Most (not all) cyber-related incidents can be avoided through proper planning and by having the right resources in place. Preparation is what makes all the difference, which entails outlining your risks, implementing safeguards to aid in prevention, and knowing who to bring in and when in the event of a cyber incident. After a cyber incident has occurred, time is of the essence to lessen the overall damage.While defense-in-depth is key to any well-rounded cybersecurity program, it all starts with having the right approach in place focused on people, process, and technology – in that order. Some companies get ahead of themselves and throw money at technology without having the right people and processes in place to manage it. This method never works, as technology alone cannot get the job done.
People – There are multiple ways to touch on the “people” aspect of this approach, many of which vary on the industry and size of the organization. Organizations at the very least should have the right people in place (and enough of them) to perform the work necessary, whether internally or outsourced.
- Executives and board members are expected to make cybersecurity a priority and discuss it on a regular basis to ensure the business has the information and resources it needs to address cyber threats.
- The business should have cyber liability coverage in place with oversight by an executive or manager who understands the policy requirements and limits, and how/when to invoke the policy.
- Risk management personnel know how to measure risk appropriately to ensure that business operations and financial success align with the organization’s risk appetite.
- IT teams should be knowledgeable about how to implement and maintain proper IT and security controls.
- Cybersecurity professionals should help build out security programs and applications, assess the controls in place through security audits, and investigate threats.
- Employees should receive regular and meaningful security awareness training, so they are prepared for the threats they may encounter and how to report and respond to them.
- Outside counsel specialized in privacy and cybersecurity (a.k.a. data breach coaches) and digital forensics and incident response firms should be vetted and ready to respond, when needed. Some cyber insurance carriers utilize a panel of approved legal and incident response providers they bring in at the onset of a claim, whereas others allow the business to form relationships and select the vendors of their choosing.
Process – Once you know who the people are and the parts they play, you need to define the why, how, and when they do it.
- Some industries are required to follow certain types of regulatory compliance frameworks (i.e., HIPAA, FISMA, etc.), while others may undergo an elective security audit and certification process (i.e., SOC2, ISO27001, etc.) due to client requirements. Whatever the case may be, the organization should know the compliance framework(s) they are subject to or intend to follow and implement policies and procedures to ensure strict adherence by all involved.
- Organizations need metrics to measure success. Define expectations and processes and audit them regularly to identify strengths and weaknesses. This includes testing your incident response plan at least annually.
- The IT team should define a cadence for applying security patches based on the criticality and risk of exploitation. This ensures the riskiest vulnerabilities are addressed first during patching.
- Define how often assessments are done, such as risk assessments, penetration testing, cloud control reviews, and so on. Having scheduled assessments in place aids in repetition to ensure continuous evaluation and remediation of risks.
- Cybercriminals can strike anytime, but we are now beginning to see a trend that attacks occur during the holidays and weekends. Having the right processes (and people) in place can help mitigate the risks during these times.
Technology – People define processes and use technology to meet their needs. People should vet and compare technological solutions to align with expectations.
- Identify and implement (in no particular order):
- Antivirus and endpoint detection and response solutions
- Vulnerability scanners (network + agent-based) and patching deployment software
- Asset management technologies
- Multi-factor authentication
- Network segmentation
- Data backup solutions
- Remote access software/VPN
- Device controls
- Password vaulting solutions
- Encryption (at rest and in transit)
- Sensitive data scanning solutions
- Geographical controls
- DMARC, SPF, and DKIM
- Honeypots/canary tokens
The above is a non-exhaustive Iist but should give readers an idea of things to consider when layering in the components of a good cybersecurity program. If you need assistance, Avalon Cyber provides several services that can help your organization prepare for and respond to cyber threats, including penetration testing, vulnerability assessments, managed detection and response, managed SIEM, security advisory services, and incident response.
If you would like to discuss any of our services, contact one of our experts today.