safer.
To understand why let’s look at an example:
Pretend that you’re a financial services firm with thousands of clients. One of them calls you up and says they just got hit by a ransomware attack. The attacker has encrypted their data, demanding payment in bitcoin to get it back. You’ve never heard of this type of attack before, but luckily you have a good relationship with other financial firms that might have seen something like this before. You reach out and ask for help, sharing everything you know about the incident so far, including what happened, what was affected, who’s working on it, etc. The helpful network of professionals then shares some data from their own network that indicates they saw similar activity happening there as well.
Now both organizations are better prepared against future attacks like this one because they know how they work and how they spread; they also know what kind of damage they can cause.
Identifying Security-Critical Processes
In the event of a security breach, there are certain processes that must be maintained in order to keep essential services running. This list should be given the highest priority.
Each organization is going to have different security-critical processes but some of the more common ones are:
- Policy
- Awareness
- Access
- Monitoring
- Compliance
- Strategy
Developing And Regularly Testing Workarounds or Manual Controls
As hard as MDR or organizational analysts are working to keep bad actors out of company assets, these bad actors are working just as hard to get in. Bad actors are always looking for new ways to attack organizations through vulnerabilities.
When one door is shut, another ten open, which keeps analysts on their toes (and provides proof of how important these professionals are with the number of breaches they thwart on a daily basis).
This door could include phishing attacks or an employee clicking on bad links sent by email from a hacker (We’ve mentioned before that “People” and the “Human Error” are an organization’s biggest threat to security).
They know that if they find one weakness in infrastructure, then they have found their way inside your organization’s perimeter defenses and can begin their attack from there.
It’s important to assess the strength of a network to identify these vulnerabilities.
These assessments can include penetration testing, physical testing, system and network testing, and other facilities’ testing.
It is important for every organization to perform regular vulnerability assessments against its systems and applications, as well as perform penetration tests against its network perimeter defenses.
Ensuring Backup Procedures Are Implemented and Regularly Tested
Business owners should implement robust and effective data backup, disaster recovery, and business continuity plans just in case of a data breach or the organization gets locked out during a ransomware event.
Data backup for organizations should be done on a regular basis. By having procedures in place and regularly testing them, as well as isolating backups from network connections, IT departments and MDRs can help ensure data security.
If data is backed up on a regular basis and a data breach occurs, reinstating a backup is the first step an organization can launch after DFIR procedures have taken place in order to recover from a cyber attack.
Series Conclusion
This series is intended as an educational tool for businesses to get an idea of what needs to take place in order to help protect organizational assets from being breeched.
From people to process to technology, preparing for and mitigating potential cyber threats can be a heavy load to bear for any organization.
Shameless plug here, but that’s where augmenting an existing IT department’s personnel with a mature MDR like CyberMaxx can fill the talent gaps, potentially help companies save on cyber insurance premiums, and ultimately keep company assets from being harmed.
It’s not a matter of if, but when an attack will take place, and how often, because they rarely happen only once to an organization.
Being prepared and ready is important.
