Containing and managing cybersecurity threats in 2020 may be the most important strategic plan you create prior to the end of 2019.
2020 Cybersecurity Planning Guide
As we are coming to an end of a record-breaking year for data breaches and exposed records, your organization must be planning on doing everything they can to protect the integrity of your data.
There were 5,183 data breaches reported with 7.9 billion records exposed in just the first nine months of this year, according to Risk Based Security, which tracks publicly reported breaches. That’s an increase of 33.3% in breaches and 112% in total records over the same period in 2018.
While financial gain was behind 75% of the cyber attacks in 2019, it seems data exposure is just a normal part of our daily life.
Planning for Your Organization’s Needs
When you create your security strategy, you want to have an ideal guide or model of how a healthy organization is ran. We have simplified this process with our 2020 Cybersecurity Planning Guide. Not only will you be able to see the common challenges we’ve seen from over 800 clients, you will see how we have helped them overcome those challenges.
When you understand the challenges you are facing, how do you build a strategy to defend against those challenges? In our 2020 Cybersecurity planning guide we’ll share how the common components of a cybersecurity strategy and how to get easily get that strategy into action.
No matter the size of your organization, everyone needs to plan for the cybersecurity trends that may be an issue in 2020. When you lay the groundwork to meet these unfortunate trends, you are prepared for anything that may come your way.
Take a look at those trends in the 2020 Cybersecurity Planning Guide – Download Today.
Your cyber security strategy should be as important as your legal, regulatory, financial, or operational strategy. Here are 10 steps to help define and communicate your strategy.
The foundation of your cyber security strategy should be your framework. We recommend the NIST Cybersecurity Framework. In fact, our services fall in line with the first 4 functions of the NIST framework – Identify, Protect, Detect, Respond.
Defining and communicating your cyber security strategy is central to the success of your organization’s security strategy.
Review the following steps in order to protect your business against the majority of cyber attacks.
Network Security – protect your networks from attack. Defend the network perimeter, filter out unauthorized access and malicious content. Monitor and test security controls.
User education and awareness – Produce user security policies covering acceptable and secure use of your systems. Include in staff training. Maintain awareness of cyber risks.
Malware prevention – Produce relevant policies and establish anti-malware defenses across your organization.
Removable media controls – Produce a policy to control all access to removable media. Limit media types and use. Scan all media for malware before importing onto the corporate system.
Secure configuration – Apply security patches and ensure the secure configuration of all systems is maintained. Create a system inventory and define a baseline build for all devices.
Managing user privileges – Establish effective management processes and limit the number of privileged accounts. Limit user privileges and monitor user activity. Control access to activity and audit logs.
Incident management – Establish an incident response and disaster recovery capability. Test your incident management plans. Provide specialist training. Report criminal incidents to law enforcement.
Monitoring – Establish a monitoring strategy and produce supporting policies. Continuously monitor all systems and networks. Analyze logs for unusual activity that could indicate an attack.
Home and mobile working – Develop a mobile working policy and train staff to adhere to it. Apply the secure baseline and build to all devices. Protect data both in transit and at rest.
Cyber Security Strategy Success
Would you trust a team of experts to work with you to build your strategy? And recommend the tools and services that will bring you the most success when it comes to your cybersecurity needs? We do this every day with our clients.
We might not be a fit for your organization, but we might be able to save your company from cyber criminals. Isn’t it worth starting a conversation with our team? Get started anytime – click here to fill out a form and we’ll get back to you ASAP.
Are you considering purchasing a SIEM? Here are the top questions to ask to help you the make the best decision for your organization.
What is a SIEM (Security Information and Event Management)?
A SIEM provides an overall look at an organization’s security posture and helps correlate security events to discover threats.
A SIEM centrally collects data from multiple devices on your network, including your existing security appliances. Through an advanced correlation engine, it is able to proactively identify security events not otherwise detected by standalone security technology.
A SIEM centralizes logging capabilities on security events for enterprises and is principally used to analyze and/or report on the log entries received. The analysis capabilities of SIEM systems can detect attacks not discovered through other means and can direct the reconfiguration of other enterprise security controls to plug holes in enterprise security. Some of the top SIEM products — assuming an attack is still in progress — can even stop detected security breaches.
The first set of questions is for your internal purposes. A SIEM is not only a financial committment, but it is also a commitment in time and resources. Whether you are replacing a SIEM or investing in SIEM technology for the first time, these questions will help set you on the path to success.
