Cybersecurity threats present a growing and dynamic challenge for businesses of all sizes. Unfortunately, they are commonplace occurrences. As CyberArk notes, 93% of organizations had two or more identity-related breaches in the past year. Threats organizations face may range from headline-grabbing data breaches to malware, downtime, and the loss of operational efficiency. In this blog, we'll discuss four ways to help improve an organization's cybersecurity posture.
Implementing cybersecurity practices often presents distinct resource and organizational challenges. These challenges grow with the business's changing size and complexity. The following steps may help companies improve their cybersecurity practices and achieve a new level of security readiness.
1. Establish a Training Policy
Though it tends to be the least popular, providing knowledge-based information/training isn't just an item to check on an annual list.
Periodic training of all employees on cybersecurity threats and practices is an essential step to security readiness. This step may require establishing and disseminating a baseline level of cybersecurity knowledge within your organization. Relevant and up-to-date training content can only take employees so far.
The main element lost in cybersecurity training is often the people. This year's Verizon Data Breach Investigations Report shows that 68% of breaches involve the human element, and 28% account for general error—more than doubling the number of breaches resulting from ransomware and malicious activities.
Educate Employees at All Levels
Testing all employees with "phishing" emails from IT/Security:
- Phishing emails often compel an employee to perform an action that may endanger an organization's security.
- Send fake phishing emails to select employees.
- The results of the employee interaction should be confidential.
- Provide aggregated and anonymous results to steer security awareness at all levels (company-wide, all-hands, etc.).
Another approach is to have employees engage in "social engineering" encounters:
- Each individual's access to physical or software systems is an exploitable point of failure.
- Challenge employees with requests from unverified sources for information or access that is restricted.
- Challenge employees with scenarios such as a person with crutches asking someone to 'badge' them into a building or area.
- Provide results to raise awareness at the intersections of the human element of cyber and physical security.
Another way to reinforce any training is to ensure that cybersecurity framework concepts become an organic part of frequent actions and collective decisions. Working with IT or those in IT security can keep best practices in mind and can ensure that positive reinforcement of cybersecurity best practices surrounds employees at all levels.
The following activities can help to reinforce good cybersecurity hygiene:
- Reinforce device "locking" when employees are away or a device is not in use:
- Locking a computer or device restricts unwanted physical access to local and network resources.
- Users are required to identify and authenticate themselves before continuing usage of local or network resources.
- Seeing other locked devices around them should reinforce this behavior at all levels.
- Use positive peer pressure to remind colleagues when their devices may not be secured.
- Reinforce identification for access to restricted physical or digital resources:
- Ensure that everyone understands that it may not be security-friendly to 'hold the door' for others to a building or restricted physical areas.
- Do not encourage the sharing of credentials or the shared use of devices.
- Reinforce authorization for access to restricted physical or digital resources:
- Ensure that employees check with the proper point of contact (manager, etc.) even when credible requests are received for sensitive information.
- Even a routine request from a known vendor or other entity should be confirmed when that request may require access to restricted or sensitive information.
2. Defining Policy
Establishing clear steps for all employees when responding to a security incident is of utmost importance, though even with proper training, the inevitable security incident may occur. Depending upon the nature of one's business, training may already cover the processes to follow in the event of a security incident. Regardless of whether these steps are directly covered, all employees must know whom to contact and what information to provide.
- Establish security contacts within each organizational group to facilitate the response to an incident:
- Security contacts spread across the organization facilitates a horizontal sharing of information.
- Security contacts encourage reporting security incidents right at the time they are discovered.
- Security contacts may be able to respond to an incident locally, which may improve response time and security incident outcomes.
- Establish a clear process for both security contacts and the incident reporter:
- Did the user click something in a suspicious email?
- Was an unauthorized device connected to a secure network?
- Is the issue related to unauthorized software or malware?
- The reporter of the incident should know whom to contact and in what time frame.
- The point of contact should know their next steps and the information that should be documented.
- The next steps in the response chain will benefit from everyone knowing what must be done when an incident is identified.
- Make reporting a security incident a positive activity within the organization.
- Internal points of contact will coordinate as necessary to communicate with outside organizations.
- A specific point of contact should handle communication with outside organizations to respond to a security incident.
3. Automating Cyber Hygiene
Cyber hygiene is a growing set of best practices for maintaining an organization's overall cybersecurity health. While training employees on cybersecurity is necessary, automating best practices makes it even easier to experience positive outcomes.
Here are a few basics to automate that can take the guesswork out of security:
- Strong passwords (typically, this means longer)
- National Institute for Standards and Technology (NIST) SP 800-63-3
- Enterprise Password Manager
- Multi-Factor Authentication
- Something you know (password)
- Something you have (2nd factor)
- Automated Phishing Detection
- Mark emails as suspicious or take other actions automatically.
- Automated Endpoint Encryption
- Make encryption of devices automatic for employees.
- Automated Software Updates
- Ensure that updating and patching critical software is automatic and routine, eliminating the need for user initiation.
Inventory/Categorize Risks
Each device, software, and system within an organization represents a potential security risk. An endpoint may be used in an unauthorized manner, or a piece of critical software may have unpatched vulnerabilities. Being positioned to respond to a security incident is helped by maintaining a regular security inventory of your systems.
The following guidelines may assist you in creating an inventory and risk process:
- Maintain a regularly updated information systems inventory.
- Audit your organization's devices, systems, and software.
- Document the internal or external systems with which they interact.
- Maintain security incident response plans.
- Implement security policies.
- Use the audit to request a risk assessment or perform one within your organization.
- Perform a tiered risk assessment via the NIST Risk Management Framework.
- Validate current security controls.
- Determine if new security controls are necessary.
- Continuously monitor for change.
4. Monitoring Third Parties
Preventing unwanted change via real-time monitoring is truly the end goal of cybersecurity and cyber hygiene practices. Vendor risk management is often overlooked and should be included in these practices. Utilizing next-generation file and system integrity monitoring software ensures the availability and integrity of your critical IT assets by instantly detecting all changes to your applications and infrastructure.
When a change is detected, a file and system integrity monitoring solution should capture this chance at the exact moment it occurs and provide a detailed audit trail of the incident, including:
- Who made the change
- What was changed
- When the change took place
- Where the change was made
- How the change was made
Ensure your systems are performing as expected and secure. Learn more about CimTrak today.
