Data breaches are a part of our world. Cybersecurity is not something that can be bolted on anymore, it needs to be considered as part of your overall business strategy. You must protect your business because you want to continue to do business. And that means readying yourself to detect, respond to, and recover from a cyber-attack.
There is no single “silver bullet” solution when it comes to cybersecurity readiness. At Sage, we take a layered approach, called Defense-in-Depth. The concept has been around for a while and is based on the military idea that in battle, it’s more difficult for the enemy to break through a complex and multi-layered defense system than a single barrier.
A defense-in-depth strategy is more than just implementing technology. People and process are arguably more important components that must be integrated. Let’s take a look at what a layered approach to cybersecurity should contain.
First you have perimeter preventative controls that are installed to keep malicious traffic from getting on your network. They include Firewalls and Intrusion Detection and Prevention Systems. It’s also best to implement a multi-factor authentication tool for employees who need remote-access to your network, especially if they have administrative rights.
There are also internal network preventative controls, one of the most important being regularly patching perimeter devices, as well as operating system and all third-party applications on your servers and workstations. Intrusion Detection and Prevention systems also serve as an internal controls, along with antivirus software. Other tactics include restricting where employees can go on the web when on your internal network and preventing data leakage with a secure email solution.
We have a saying that a preventative control will eventually fail, and a detective control will succeed when it does.
Among the most reliable, accurate, and proactive tools in the security arsenal are the security event audit logs created by network computers and devices, which is why security audit log management is an essential detective control. While event log management is time consuming, intricate, and challenging; the rewards are great for those that mine the data they contain. An effective program, like Tyler Detect, can help you detect potential threats and stop an incident from becoming a breach.
Review accounts on a quarterly basis. Make sure that only the accounts that should exist on your system, do. Any accounts that don’t belong there, should be deleted. It’s common for an attacker to create new accounts, plus it’s also common accounts of people that leave an organization remain active.
Do a daily desktop audit. If you have sensitive documents that you handle, have a clean desk, clear screen policy that requires documents be securely stored when not in use, and for screens to lock when users are away from their desks.
While preventative and detective controls are important, organization controls – both people and processes – are exponentially more important.
Make sure that leadership sets the tone and creates a Culture of Cybersecurity and Continuity for your organization, which will encourage participation from the bottom up. If leadership follows the rules, and communicates that they care about cybersecurity and protecting clients, employees will feel like they can invest in caring about these things too.
Develop a rich Risk Management Program. Be sure to understand where you’re vulnerable, as well as the likelihood and impact of potential threats. Also, create programmatic remediation of elevated and severe risks.
Promote cybersecurity awareness with periodic and ongoing instructor-led awareness training.
Audit your security measures and conduct tests to ensure they are adequate. Cyber assessment includes penetration and vulnerability testing, social engineering testing, and tests of your resilience plans, including Incident Response and Disaster Recovery/Business Continuity.
Make sure you know who your vendors are, and if they connect in to your system, or manage your sensitive data, be sure you understand what cybersecurity controls they have in place.
Document all of your procedures. People come and go from companies and documented procedures give you institutional memory. They allow someone new to come in to the company and perform the necessary tasks. It’s important to check your procedures as the environment changes, and on an annual basis as well, to make sure they are up-to-date.
When approaching cybersecurity in your organization, don’t make the mistake that it’s all about technology. Taking a defense-in-depth, layered approach – one that includes people, process, and technology can help further you on your path to cyber resiliency.
Free Download: Ransomware Survival Guide
We’ve all seen the headlines. Ransomware attacks are escalating. It’s essential that your organization has the proper controls in place to defend your organization against an attack. But defense strategies are not enough. With some ransomware strains touting success rates of 40% or higher, it’s even more important that your organization is prepared to confidently respond to, and survive, a ransomware attack. This survival guide will arm you with the knowledge you need to defend against and prepare for an attack.