Try a no-risk free trial today!
// SECURE YOUR FUTURE
Last week we discussed why it is important to have a SIEM (Security Incident and Event Management) system, and why it is crucial for skilled Administrators to actively use and monitor it. For a quick refresher, here is the article in Wired that sums up the presentation by Rob Joyce, Chief of NSA’s Tailored Access Operations, that inspired this series. This week’s post will cover why your organization needs to perform a Security Assessment to analyze your organization’s operational risks.
One of the biggest issues facing organizations today is that security is an invisible attribute. IT administrators will set up devices or services, configure the security parameters, and rarely if ever, consider security settings again. Organizations routinely write policies for user access and infrastructure and never update them. Systems are tested and vulnerabilities are discovered but left unresolved. This is the “Set it and Forget it” Syndrome and almost every organization suffers from it. As Rob Joyce points out, Nation-State Hackers and Advanced Persistent Threats (APTs) are relying on these issues, and unfortunately, we are making their jobs easy by not assessing our systems and processes regularly.
that most companies will pay for a third party to audit their systems, processes, facilities, and personnel; then, they
Everyone has blind spots which cause them to overlook important issues. Infrastructures constantly change which introduces new vulnerabilities while new methods of attack are discovered or invented daily. And, often what was secure yesterday is likely, not secure today. Periodic assessments can help your organization identify these blind spots so your teams can design an effective security program. Assessments can help determine the best methods to prevent a breach and protect assets and corporate reputations.
// SECURE YOUR FUTURE
Organizations are increasingly bound by governmental regulations that dictate what security measures must be in place and how they are to be audited. PCI, FISMA, Sarbanes-Oxley, HIPAA, NERC, and GSA among others all dictate how to secure different types of data and the systems that manage them. These regulations also require regular security posture assessments.
While regulations are often the driving factor, they aren’t the only reason why an organization should perform (or better yet, have a third party perform) periodic assessments of their infrastructure. A Security Assessment is the equivalent of an organization’s State of the Union. It is a report that looks at every aspect of security and details the severity and potential impact of risks to the company. Furthermore, it produces the fundamental information required to create a roadmap to a successfully secure business. To navigate to any destination you must first know where you are.
To begin, most organizations only focus on IT data systems or penetration tests during Security Assessments, and this is where things go wrong very quickly. Yes, it is important that the firewallblocks bad guys and workstations are kept secure, but what about phone systems or printers? Will your users recognize and report a phishing email attempt? What is the process for when an employee exits your organization? Did anyone remember to disable their key card to the building? A thorough Security Assessment will go beyond the typical IT systems assessment. Here is a list of security domains that should be considered during a Security Assessment:
It is shocking to think that most companies will pay for a third party to audit their systems, processes, facilities, and personnel; then, do nothing to resolve the discovered issues. This is exactly what Rob Joyce points out in his video. A high percentage of companies will fail to close gaps discovered during security audits. A vulnerability of any size is important no matter where it exists. All an APT really needs is a toe hold. Once one is presented no matter how small, attackers will use it to gain access to your company’s data.
Once you have received your assessment results, it is imperative to either fix discovered issues or create compensating controls to avoid these issues from being leveraged. As Rob Joyce points out in his video, most companies and organizations fail to act even after issues have been discovered, documented, and reported. Joyce also says not to assume any crack in your defenses is too small or insignificant to be exploited. These toe-holds are exactly what Advanced Persistent Threats are looking for in your environment.
Companies put a lot of effort into securing revenue streams, banking information, and payroll information by default. These areas, they feel, are important to protect. Accountants frequently audit the bank and company for fraudulent activities. It’s time that companies added IT security to this list of very important, very well-understood activities. Yearly assessments should be the norm and the findings should be well communicated within companies. IT security cannot be the sole responsibility of a few guys in the back of the building.
The journey to a secure organization begins with the first step. Your first step should be a Security Assessment to know where to place your foot, and how to find the path ahead. Contact Cybriant to begin your journey.
Security and Response Across Your Entire Organization
Through continuous monitoring and analysis, our dedicated security professionals assess alerts in real-time, determine their nature, and provide remediation if necessary.
By using AI technology, we have the ability to detect and prevent attacks before they can fully execute. When a threat is detected, we are able to contain and mitigate threats from diverse modes of attack.
When you work with Cybriant, we give you the insight and expertise to remediate confirmed threats. This will help your organization reduce impact and quickly restore businesses operations.
As an extension of your team, our experts will identify, investigate, triage, and remediate security events and provide executive-level reporting.
// REACH OUT
Shoot us a message to start a discussion about how our team can help you today.
Stay up-to-date on the latest news in the cyberverse.
