It is difficult to put a proper estimate on the cost of cybersecurity breaches. Several studies put the current value of cyber breaches at around $6 trillion per year and are expected to grow to more than $10T annually by 2025. This is a moving target based on the breached systems and the industry. Given the high number of attacks and attempts, Cybersecurity is vital for every organization irrespective of business function and size. Here are 10 key focus areas every organization would need to follow to develop an agile security posture. This list is in no way complete; however, it is a started checklist to validate the essentials.
- Developing a Cybersecurity aware culture. Roll out Cybersecurity training for all employees to shield enterprises from phishing and ransomware. Cultural leadership - Executive ownership in cybersecurity initiatives, Micro events to improve cybersecurity awareness, leverage digital signage. Get creative and start internal bug bounty programs, cybersecurity slogans.
- Socialize policies procedures and deploy technical expertise to evaluate third party software for known vulnerable codes (open source/freeware/shareware). A comprehensive program to maintain the software currency and patch management along with a proven plan for deploying high rated security updates.
- Supply chain cybersecurity assessment before permitting any network connection. Ensure proper controls for all existing vendor access to the enterprise network.
- Measure risks (uncertainty and exposure) qualitatively and quantitatively using an industry-specific standard cybersecurity framework. Invest in transferring risks leveraging cybersecurity insurance and security vendor contracts.
- Cybersecurity event response plan, runbook to handle different aspects, incident response, diagnostics, forensics, corporate communication. Test the runbook using trial runs periodically to improve the process, people, and tools continuously.
- Invest in “defence in depth” model, firewall, disabling root\login access, MFA, Passphrase, instead of a password, access management, auditing, SOCs (With DR).
- Anomaly detection -Setting a baseline for all IT system usage - CPU, Memory, Network, Storage and have industry standard SIEM tools to alert any deviation from BAU baseline.
- Cybersecurity as a System – Prevention, detection and response. Implement an effective patching process and measure patching metrics, and fine-tune them for improvements.
- Clear disclaimer to employees educating the critical nature of the intellectual property and system use. Focus on Enterprise security all while balancing employee privacy.
- Improve the security posture by conducting cybersecurity penetration testing, access reviews, and always using the least privileged access model. Internal Network segmentation and blocking traffic with systems that do not have a requirement to communicate. Network access control products to protect from internal threats.
Summary: In short, a good defence makes for a good offence. Threat vector mitigation and containment are key. These basics will help organizations strengthen their security posture and reducing the attack surface while maturing to more advanced threat detection leveraging AI and machine learning.
Originally posted at: https://www.linkedin.com/pulse/10-commandments-cybersecurity-work-kitson-pereira/
About the Author
Information Technology Director at MetLife - Focused on on providing the best end user experience securely.
- Blog2022.05.02Lupo - Malware IOC Extractor and Debugging module for Malware Analysis Automation
- Blog2022.05.02DDexec - a technique to run binaries filelessly and stealthily on Linux using dd to replace the shell with another process
- Blog2022.04.28ADReaper - A fast enumeration tool for Windows Active Directory Pentesting written in Go
- Blog2022.04.27Shhhloader - SysWhispers Shellcode Loader