Security and company leaders have a difficult challenge when it comes to securing their organization and properly managing their risk. Here’s just a sampling of their challenges and what they face:
The complexity is compounded for smaller companies who have to allocate resources sparingly. What options do they have and how can they prioritize actions that will make them more secure?
We’ve put together a list of 5 cybersecurity must haves for any organization, regardless of their size or industry. This will help organizations build security capabilities across the kill chain so they’re protected at various steps within an attack, providing comprehensive and effective coverage.
Before we focus on the attacks, let’s make sure the house is in order. This will increase the overall strength of your environment, no matter what attacks it faces. Here’s a quick checklist for ensuring your organization has some protection in place.
These kinds of security controls and measures are effective against automated attacks as well as ransomware, which is the most prevalent and pervasive kind of attack currently out there. Not only has ransomware evolved in its tactics and execution, it’s getting into organizations in ways other than traditional email attacks.
Given how common these attacks are, it’s why we suggest taking the measures above to protect your organization to reduce the risk of a bad actor making their way into your network and getting that initial foothold.
Email is an extremely common attack channel and is where most automated attacks occur, with estimates reporting that 91% of all cyber attacks are starting with phishing emails.
Email attacks also include spam, social engineering, and BEC (business email compromise) attacks, most of which target employees, who, if untrained, may download malicious attachments or click on links designed to steal information. Even worse, in the case of BEC attacks, they may lead to financial theft if the attack is successful.
Organizations need to put the right filters and monitoring tools in place that put in controls at multiple points across the kill chain. This includes:
Email attacks have become much more sophisticated and a single layer of protection isn’t enough.
Prevention is a good starting point but you also need to have response capabilities if attackers do get through (a very realistic occurrence).
An endpoint detection and response, or EDR solution, is the key enabler here. Not only will it alert you in the case of a compromise or breach, it can contain the affected endpoint to stop the spread or block certain malicious files from executing.
EDRs are especially important these days as organizations’ architecture have changed dramatically over the last several years as a result of digital transformation. Traditional protection tools don’t work anymore because the perimeter no longer exists.
Instead, organizations should focus on the direct vectors that hackers can exploit, in the majority of cases, these are endpoints like employee devices, workstations, routers, and other systems that lead directly to your organization. To keep your organization secure, EDR tools are needed to keep track of endpoints, protect them, and to give your organization detection and response capabilities that will give you the time to react and reduce an attack’s effectiveness.
Security and risk management leaders need to consider a compromise as inevitable and prepare for those scenarios accordingly.
If an attacker is really looking to do some damage in your network, they’re likely to abuse Active Directory and move laterally from an account with minimal access to one with elevated permissions. This will give an attacker access to your critical files and servers and will allow them to embed themselves deeper in your environment, making it harder to flush them out.
Having a solution or tools that monitors Active Directory communications and detects lateral movement can help you spot when an intruder has made their way in and drive them out. Another helpful way to reduce your risk is to find ways to reduce the amount of active admin accounts. Only keep the ones that are absolutely needed.
It’s an unfortunate truth that cybersecurity is a 24/7 task, which is difficult because most businesses don’t operate 24/7. Unfortunately, attackers may be even more prolific during out-of-office hours, knowing companies may have their shields down.
For human-driven attacks, how and how quickly you respond will make the difference between a crippling attack and one that will require only hours of work to recover.
A security operations center (or SOC) is required to centralize information and systems so your staff and relevant partners can take action quickly. This will help you automate key actions so your staff can focus on the real challenge— finding the attackers, keeping them out, and preventing a similar attack from happening.
This may sound like a lot, but a layered foundational approach covers a spectrum of threats, scenarios, and scales with an organization as it grows. However, it’s not something an organization can be expected to do alone. It’s resource and time intensive to achieve everything on this list (especially with SOC capabilities) so for companies with limited resources, they’re better off finding an MSSP to help them.
When considering how to select an MSSP, they should be able to:
Make sure that they cover all of the above as a minimum to ensure you’ll receive the right level of protection and care. For more information about how you can better secure your business through our Foundational Coverage and simplified managed services, talk to us.