[BreachExchange] Security tactics that won't slow your business down

Audrey McNeil audrey at riskbasedsecurity.com
Thu May 31 19:02:22 EDT 2018


With the constant, clear and present danger of cybercrime, organizations
must become agile in their ability to quickly defend the network against
whatever comes at it. The concept of agile security has arisen, in which
security is thought of as part of the design from end to end.

Otherwise, systems must be patched, updated and modified along with other
solutions to piece together a secure environment. This is usually
inevitable for companies that went online before cybercrime became so

The problem with the second option is that having several different
appliances that must be managed as one-off point solutions makes the
environment overly complex and adds costly overhead.

This raises the total cost of ownership and leaves a business dependent on
the vendor or vendors that sold the solution. Integration with these
appliances that weren't part of the design from the start will almost
certainly leave gaps that bad actors can exploit.

The perils of modern business

Traditionally, security has taken a back seat to productivity and
profitability. The potential for a security breach and the penalties that
would follow have been less of a concern than the possibility of slowing
down the business with a strict security protocol.

For IT security teams, the struggle is real to ensure every part of the
architecture is as safe as possible (reducing risk to an acceptable level)
without slowing down the speed and growth necessary for modern businesses.

This has been true for the entire digital age with the invention of the
internet and how quickly it was adopted as a platform for outreach, sales
and marketing.

Security was a secondary concern, and the only thing that mattered was
getting the business online.

Now throw the cloud into the mix. Businesses are still hosting data on
someone else's servers and relying heavily on them for security, sometimes
to a fault. For example, in the Department of Defense (DoD) Amazon Web
Services breach, security was only as good as the people implementing it.

The DoD had all of the proper systems in place, along with its AWS hosts,
but a contractor left the S3 storage publicly accessible, and top-secret
data could be downloaded along with the system image that was used for
Linux-based virtual machines.

The cloud calls for a different cybersecurity strategy that the typical
perimeter defense. Cloud computing, if not designed properly, is flat —
allowing for unchecked lateral movement.

The threat landscape is ever-changing, and the focus has shifted from
keeping the attacker out (which, of course, is still important) to "what do
we do and how will we know if they are already in?"

Seven security tactics

Companies will benefit from adding security professionals to the business
conversation early on so they can devise a plan where the business can grow
but also be secure, making sure that all of the proper counter-measures are
in place so that as the company's footprint grows on-premises or in the
cloud, the attack surface remains as small as possible.

To keep that attack surface small, all network traffic should be treated as
untrustworthy, privileges need to be minimized and interactive access
should be monitored and controlled.

Organizations need to adopt a "zero-trust model" and proactively inspect
all network traffic to validate the authenticity of user activity.

Here are seven steps to take toward greater security:

- Segment networks and reduce single points of failure.
- Minimize access scope and rights.
- Observe cloud, app and database behavior to detect anomalies that can
indicate threats and compromise.
- Decrease the attack surface with patching and configuration control.
- Build resilience so teams and products can recover quickly from incidents.
- Look into using Network Behavior Anomaly Detection (NBAD) — the real-time
monitoring of a network for any unusual activity, trends or events.
- Look into using Endpoint Detection and Response (EDR), an emerging
category of tools and solutions that focus on detecting, investigating and
mitigating suspicious activities and issues on hosts and endpoints.

Security training

A company can build the strongest cybersecurity fortress in the world, and
its efforts will be wasted if employees keep lowering the drawbridge. Start
training employees on day one so they start thinking about cybersecurity
best practices.

Security should matter to everyone from the admin to the CEO. This will
build resilience into products and teams.

Training best practices include:

- Keep sensitive data secure and off your laptops and mobile devices.
- Don't leave devices unattended.
- Make sure software is up to date.
- Recognize that hackers are constantly targeting businesses and look out
for suspicious emails and calls from outsiders trying to obtain information
- Be cautious about clicking links online and in emails.
- Choose strong passwords and password management practices and solutions.
- Make sure antivirus software is up to date.
- Always back up data in case of a ransomware attack.

Putting it all together

Companies that entered the online world early on, before cybersecurity was
as crucial concern, have had to bolt on security solutions as needed along
the way. Newly formed companies are far more likely to put cybersecurity on
the business agenda as part of their overall strategy.

Either way, gaps in security are likely — especially if basic security
hygiene is ignored and employees are poorly trained. Organizations can use
the recommendations above to build a strong security foundation that makes
them more likely to defeat cybercrime.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180531/b963d3ee/attachment.html>

More information about the BreachExchange mailing list