Security and company leaders have a difficult challenge when it comes to securing their organization and properly managing their risk. Here’s just a sampling of their challenges and what they face:
- An ever growing number of threats regardless of company size - many of which are human driven. Any company, whether they’re 6 months old or 60, faces the same attacks.
- The lack of expertise to set-up and operate a mature security program. For SME’s especially, it’s difficult to make the case for putting resources in a security department when rapid growth is what’s needed.
- No confidence in whether the tech they’ve put together can keep them safe. It’s hard to keep up with threats and even harder to keep up with all the solutions available. How can they be sure (and properly measure) their current tech is providing them with strong enough security?
- Information overload and FUD in the market. There’s an abundance of acronyms, new vendor tech, and over-marketing that makes it difficult to know what’s needed and what’s actually effective.
The complexity is compounded for smaller companies who have to allocate resources sparingly. What options do they have and how can they prioritize actions that will make them more secure?
We've put together a list of 5 cybersecurity must haves for any organization, regardless of their size or industry. This will help organizations build security capabilities across the kill chain so they’re protected at various steps within an attack, providing comprehensive and effective coverage.
Cybersecurity must-have #1: Environment Hardening
Before we focus on the attacks, let’s make sure the house is in order. This will increase the overall strength of your environment, no matter what attacks it faces. Here’s a quick checklist for ensuring your organization has some protection in place.
- Train your staff - They are the weakest link and a common target, especially for automated attacks. If you don’t train your employees to spot phishing, spam, or suspicious emails, how will they know what to do?
- Update your software - Turn on auto updates where you can and prioritize critical patches if there needs to be manual intervention. This will help you stay on top of vulnerabilities so you can react quickly if a zero-day exploit, like log4j, is discovered.
- Enable and test backups regularly - Make sure they’re available offline and aren’t connected to your main network. This will help you recover in the event of a ransomware attack or other compromise that can put your servers or data at risk.
- Enable two or multi-factor authentication (2FA or MFA) - Account compromise is still a common attack and passwords alone are hardly a robust defense. By enabling MFA or 2FA across as many accounts as you can, you’re protecting yourself against 100% of automated attacks.
These kinds of security controls and measures are effective against automated attacks as well as ransomware, which is the most prevalent and pervasive kind of attack currently out there. Not only has ransomware evolved in its tactics and execution, it’s getting into organizations in ways other than traditional email attacks.
Given how common these attacks are, it’s why we suggest taking the measures above to protect your organization to reduce the risk of a bad actor making their way into your network and getting that initial foothold.
Cybersecurity must-have #2: Advanced Email Protection
Email is an extremely common attack channel and is where most automated attacks occur, with estimates reporting that 91% of all cyber attacks are starting with phishing emails.
Email attacks also include spam, social engineering, and BEC (business email compromise) attacks, most of which target employees, who, if untrained, may download malicious attachments or click on links designed to steal information. Even worse, in the case of BEC attacks, they may lead to financial theft if the attack is successful.
Organizations need to put the right filters and monitoring tools in place that put in controls at multiple points across the kill chain. This includes:
- Having filters that prevent automated spam and email attacks from ever reaching your employees’ inboxes.
- Flagging risky or suspicious emails to employees so they can be more careful before clicking on links or downloading attachments.
- Preventing malicious attachments or links from executing macros (or similar executable files), downloading malware, or giving access to an unauthorized user.
Email attacks have become much more sophisticated and a single layer of protection isn’t enough.
Cybersecurity must-have #3: Endpoint Detection and Response (EDR)
Prevention is a good starting point but you also need to have response capabilities if attackers do get through (a very realistic occurrence).
An endpoint detection and response, or EDR solution, is the key enabler here. Not only will it alert you in the case of a compromise or breach, it can contain the affected endpoint to stop the spread or block certain malicious files from executing.
EDRs are especially important these days as organizations’ architecture have changed dramatically over the last several years as a result of digital transformation. Traditional protection tools don’t work anymore because the perimeter no longer exists.
Instead, organizations should focus on the direct vectors that hackers can exploit, in the majority of cases, these are endpoints like employee devices, workstations, routers, and other systems that lead directly to your organization. To keep your organization secure, EDR tools are needed to keep track of endpoints, protect them, and to give your organization detection and response capabilities that will give you the time to react and reduce an attack’s effectiveness.
Cybersecurity must-have #4: AD Abuse Prevention and Lateral Movement Detection
Security and risk management leaders need to consider a compromise as inevitable and prepare for those scenarios accordingly.
If an attacker is really looking to do some damage in your network, they’re likely to abuse Active Directory and move laterally from an account with minimal access to one with elevated permissions. This will give an attacker access to your critical files and servers and will allow them to embed themselves deeper in your environment, making it harder to flush them out.
Having a solution or tools that monitors Active Directory communications and detects lateral movement can help you spot when an intruder has made their way in and drive them out. Another helpful way to reduce your risk is to find ways to reduce the amount of active admin accounts. Only keep the ones that are absolutely needed.
Cybersecurity must-have #5: SOC Capabilities
It’s an unfortunate truth that cybersecurity is a 24/7 task, which is difficult because most businesses don't operate 24/7. Unfortunately, attackers may be even more prolific during out-of-office hours, knowing companies may have their shields down.
For human-driven attacks, how and how quickly you respond will make the difference between a crippling attack and one that will require only hours of work to recover.
A security operations center (or SOC) is required to centralize information and systems so your staff and relevant partners can take action quickly. This will help you automate key actions so your staff can focus on the real challenge— finding the attackers, keeping them out, and preventing a similar attack from happening.
Comprehensive security requires a layered approach
This may sound like a lot, but a layered foundational approach covers a spectrum of threats, scenarios, and scales with an organization as it grows. However, it’s not something an organization can be expected to do alone. It’s resource and time intensive to achieve everything on this list (especially with SOC capabilities) so for companies with limited resources, they’re better off finding an MSSP to help them.
When considering how to select an MSSP, they should be able to:
- Provide a curated set of technologies: An MSSP should bring their own set of vetted tools including advanced email protection and EDR solutions so you don’t have to spend the time evaluating the right ones.
- Provide 24/7 Support and SOC capabilities: As an outsourced cybersecurity department, they have the experts, time, and ability to monitor your environment at all times, providing ample support in case of a compromise.
- Guidance, training, and readiness assessment: An MSSP can work with your company to assess your organization’s security posture, help you improve your cyber resilience (especially as you grow), and provide the necessary training for your employees.
Make sure that they cover all of the above as a minimum to ensure you'll receive the right level of protection and care. For more information about how you can better secure your business through our Foundational Coverage and simplified managed services, talk to us.