[BreachExchange] Security Think Tank: Six ways to boost cyber resilience

Audrey McNeil audrey at riskbasedsecurity.com
Tue Sep 5 20:12:55 EDT 2017


http://www.computerweekly.com/opinion/Security-Think-Tank-
Six-ways-to-boost-cyber-resilience

What key things should organisations be doing in terms of cyber defences to
ensure they are resilient?

The risk of a cyber attack has been an accepted reality of 21st century
business life for some time. This prospect is understandably unnerving for
many organisations, but much can be done to increase resilience, thereby
reducing the impact of any breaches that do occur.

Backups

Most organisations run regular corporate application server backups. These
can be augmented with automated backups of workstations and laptops (which
often does not take place systematically) to minimise data loss and avoid
the need for pay-outs in ransomware attacks, as well as helping with
day-to-day issues such as file corruption. This is reinforced with daily
checks to confirm that a full backup has taken place, along with an agreed
process to follow should it fail.

Encryption

Breaches on lost or stolen laptops can be minimised by making the
encryptionof hard drives a standard corporate process. This requires users
to enter the appropriate PIN to boot up the device before reaching the
operating system login, which can only be accessed with a second
PIN/password, thereby acting as a form of two-factor authentication.

Data should also be encrypted. Typically, this occurs when data is in
transit, because it is seen as more vulnerable during send processes, but
encryption needs to extend to when data is in storage, particularly as the
EU’s General Data Protection Regulation (GDPR) is looming large on the
horizon. Levels of encryption need to reflect the importance of a
particular dataset, and the impact of it being accessed by unauthorised
parties.

Data management

To avoid information files being saved onto laptops or in fileshares,
Citrix or VM software should be used where possible to centralise data into
key hubs that can be protected and controlled more easily. If any single
access point, such as a laptop, is infected, the central data store is not
compromised, while the laptop can be blocked.

Data can also be segregated, with different layers having different levels
of security based on their sensitivity and importance to the business. This
means that a breach does not necessarily lead to all information being
accessed.

Patch processes

It goes without saying that the security standards of enterprise system
build levels must be actively enforced. To be truly effective, this needs
to be underpinned with a patch management process. Suppliers and
researchers continually develop security patches and updates to correct
software flaws. If organisations do not apply these patches, they remain
vulnerable to those specific weaknesses until the patch is applied.

Automated scanning for both code and configuration vulnerabilities should
take place at least once a week.

Threat intelligence

The more an organisation can learn in advance about any potential attacks
on its information systems, the better prepared it will be if they happen,
thereby minimising the impact. Undertaking “proactive defence” requires
looking at the threats being faced by other enterprises, keeping up to date
with developments and discussions in the information security world, and
sharing material that could be useful to other organisations in preventing
an attack.

It is also important to keep track of developments in the hacking
community, to pre-empt as many threats as possible. Organisations with
awareness of the potential threats inherently improve their resilience.

Plans and policies

The impact of many ransomware attacks is often highly disruptive to
business operations. Computers and networks may need to be shut down in
order to contain the attack, while systems may need forensic investigation
to try to ascertain the origin of the breach and enable evidence to be
collected for a potential prosecution.

A disaster recovery plan ensures that business-critical functions are up
and running as soon as possible to minimise impact, as well as providing
clarity of actions expected from individuals and the organisation as a
whole during what is likely to be a challenging period.

Any policy and plan needs to undergo business continuity testing.
Simulating a real-life scenario such as a terrorist or denial-of-service
attack will test end-to-end capabilities; if that is not feasible, another
option is partial enactments of key sections.

Plans should be supplemented with relevant business controls, such as the
ability to isolate and quickly quarantine individual machines that are
infected, to restrict the impact of further contamination.

Building resilience in advance will help to minimise the impact of a cyber
attack.  It is also important to remember that many of the options outlined
above are both straightforward and constitute good business practice,
further building the case for their implementation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170905/bf742372/attachment.html>


More information about the BreachExchange mailing list