It鈥檚 an uncertain and troubling time in the world. Geopolitical conflict has enveloped Eastern Europe, but the frontlines aren’t restricted to that region. Cyber attacks can swiftly cross international borders. Nation states, as well as could adopt cyber warfare as a tactic to extend the battlefield, everywhere. This is a sensitive topic, and it鈥檚 important to stay vigilant in times like these and review your security best practices in preparation for any major escalation in these attacks.
It鈥檚 been said that unintended consequences are among the only certainties in war. A discussion about cybersecurity is appropriate given the velocity and worldwide reach of these events. Your organization鈥檚 best defense is to proactively plan and implement security best practices. Taking the time to review your cybersecurity posture limits the potential for unintended consequences.
Security Best Practices
The threat environment is so concerning that The Department of Homeland Security (CISA) has advised organizations of all sizes to put their 鈥.鈥 You don鈥檛 have to be a government agency to (hope for the best鈥 but) prepare for the worst. Just begin with the basics. Cyber security is more approachable when it鈥檚 broken down into three essential concepts:
Practicing Good IT Hygiene
Remember the Colonial Pipeline hack? It occurred due to , which is catch-all terminology for inappropriately configuring and maintaining all of your user accounts, apps, and devices throughout their life cycles. The pipeline attack wasn鈥檛 an example of master spycraft: it happened because old user credentials were unmanaged and had access to resources that enabled attackers to pivot onto bigger things. Tip: don鈥檛 be like them, follow Zero Trust Security instead.
Zero Trust Security is a concept that trusts nothing and verifies everything, which in essence states that in order for all users to be authenticated and authorized to access resources, they must be continuously challenged inside and outside of your organization.
For example, the old security paradigm was 鈥淏en trusts Katie, and Katie trusts Tyrone, so Ben trusts Tyrone.鈥 That鈥檚 no longer satisfactory given the scope and omnipresence of today鈥檚 cyber threats. Configure your systems with the belief that 鈥渘othing is secure鈥 and you鈥檒l be far better off. These are some of the steps that you should take to implement Zero Trust:
- Least Privilege
Devices and users only need access to the minimal permissions to get their job done. No PC user should be operating as an administrator day-to-day, even IT admins themselves. Know who your users are and what they have access to.
- Patching
Software is complex, and you should assume that there鈥檚 vulnerabilities present in operating systems and down the stack. Applying fixes to bugs, on schedule, and maintaining up-to-date licensing and support reduces the risks that these will be exploited. A device might be logging into your systems with appropriate credentials, but it carries risk forward if it鈥檚 not being regularly patched.
- Policies
鈥淟ive and let live鈥 is not an acceptable security control on devices and with people. All devices within your fleet should be deployed 鈥渉ardened鈥, that is to say, that rules are applied to limit what changes can be made to settings. Unmanaged devices provide attackers with greater surface area to find their way in. Policies may also apply to how strong your users鈥 passwords are and whether MFA is enabled. Policies also apply to your staff, such as mandatory vacation time or limiting access to network hardware.
- Identity and Access Management (IAM)
User lifecycle management is no less important than how well devices are secured. Who has access to what and whether there鈥檚 assurance that they鈥檙e who they say they are (working from a location that鈥檚 acceptably secure) is vital to IT hygiene. Modern IAM systems require more than one level of authentication, may use single sign-on (SSO), have the capacity for conditional access, and more closely manage group memberships.聽
- Human Firewalls
Practicing security awareness isn鈥檛 a technical control, but it鈥檚 no less vital. Your employees, an administrative control, should serve as human firewalls who know when to speak up and 鈥渟ay something鈥 when they encounter unusual activities. That could be as simple as contacting the sender of a suspicious email using a different medium.
You don鈥檛 need limitless resources to implement Zero Trust security. It鈥檚 within reach by combining technical, administrative, and physical to mitigate or reduce your risks. You ultimately should have a formalized security program, but don鈥檛 get discouraged. You already 鈥know enough to be dangerous鈥 and can begin to introduce better IT hygiene to your organization.
Master Your Security Tools and Services
Security tools and services are expressly designed to help mitigate risks, but SMEs should take care to avoid security tool sprawl. Some systems require intensive resources that smaller organizations simply don鈥檛 possess. Master the tools that you have, partner to extend those capabilities when it makes sense, and consider vendors that can more externally handle those risks on your behalf. Some examples of tools that you should consider using are:
Endpoint Detection and Response (EDR)
We used to just call this antivirus software, but EDR solutions have evolved to analyze system behavior and even block common methods of attack. These systems are manageable and will help to secure devices. EDR software isn鈥檛 sufficient security as a standalone control: your organization should form a using people, operations, and technology.
Monitoring
Monitoring ranges from logs and reporting to robust enterprise-grade systems that take every event into account within your environment and across domains. It鈥檚 not practical to expect an SME to have the resources to fully staff advanced security information and event management (SIEM) and Security Operations Centers (SOCs) that run threat hunting on data lakes. However, anomalous behaviors can be detected if you know what you鈥檙e looking for and don鈥檛 lose focus. Otherwise, you鈥檒l just be spending a lot of your budget on a glorious post mortem.
Consider outsourcing this capability if your IT budget provides for it, or select vendors that perform these activities to secure the services that you鈥檙e purchasing from them.
Network Hardware and Software
Next generation firewalls, VPNs, and a software-defined perimeter (SDP) are other tools that can secure your network. Remote workforces won鈥檛 necessarily utilize all of these, so it鈥檚 also important to think about how you鈥檙e going to secure and manage your users everywhere they鈥檙e working, whether within a domain or in the domainless enterprise.
Incident Response and Business Continuity
There鈥檚 no universal elixir for better security: every organization has different requirements. However, there鈥檚 always a benefit to following best practices, such as having good backups. Every organization should have a plan to respond and recover from a cyber incident.
Security is a process, not only 鈥渟tuff鈥. Incident response and understanding what happens following an attack are crucial. That鈥檚 where your backups might come into play. We recommend working with an MSP partner or other experts to create, adopt, and practice what your organization will do if it鈥檚 attacked, otherwise known as a cybersecurity tabletop exercise.
Cyber insurance is another option, but be mindful that there are some pre-existing conditions that make it more difficult to obtain coverage. Following good IT hygiene mitigates that risk.
Additional Resources
CISA has compiled , also with guides covering the following topics:
- Reducing the likelihood of a damaging cyber incident;
- Detecting malicious activity quickly;
- Responding effectively to confirmed incidents; and
Maximizing resilience.
There’s also a collection of security guidance articles in the sidebar.
