With the current highly-publicised nature of data breaches, it’s easier than ever for executives and risk auditors to understand the serious financial and reputational damage caused as a direct result of cyber attacks.
What isn’t so publicised is the security risk management, defence and mitigation strategies that breached companies may or may not have implemented prior to their breach.
Virtual Armour has broken all this information down into six key steps for building a sound cyber defence strategy. You may have all of these covered and if so, consider your company in good shape as far as cyber defence is concerned. Otherwise, you may need to take action in order to avoid some potentially sobering future lessons.
Good defence strategies begin with a “know thy self” mentality. According to the SANS Institute Critical Security Controls for providers, the first step in building an effective cyber defense strategy is to gather an inventory of authorised and unauthorised devices and software.
This includes classifying critical assets, infrastructure, data and processes. Knowing what to defend is paramount to a successful strategy. Service providers or professional services contractors will also need this information when they deploy or configure any security products.
Simply telling your security contractor, provider or employees to protect all assets is counter-productive, unless you have unlimited budget and resources. Priorities must be chosen. After classifying assets and applications, an organisation can effectively begin to protect those assets and the data stored on them.
It’s easy to get caught up in vulnerabilities, patches and security operations and overlook an important part of evaluating risk—modelling possible threats. Perhaps a company is prepared for external attacks and internal network abuse by employees, but fails to consider what might happen during a system failure.
Natural disasters can cause the company to switch to a disaster recovery site which may have fewer security precautions in place. It’s important to understand all areas that could be vulnerable to attack, what an attackers’ likely goals will be, and which of your assets will be harmed in the fallout. Good questions to ask your technical teams include:
What affect would various natural disasters have for our data centres? Are there any single points of failure that might halt business continuity in the event of a natural disaster? What happens when critical device x, y or z fails? Will it fail gracefully, or will it affect business continuity? What constitutes (or should constitute) abuse of company computing resources? What ramifications are possible when a user or IT employee makes a costly mistake? What types of malicious actors target our business sector? What types of mass external attacks would affect business continuity, whether immediate, long-term or indirect?
Attackers gravitate to devices and systems that are left on default or near-to-default settings. When an attacker is “inside” they will start changing the way systems operate to their benefit.
Good configuration management thwarts these security holes and enable breaches to be detected sooner. Take a moment and consider what type of configuration management controls are implemented for your systems and network devices.
Not only does an organisation need to be implementing secure configurations utilising built-in security measures, but auditing those configurations regularly. In addition to secure configuration and auditing, it’s important to have a set hierarchical method of approving configuration changes.
Having oversight over configuration changes, records of configuration changes and audits of the effectiveness of any given configuration can help prevent costly configuration mistakes and reduce the chance of insider threats.
Part 1 has talked about the first three steps in building a cyber defence strategy: clarifying assets, defining threats, and configuration management. Part 2 will consider access controls and network design — how they can be used to control a potential attacker’s movement in the event they breach a defensive wall. Be sure to check out the next instalment for more actionable cyber defence strategy steps and to find out why audit logs are vital when it comes to both pre- and post-attack planning.
Sourced by By Andrew Douthwaite VP managed services, VirtualArmour
Nominations are now open for the Tech Leaders Awards 2017, the UK’s flagship celebration of the business, IT and digital leaders driving disruptive innovation and demonstrating value from the application of technology in businesses and organisations. Nominating is free and simply: just click here to enter. Good luck!