Refocusing Cybersecurity Best Practices on Security Hygiene
By Srini Tummalapenta
While organizations around the world are rightly focused on the COVID-19 pandemic, the work of cybersecurity must continue. In fact, attackers often increase their efforts to breach networks and systems during times of trouble, counting on the chaos as a useful distraction. In such times, the best cybersecurity practices should actually refocus on the most basic,
but still the most useful, steps — what we call security hygiene. Cybersecurity hygiene includes the basic best practices that help protect you against many different types of attacks and attackers. For example, you should:
- Make sure that all systems are properly patched and current.
- Make sure that all endpoints have up-to-date malware and antivirus protection.
- Make sure only the necessary firewall ports are open.
Strengthening Your Security Posture
In IT security, the worst threats often come from devices corrupted with computer viruses such as Trojans, malware or worms. Many malicious IT viruses are designed to spread to nearby nodes on the network or to hijack normal communication mechanisms to spread their payload. The NotPetya worm, which brought down huge corporate networks for days after spreading as an accounting software update from a compromised machine in the Ukraine, is a case in point of this behavior. For this reason, in IT security, proper and timely defense against known threats is one of the more potent forms of cybersecurity.
With security monitoring — and breach-and-attack simulation platforms more specifically — it is possible to probe the defenses of an organization without performing an attack or test on a production system. This method can provide an objective view of the state of the security posture of that organization and inform recommended defenses against vulnerabilities that the organization’s security and technology systems are not properly configured to defend.
Informed cybersecurity experts can look at a breach, understand the environmental factors, categorize the potential risks and vectors, and prescribe actions. The newer simulation systems can also work with human experts to more effectively prioritize security solutions based on severity of the specific risk to the particular organization. This means business risks can be prioritized on equal footing with more classic risk-rating structures that only account for cyber risks and their relative severity.
Such a view can be deemed objective because the simulation can programmatically run through thousands of known playbook attacks many times per day. The remedy, in this case, consists of recommended changes to configurations and controls that have left the organization exposed to attacks. Again, this is not rocket science or some fancy new product category; it is security hygiene, pure and simple. The best defense is to make sure that security controls are optimized for your current technology attack surface.
Early Detection Is Crucial
In cybersecurity, early malware/virus detection is absolutely crucial. This allows an organization to better map the threat to their environment and plot a response. The earlier a malware or virus is detected, the less chance it has to spread horizontally through the organization’s IT infrastructure. For example, what if your security monitoring and management tool recognizes that you are sending traffic to an IP address belonging to a bad actor? Then you have a strong indication that there is an infection somewhere in your environment. Security monitoring is practical and effective because it can spot obvious symptoms that almost always indicate something is wrong.
You Don’t Have to Do It Alone
Cybersecurity experts in digital forensics and incident response or management can quickly build a complete picture of most security problems, diagnose the root cause and propose a variety of solutions, including incident response and remediation. It is best to move quickly so as to minimize disruption and keep the cost of security breaches down. For example, if a security breach is not detected and addressed quickly, then the attackers can spend more time poking around in your systems and steal sensitive business data. While your in-house team may be good enough for this, during a major breach it is almost always helpful to consult with third parties to get their take on the best way to fix a problem and move forward.
A good way to enforce cybersecurity is to ensure each engagement has a tight scope. Another is to have a dedicated third-party resource consultant that your team can turn to for advice and guidance. Ideally, you will also have access to experts who are familiar with your ongoing cyber hygiene approach and feel comfortable operating with your existing set of tools and controls. Rarely is buying a new security control the answer to your problems. Almost always, it’s putting in place systems and procedures that better utilize the security controls you have and establish better internal management processes and cultural awareness of potential risks.
Security Hygiene Is a Combination of People, Process and the Right Technology
The good news is that it’s never too late (or too early) to practice effective IT security hygiene. Chief information security officers (CISOs) need to reinforce and reteach that connecting insecure, unhygienic home-based machines to your corporate network is highly risky behavior that can result in an infection or a breach. For technologies to more effectively protect your company and detect threats, simple, low-to-the-ground mechanisms work best and are the simplest to maintain and run. For expert help, bring in a specialist to ensure that your incident response and remediation are running well or to give you an annual security audit with a pair of fresh eyes. Keeping your IT infrastructure secure need not be complicated — but it does require effort, the right technology and expertise.