Posted by Hal Overman + Joe Vigorito on Mar 28, 2019 10:00:00 AM
In the first and second parts of this blog series, we shared the importance of focusing on the basics in cybersecurity and shared some tips for how to get started. Let’s wrap up by sharing some additional considerations you should address as you get started on your path to a more secure enterprise.
Imagine a customer who is short on the basics, but does have a “named product,” like an SIEM solution, a logging analytics product, or behavioral analytics looking at the north-south and east-west traffic. They may also have full compliance testing for something like PCI or HIPAA (note that compliance doesn't mean secure).
What good is the SIEM if "cybersecurity 101" hasn't been addressed? History shows properly set-up and monitored log collection solutions are great at discovering incidents, but not so good at preventing or discovering breaches. Again, consider the humans. Not many tools offer full automation that bypasses the need for trained staff to be watching, and those that do often have complex rule bases that still require lots of human intervention.
At ConvergeOne, do we want customers to consider technology in their cybersecurity strategy? Sure, there are some fantastic tools out there—but hold on. First, there are some additional basics to consider:
- Have a patch management approach for Microsoft, Linux, and third-party applications regularly (Java is a fun one!)
- Remove all admin rights from endpoints or use a Privileged Access Management tool to control them
- Install a Web Application Firewall with DDoS mitigation capability. Web server attacks are the fastest growing attack vector.
- Have good asset management (no, Excel is not going to cut it for the enterprise). Remember, a good attacker does a lot of reconnaissance first. Without up-to-date, accurate asset management, there will be the assets you think you have and the assets the attacker knows you have. They may not be the same.
- Use an email filtering product, as there are several good ones in the marketplace
- Lock down removable media (USB drives are so tempting...) and use data loss prevention to protect against insider threats
- Put in a disaster recovery and business continuity plan and do a Business Impact Analysis on every application you run. Base your Recovery Time Objective (RTO) / Recovery Point Objective (RPO) on risk and the BIA results.
- Understand your obligations with your cloud vendors (read those contracts!), but also know that public cloud can give you a great “restart” on your cybersecurity program
- Have an incident response plan AND test it two ways: tabletop walkthroughs and a simulated test, in full, at least every other year
Those who have been in this game for the last several years know that the Pareto principle applies to cybersecurity: 80% of the effects come from 20% of the causes. Therefore, focus resources on that 20% by automating routine or repetitive tasks, and applying due care on those high and critical-risk areas, as determined by your risk assessment methods.
If your cybersecurity consultant is skipping past the basics, be concerned. Make sure they speak fluently about all pillars: people, process, policy, and technology. If every word from their mouth is a three- or four-letter acronym, be wary. Make sure you understand what they are saying. At ConvergeOne, we make simplicity a priority. If we cannot talk about cybersecurity in plain terms that any person can understand, we have no business speaking to you.
Finally, this sounds counterintuitive, but there are better ways to vet a partner than asking for cybersecurity references. No one ever gives out bad ones. Your consultant should have credibility with other services it offers, the conversations it is having, and the vendors it partners with. Doing a half-day workshop, a short assessment, or on a small introductory project is always a good way to determine if your potential partner is a good match for you.
Stay safe out there!
BUILDING HUMAN FIREWALLS:
10 STEPS TO CYBER AWARENESS
Tuesday, April 16th at 2:00 p.m. ET
Tim Femister, Senior Director, Cybersecurity + Multicloud
Joe Vigorito, Director, Information Security Consulting
The statistics are staggering: spear phishing accounts for 95% of enterprise network attacks, according to the SANS Institute. Since attackers can craft messages to your employees posing as a reputable contact, technology can only do so much. To effectively prevent your organization from falling victim to cyber attacks, it’s essential that your employees develop strong cyber instincts.
In this ConvergeOne webinar, Tim Femister and Joe Vigorito will outline 10 steps to creating a cyber aware culture within any organization. Attend the webinar to take the first step toward building a culture capable of effectively defending against modern threats.