Managing security in the face of cyberattacks has never been easier. Security teams are striving to put countermeasures to protect their networks and remote workforces on a budget. This has led to a mad scramble over the last few months, where IT teams of companies worldwide have been shoring up defenses to cope with the sudden influx of remote workers.Â
Companies are now supporting a much larger tech stack with endpoints and applications connected to the cloud. Leaks are springing up everywhere, while security teams only have so many fingers to plug the dam that is threatening to burst.Â
Now is the time for security teams to start to shift their focus from fire fighting to more long term planning. The biggest problem with firefighting is that there are already flames which need to be put out. In other words, there has already been a security breach of some sort and that breach has to be dealt with and any damage identified, sorted out and fixed. This takes a lot of time and effort to fix. If security teams focus more on fire prevention rather than fire fighting then there will be far less security breaches happening.Â
Here’s the stark truth — security is not a set and forget part of the IT industry. What people can think up in terms of increasing security, people of bad intent can hamper your security efforts. It is a never-ending war which ebbs one way and then the other depending on how vigilant or tenacious either party is.
With all that being said, there are some ground rules which do need to be followed in order for any network security to be effective.
Learn More: Data Security is Imperative Even for Companies That Never Considered it Before
Cybersecurity in the New World: Get Started With 5 Best PracticesÂ
1. Log monitoring can uncover the growing threat of Shadow ITÂ
The number one ground rule I have found to be most effective is to log everything. Everything which can possibly be logged should be logged. Don’t just log things and rely on the automated alarms to notify you of a breach either. Those alarms, while helpful for known attempts and common security problems they don’t catch everything. You have to go through the logs yourself. This is a real boring and yawn inducing part of security but it is necessary. This is from personal experience. I was going through the logs of our network traffic and noticed quite a few connections to a competitor’s domain name. This wouldn’t have been picked up by an automated alarm. Something about those connections piqued my interest. Looking deeper, it appeared that they were connections to the competitors mail system.Â
This started an active investigation where I found out that a previous employee of the competitors who was now working for our company was tapping into the personal email account of the CEO of the competitor company and using the information that was found there to make themselves look good at our company.Â
The real kicker is that person was the director of the IT department. In other words, my boss. The actions were duly reported and to make a long story short this person was eventually escorted off the property by police and charged.
2. Avoid a swiss cheese of security failures by keeping your business compliant
There are certain security standards which are determined by the industry in general and by the company themselves, depending on what products are produced. However, they are there for a reason and are created to increase security. However, with humans being the weak link in the cybersecurity chain, it is a never-ending battle to keep things compliant.Â
The standards are continually changing, but then, so are the types of attacks. People may grumble and complain and possibly even outright refuse to comply, so it is important to have the top down support for ensuring compliance. Otherwise, your security is just so much swiss cheese.Â
If you are unsure of the meaning of top down support, it is the need to have everyone from the owner or board members down to the department managers willing and able to support the company security policies. This is often the hardest task to achieve.
Learn More: Email Is the #1 Attack Vector: Is Your Solution Good Enough?
3. Keep incident response playbook ready if hackers come callingÂ
The thing about security is it is never a matter of if a security breach happens it is a matter of when. No matter how smart you think you are there is always someone smarter than you and if that person has a malicious intent then they will breach your security. So it is important to have a list of actions that need to be followed in the event of a security breach. A playbook, so to speak. This playbook should follow some basic principles at least.Â
Some of those principles are to log, identify, and determine the extent and duration of the breach. Has data been stolen and files transferred (here is the importance of logging everything)? Has anything been left behind to enable future breaches such as back doors? Has the breach been propagated into the backup system? For legal reasons, is a chain of authentication for evidence protection being followed? What is the chain of authentication for evidence protection? Who needs to be notified and when? All of these things and others need to be written down and kept up to date (part of keeping things compliant).
4. Build cybersecurity training programs tailored to the targeted audience
Of course, having everything compliant, keeping copious logs, and a well-written playbook is of no use if nobody knows about it. That is why one of the most effective weapons for keeping security up is training and education. People cannot protect against something they don’t know about. Ensure that everyone, not just the security staff is regularly trained in security practices. Naturally that training needs to be tailored to the targeted audience. For example, Johnny from accounting doesn’t need to know advanced networking 101, but Steve of IT operations does.Â
Even business partners need to be educated so they can comply with your companies security policies. So make sure that the security people are kept up to date with the latest intrusion techniques so they can better protect against those techniques.
5. Keep software updated with patch management tools
Finally, and this shouldn’t need to be said, make sure everything is kept up to date. Bugs are found in software all the time and patches are released to fix them. It is those unpatched systems which malicious people are looking for as it makes any security procedures moot. Not just for the operating systems either, any and all software used on the network needs to be kept up to date. To prevent any catastrophes, it is best to test those patches on a test system first before installing them on live machines. Speaking of machines, while they may be still working well, they can also have firmware bugs as well. Those should be either patched or if that is not possible, the machines should be replaced.
Learn More: Endpoint Protection Can Secure Agile Workforce: Adaptiva CEO
Finally, Get Smarter Than Hackers Â
The malicious attempts of yesteryear are far different from what they are today and will be different again in the future as computing technology evolves. It used to be that malicious programs were spread via offline media such as floppy disks, now malicious programs are being spread via the internet. While older style malicious programs were kept as separate entities patched into existing executables the newer style uses tricks to hide themselves from the operating system and scanning programs.Â
The goals of malicious programs have also changed. While they were more concerned with superficial damage before, these days it is all about trying to steal information or encrypt the information to hold it as a ransom. In the future, as online and remote working evolves so will the malicious entities. Perhaps they may turn to communication disruption or real-time identity theft? It is important to keep up with the trends and try to predict how things are turning out so you can better prepare for any new security breaching attempts to come.
Let us know if you liked this story on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!