Do Your Part, Be Cyber Smart: IT & Sec Teams
Cyber incidents and data breaches have become so normal that its importance and criticality is not hitting the main page on newspapers. However, in terms of regulatory fines and consequences for users, the real damage is impossible to measure.
Inside organisations, the responsibility of many of these incidents rely on Information Technology (IT) and Security teams, who are supposed to be in charge of making systems secure. Nevertheless, daily activities which include troubleshooting and fixing platforms for other consume most of their time.
On today’s post we will look into critical security controls, tools and ideas to reduce the surface attack and the likelihood of vulnerability exploitation.
- Network segregation:
- Vulnerability assessment processes can help you identify what kind of assets, and even information available on your servers. Start by evaluating your perimeter, and identifying all those legacy applications and servers long forgotten.
- Services that are not supposed to be available to the entire world (Internet), should be restricted.
- All banners and default configurations that could allow attackers to identify the version and vulnerabilities associated to it, should be disabled. Don’t make things easy for cyber criminals, as they may be more aware of your internet presence than yourself.
- Use search engines and automated tools to identify all the documents publicly available. These contain valuable metadata, and in some cases personally identifiable information.
- Where possible apply security patches and keep your systems up-to-date.
- Vulnerability assessment processes can help you identify what kind of assets, and even information available on your servers. Start by evaluating your perimeter, and identifying all those legacy applications and servers long forgotten.
- Security perimeter tools such as Firewall, Intrusion Detection/Prevention Systems (IDPS), logging and rate limiting systems are a good place to start. The main idea here, is to only allow what you servers, systems, applications and users are expecting, anything else could be malicious and/or used to abuse your storage and network capabilities.
- Access controls, segregation of duties and secure configurations that follow the “deny by default” principle should be enforced for all new systems. Of course, any systems already in place, should be evaluated against this, ensuring every user and application has access to only what they need (including the personal computers of all users within an organisation).
- Asset management and good documentation are key for all your systems, users and even their-party providers. Remember, that you cannot know about vulnerabilities, information leakage or data breaches of infrastructure you are not aware of. While this can be a very time consuming and quite monotonous activity, it’s important to have clear rules for everyone interacting with your organisation and within it.
In addition to the above, when trying to sell the idea of security controls, don’t go into so many technical details that people lose interest in the topic. Share statistics, risks and information about possible regulatory fines, share experiences from other companies that have already been victims of cyber attacks and data breaches. It’s always better to learn lessons from someone else’s mistakes, rather than your own… it also happens to be less expensive. ;)
Finally… do your part, share knowledge and educate everyone on the importance of cyber security. This can be as simple or as complicated as you want it to be, but no matter who you’re talking to, try to explain things in such a way that interest isn’t diminished and fear of the topic doesn’t cloud it’s significance.
Stay safe, eepica
P.S. The above is NOT a definitive list of controls, rather somewhere to start.