The importance of network security and its early undertaking is something most businesses are aware of. Yet, what is often dismissed is the fact that maintaining a cyber security infrastructure is an ongoing responsibility.
Benefits are both immediate and long term. But only if defence systems and practices are continually evolving as threats are. Your organisation becomes at risk once a point of complacency is settled on. Relying on an outdated cyber security infrastructure leaves you unable to address concerns before they become crises.
This is particularly paramount, as small and medium sized businesses have some shortcomings which make them ideal targets for cyber-crime. Many haven’t done a risk assessment to identify possible points of attack and take stock of what assets can be exploited. Web domains, PCs, company secrets, login credentials, etc. may go unprotected in comparison to corporate counterparts.
Employees often choose weak passwords to make their jobs easier or share login credentials. Also, backup procedures may not be in place or implemented regularly, and security policies or education programs may not be invested in.
Smaller businesses may not see themselves as ‘worth’ hacking, but targeted attacks are increasing against SMEs. The following are some important cyber hygiene considerations for now and the future.
The importance of updates
Antivirus software, for example, is a common component of a security plan, but unfortunately it automatically outdates itself. Thus contributing to the obsolete softwares that are responsible for the 9.3 per cent malware infections of non-domain computers.
Fortunately, the false sense of security that comes from running expired software is a very straight-forward problem to fix. Some updates can be loaded to a central console and set to sync to the definitions server automatically. If dealing with computers that have applications preventing changes such as public browsing terminals, machines must be unfrozen and updated individually.
Even though it is a time consuming task, do not let this preside over crucial maintenance.You can easily budget for the time and regularly schedule the work. And while it is not enough to use SIEM alone, applications defending the perimeter of your network by scanning for threats that fit its stored list of definitions is still a valid tactic. It’s known that they are good at deflecting many known bots and known threats, but only if software is updated.
Employee buy-in is essential
Network security is not only a matter of an organisation’s software, but users also play an important role in keeping the business secure. Email servers can be a floodgate for trouble if not managed properly. Malware is often the first step in a hacker’s plan in getting a foothold into a victim’s network, for example through phishing.
Once an initial error has occurred, the whole system is compromised. To prevent this, it must be ensured that employees are using secure email servers with strong password settings. But most importantly, a culture of encouraging personal responsibility for individual email accounts should be a priority. As well as implementing protocols for evaluating unusual emails and rules against account sharing should be consistently enforced.
Overall, outdated cybersecurity infrastructure can be prevented by continually evaluating your strategy and practices. The questions you should constantly ask about should be:
- Have new elements been added to the network?
- How much are you using your threat intelligence platform?
- Does your configuration account for mobile user created traffic?
- Are your most sacred files secure?
- Are permissions current?
- Are employee credentials of ex-employees properly managed?
Tools your business needs
Threat intelligence software uses complex means to gather and make sense of online traffic in anticipation of an attack. These programs begin by cataloguing information about the identities, motivations, characteristics, and methods of attackers. This knowledge is put in context against real-time activity to identify invasive behaviour with evidence-based knowledge.
Customisation is also possible, tailoring tools to suit your network, as threat alerts should be informative, not just alarming. For example, enabling you to discover whether your data is the object of someone’s desire or if your network was simply unlucky.
Improving cyber security skills
On top of what is mentioned above, up to half of enterprises have encountered the issue of outdated cybersecurity education. Old information about hacker tactics are as useless as outdated virus definitions. Training sessions, presentations, and meetings are a waste of effort if they are being run on archaic and inaccurate information, and missing key topics.
Shockingly, only 46 per cent of employers offer more education than a one-time refresher course. This is not adequate. Employees need continual ongoing education. On top of renewing enthusiasm, attending conferences – allow security pros to immerse themselves.
Organisations can easily obtain a deeper understanding of new threats and ways to combat them by participating in workshops, white-papers and webinars. Consistent awareness is gained through following cybersecurity blogs and reading trade publications. Additionally, you should take advantage of any security vendor partners, learn how to get the most out of your tools and request as much expertise from them as possible.
Making a case for starting an education program should not be a hard sell since the stakes are high enough. There is plenty of evidence that suggests that preventing ignorance-based vulnerabilities is a wise risk management strategy. If user education is not deemed important, consider how expensive resolving a hack is, and not to mention how it could permanently take your business out of the game.
Like maintaining a house, your cyber security infrastructure is an ongoing responsibility and it is best to be proactive about keeping everything in good working order. If there is a possibility of a vulnerability or a threat actor, address concerns before they become crises.
It is paramount that you understand the security posture of your organisation. Security has to become a key differentiator for your business. It can be the distinction between winning and losing a competitive contract for services, or limiting brand damage from a data breach.
Travis Farral is director of security strategy at Anomali.