How To Prepare For & Prevent Cyber Incidents
According to the Ponemon Institute, 1 in 3 organization does not have the capabilities required to fend off a cyber attack leading to a data breach. Following the “an ounce of prevention is worth a pound of cure” spirit, here are 5 quick tips to help get ahead of malicious intruders.
This article is based on the “Preventing Incident” part of the NIST Computer Security Incident Handling Guide.
Today, cyber intrusions resulting in data breaches cause enormous financial and reputational harm to even some of the biggest companies worldwide. For this reason, being cyber-aware, prepared, and ready to counter is no longer just an option, but a necessity for all businesses.
Gone are the days laid back, playing chess, waiting for something to happen. In the Incident Response field, it’s time to be PROACTIVE!
While Incident Handling and Response teams are a crucial addition to the company should an intrusion happen, IT Security teams should prepare to prevent such events from happening in the first place.
Here are some of the main recommended practices for securing networks, systems, and applications:
Periodic risk assessments of systems and applications should determine what risks are posed by combinations of threats and vulnerabilities.
This should include understanding the applicable threats, including organization-specific threats. Each risk should be prioritized, and the risks can be mitigated, transferred, or accepted until a reasonable overall level of risk is reached.
Another benefit of conducting risk assessments regularly is that critical resources are identified, allowing staff to emphasize monitoring and response activities for those resources.
All hosts should be hardened appropriately using standard configurations. In addition to keeping each host properly patched, hosts should be configured to follow the principle of least privilege—granting users only the privileges necessary for performing their authorized tasks. Hosts should have auditing enabled and should log significant security-related events.
The security of hosts and their configurations should be continuously monitored. Many organizations use Security Content Automation Protocol (SCAP) expressed operating system and application configuration checklists to assist in securing hosts consistently and effectively.
The network perimeter should be configured to deny all activity that is not expressly permitted. This includes securing all connection points, such as virtual private networks (VPNs) and dedicated connections to other organizations.
Software to detect and stop malware should be deployed throughout the organization. Malware protection should be deployed at the host level (e.g., server and workstation operating systems), the application server level (e.g., email server, web proxies), and the application client level (e.g., email clients, instant messaging clients).
User Awareness & Employee Training
Employees at all levels of the organization should be made aware of policies and procedures regarding appropriate use of networks, systems, and applications.
Applicable lessons learned from previous incidents should also be shared with users so they can see how their actions could affect the organization. Improving user awareness regarding incidents should reduce the frequency of incidents.
Moreover, IT Security staff should be trained so that they can maintain their networks, systems, and applications in accordance with the organization’s security standards, and stay up to date with the new security threats and techniques.
What are some of the measures that your company take to stay secure?
While performing weekly penetration tests of your network and web apps sounds like a safe way to keep all company data secure, it is not enough. In addition, let’s not forget that humans are usually the weak link in every organization! For this reason, it’s important that companies understand that there is no “one size fits all” solution to staying secure. In fact, it is a mix of many security measures from risk assessments, to thorough penetration tests, to proactive incident handling teams, to the education of all employees about cyber risks that participate in creating a secure organization.
Interested in learning the practical ways SOC Analysts and CSIRT Members can efficiently analyze, handle, and respond to security incidents? Discover our Incident Handling & Response Professional (IHRP) training course as we launched it live on March 26.
Connect with us on Social Media: