Mastering the fundamentals: Safeguarding organizations in the face of evolving security threats
In today’s digital age, cybersecurity plays a crucial role in running a business on any scale. However, despite the constant threat of attacks, many businesses don’t properly consider their security system and protocols until it’s too late. Many adopt sufficient security measures only after a breach occurs. With phishing attacks growing more sophisticated and more accessible for lower skilled hackers, it is essential for businesses to implement robust security measures around their valuable data and sensitive information. While some may not know where to start, this blog will discuss how an understanding of the cybersecurity basics can prove invaluable.
(Image credit: Lexmark)
Security fundamentals: The foundation of protection
According to the Verizon DBIR, the three primary ways an attacker gains access to an organisation is stolen credentials, phishing and exploiting vulnerabilities. So, when it comes to cybersecurity, really it comes down to mastering the fundamentals. There isn’t one silver bullet that can protect your organization from every kind of cyberattack. In fact, many smaller measures can all contribute to a comprehensive security barrier around all areas of the business. There are six key areas to effectively safeguard a business from cybercrime:
1. Configuration standards
Enforcing strict configuration standards throughout the entire operation will guarantee the organization a baseline level of security. This means all systems, devices and applications within the company infrastructure are maintained in line with security guidelines and best practices – the Center for Internet Security (CIS) benchmarks, for example, have recommended configurations for all major systems and operating systems. Uniformity ensures no leaks can sink your ship. Regular compliance checks are a sure way to consistently maintain this baseline of security.
2. Patch management
Outdated applications or software can lead to security vulnerabilities, so it’s always a best practice to regularly patch all systems to prevent possible vulnerabilities. These installs can be pushed out from a centralized point and completed in the background to prevent any disruption to work. For organizations with a remote workforce, patch management and configuration can be a challenge due to traditional management systems requiring devices to be connected to the corporate network. However, organizations can adopt cloud brand asset management solutions to address the modern remote workforce.
3. Securing identities
Providing two or more pieces of evidence through Multi-factor authentication (MFA) including passwords, pins, and security questions, to authenticate users within the organization’s digital system is crucial in today’s environment to ensure people are who they say they are. However, modern attackers are nonetheless replicating company login screens, which can cause staff to inadvertently offer up their account details. Considering the threat of these advanced phishing tactics, companies should be employing more advanced MFA methods. For example, FIDO keys are physical devices which can be used to verify a user’s identity. By opting for a physical device rather than purely digital verification, you gain an extra layer of security which is harder for attackers to imitate.
(Image credit: Lexmark)
4. Security monitoring
A system of security monitoring operating 24/7 through a dedicated security operations team. This team relies on monitoring tools and automated detection to find potential threats before they can break through. Although these tools can do the heavy lifting, this team still requires trained professionals who can either act, adjust or redirect. Not every alarm is a threat, and not every threat will set off an alarm.
5. User awareness training
Workers are the soft targets for any cyberattack. One errant click on a malicious link or attachment can spiral into an entire corporate system getting taken down. This is why employees are a necessary part of defense. Security awareness training needs to be regular and personalized. Threats experienced by the finance team will be different to the threats in the sales team, all of which can have devastating impacts on the business. However, by personalizing and contextualizing the risks for each area of the business, employees are able to develop stronger awareness. It also helps to familiarize the users with the security team, so they know who to contact if there is a concern.
6. Responding to incidents
When incidents do occur despite proactive approaches to cybersecurity, the organization must employ a protocol to protect the system from further infiltration. This should involve immediate account access revocation, a password and MFA reset, and a reimaging of the user’s workstation to eliminate any potential ongoing threats. There is only so much prevention and strategy can do when it comes to security, and ensuring a water-tight protocol to follow post-breach is just as important as all the measures discussed previously.
As threats evolve, organizations must remain vigilant and constantly adapt their security measures. Phishing-as-a-service platforms – provided by the likes of Evil Proxy and Caffeine – have become extremely sophisticated, calling for consistent serious consideration of security by any organization. While no system is foolproof, a proactive approach involving all five elements will be essential to organizations ensuring business continuity and success.
By Bryan Willett, Chief Information Security Officer at Lexmark