Every breach over the years can be tied to one of the following 8 issues organizations have. These issues, however common they may be, can no longer be ignored. Organizations must solve for and resolve them in today’s cybersecurity-threat vulnerable world.
Common Issue #1: Security Culture
When more than half of all security incidents start with successful phishing attacks, it is paramount that employees in your organization understand their actions can impact the entire organization. You must get beyond a “Security is optional” approach and enforce accountability across the entire company. If you don’t create the right culture around security and get executive support, your security plan won’t be successful.
Common Issue #2: Password Management
It is so easy to just google default passwords these days and commonly used ones can be easily guessed by an attacker to gain access to critical systems and data. Take some steps to prevent this by changing default passwords asap, create complex password requirements for employees and use multi-factor authentication.
Common Issue #3: Asset Visibility and Configuration Management
New applications or new VMs introduced into environments could present an undetected security threat or vulnerability and security isn’t thought about until post implementation. Often times people believe hardening is an impossible process and they don’t know where to start. First, know what you have including hardware, operating systems and applications. There are several tools that can scan your environment to start the discovery process. Secondly, research the vendor sites for hardening guides. Once the guides are found, publish and share them with individuals who are accountable, either by incorporating a checklist into builds, creating a secure and hardened image that is continuously kept updated or build in hardening automation.
Common Issue #4: Protecting Only at the Perimeter
You can’t just monitor external activity. Internal attacks can go undetected by standard perimeter IDPS tools meanwhile employees may be accidentally accessing a malicious site or open a file attachment undetected from common security toolsets. Changing your procedures to incorporate the monitoring of internal traffic behaviors and actions can help you understand the immediate threat landscape.
Common Issue #5: Architecture
Legacy flat networks expand the threat vector and increase compliance scoping and costs related to securing and accessing an organization’s most critical data. Here are some best practice do’s and don’ts:
- Don’t use permissive firewall rules so as to prevent potential security risks
- Do invest the time and money to re-evaluate architecture with assumptions that the DMZ/1st network layer is compromised
- Do restrict traffic based on server/app/port communication needs
Common Issue #6: Vulnerability Management
Vulnerability announcements continue to be a challenge to keep up with along with determining risk impact. Therefore you should inventory your assets and put a vulnerability management program in place. Companies are often writing vulnerability patching/fix timelines based on staffing and the time to allocate vs. remediation based on industry scoring. Companies do need to consider vulnerability management as a core maintenance function.
Common Issue #7: Security Toolset
Oftentimes investing in security is secondary for the business and/or deployed sporadically rather than holistically. You can’t expect one tool to do it all. Individual tools that detect, prevent, alert and remediate should be integrated into all environments, including SaaS. Furthermore, you can’t just install a tool agent and then restrict traffic or leave it unvalidated.
Common Issue #8: Security Staffing
Managing and monitoring your security toolset is critical but oftentimes is not completed due to staffing restraints. However, with new threats being announced daily that require reconnaissance and analysis, you must consider investing either internally, externally with a third-party security partner or both. You need experts on hand who can read and configure security tools properly and monitor activity continuously.
In summary, take the time to be secure and focus on the right problems facing your business.
- Stopping a project to protect the company is better than continuing a project without security considerations.
- Conduct a data discovery and understand where you most critical data resides. Not all protections should be created equally.
- Understand your biggest threats and impact to the business and be prepared to discuss them.
- Destroy data you no longer need, take the time to scope your environment and reduce the footprint. Efficiency and cost justification will be a determining factor.
