A two part look at the most important steps organizations can take to guard against cyber threats
With the current highly-publicized nature of data breaches, it’s easier than ever for executives and risk auditors to understand the serious financial and reputational damage caused as a direct result of cyber attacks. What isn’t so publicized is the security risk management, defense and mitigation strategies that breached companies may or may not have implemented prior to their breach.
We’ve broken all this information down into six key steps for building a sound cyber defense strategy. You may have all of these covered and if so, consider your company in good shape as far as cyber defense is concerned. Otherwise, you may need to take action in order to avoid some potentially sobering future lessons.
Good defense strategies begin with a “know thyself” mentality. According to the SANS Institute Critical Security Controls for providers, the first step in building an effective cyber defense strategy is to gather an inventory of authorized and unauthorized devices and software. This includes classifying critical assets, infrastructure, data and processes. Knowing what to defend is paramount to a successful strategy. Service providers or professional services contractors will also need this information when they deploy or configure any security products. Simply telling your security contractor, provider or employees to protect all assets is counter-productive, unless you have unlimited budget and resources. Priorities must be chosen. After classifying assets and applications, an organization can effectively begin to protect those assets and the data stored on them.
It’s easy to get caught up in vulnerabilities, patches and security operations and overlook an important part of evaluating risk—modelling possible threats. Perhaps a company is prepared for external attacks and internal network abuse by employees, but fails to consider what might happen during a system failure. Natural disasters can cause the company to switch to a disaster recovery site which may have fewer security precautions in place. It’s important to understand all areas that could be vulnerable to attack, what an attackers’ likely goals will be, and which of your assets will be harmed in the fallout. Good questions to ask your technical teams include:
- What effect would various natural disasters have for our datacenters?
- Are there any single points of failure that might halt business continuity in the event of a natural disaster?
- What happens when critical device x, y or z fails? Will it fail gracefully, or will it affect business continuity?
- What constitutes (or should constitute) abuse of company computing resources?
- What ramifications are possible when a user or IT employee makes a costly mistake?
- What types of malicious actors target our business sector?
- What types of mass external attacks would affect business continuity, whether immediate, long-term or indirect?
Attackers gravitate to devices and systems that are left on default or near-to-default settings. When an attacker is “inside” they will start changing the way systems operate to their benefit. Good configuration management thwarts these security holes and enable breaches to be detected sooner. Take a moment and consider what type of configuration management controls are implemented for your systems and network devices.
Not only does an organization need to be implementing secure configurations utilizing built-in security measures, but auditing those configurations regularly. In addition to secure configuration and auditing, it’s important to have a set hierarchical method of approving configuration changes. Having oversight over configuration changes, records of configuration changes and audits of the effectiveness of any given configuration can help prevent costly configuration mistakes and reduce the chance of insider threats.
We’ve talked about the first three steps in building a cyber defense strategy: clarifying assets, defining threats, and configuration management. Next up, we will consider access controls and network design—how they can be used to control a potential attacker’s movement in the event they breach a defensive wall. Be sure to check out the next installment for more actionable cyber defense strategy steps and to find out why audit logs are vital when it comes to both pre- and post-attack planning.