It’s important to understand why you need a SIEM. Is it just for compliance or do you need to have a better idea of the events coming in from your servers, databases, applications, and desktops?
Will you be monitoring users internally or are your users mobile and working over VPN or internet?
Which operating systems need to be covered?
Do you need to collect information from firewalls, routers, switches, wireless APS, etc?
Do you have compliance regulations that need to be met? For example, PCI DSS, ISO 270001, HIPAA, etc.
What reports are required from your organization?
Do you have the internal expertise to manage a SIEM 24/7? Will you provide ongoing training? Who will react to incoming threats? What alerting thresholds does your organization require?
What is the cost of the license of the SIEM? What storage retention requirements do you have and what is the cost for those?
What integrations are needed?
What steps will you take when a threat is realized?
When you are selecting the SIEM that is right for your organization, it’s important to do your homework.
Is the SIEM an on-premise tool, in the cloud, or hybrid?
Which integrations are available?
What threat intelligence is available?
What does the console or dashboard look like?
Does it identify Zero-Day attacks?
What steps will you take when a threat is realized?
What forensic capabilities are offered?
Will they support outsourcing?
Consider a Managed SIEM
A SIEM is a complex tool that requires expertise to implement and maintain. To be effective, a SIEM must be constantly updated and customized because external threats and internal environments are constantly changing. It requires experienced security engineering to tune the SIEM to minimize false positive alerts and maximize the efficient detection of real breaches or malicious behavior.
Let’s look at circumstances that make security monitoring vital for an organization.
#1. Lack of internal expertise
Your organization can’t just throw people at security monitoring; you need the right people there. The right people are those with expertise in triaging alert, closing complex problems and understanding when they should alarm the incident response team. So if your organization has no sufficient internal expertise, you need a managed security monitoring
#2. Compliance Requirements
Virtually every regulatory mandate requires some form of log management to maintain an audit trail of activity. Ticketing and alerting capabilities also satisfy routine log data review requirements. Simply having a SIEM doesn’t mean it is effective, which is the point of the compliance requirement. Many companies prefer to outsource the management of the SIEM so it is used effectively.
#3. Advanced persistent threats
New attack vectors and vulnerabilities are discovered every day. Your organization likely has firewalls, IDS/IPS, and AV solutions installed that look for malicious activity at various points within the IT infrastructure, from the perimeter to endpoints. However, many of these solutions are not equipped to detect zero-day attacks and advanced persistent threats
#4. Around the clock monitoring
If you want 24/7 security monitoring, you will need more staffing to carry out the job, but managed services already have employees monitoring their security monitoring platform 24/7. That is why managed service is the better option when it comes to round the clock monitoring. Check out our document Insource vs. Outsource, a cost comparison for building a 24/7 security operations center.
Use cases where managed security monitoring is commonly used
And much more
No matter the size of your organization, you need to protect your data. And failure to protect your data puts the company at the risk of financial issue, loss of goodwill and legal liability.
Should You Considered Managed SIEM?
Utilizing and managing a SIEM in-house is typically reserved for large organizations that have the budget for developing a large, specialized team.
Deploying a fully managed SIEM also means that your team consists of security analysts that oversee your system around the clock and calendar. This is their one and only dedicated job, and not an additional task for an already overworked engineer.
One thing that most people in the industry can agree on – SIEM implementations are tough, invasive, and time-consuming. Each device must be touched, configured, and coordinated – this is a painstaking step that can’t be avoided. Then, the data starts flowing and you must have the expertise to use it.
Along with volumes of data come alerts, which in improperly tuned environments are often false alarms. When you work with Cybriant, our security engineers will tune the environment to squelch the noise created by false alarms, then on an ongoing basis, our analysts will determine which alarms are critical alerts.
Our team will look at any suspicious activity and determine which level of alert this activity falls under. When we identify a critical alert, we will open a ticket and follow a pre-defined escalation path informing the appropriate people in your organization with the information they need to take effective action.
When you are purchasing a SIEM, consider outsourcing the management of that SIEM to Cybriant. Our team will help guide your effort in choosing the best SIEM for your organization.
Together with the National Cyber Security Alliance, we are expelling the top 10 cybersecurity myths that businesses need to overcome.
As we celebrate the 2019 National Cybersecurity Awareness Month, we want to help businesses learn to be safer and more secure online.
At Cybriant, we highly recommend starting with a strong foundation – a cybersecurity framework. A framework will help you base all-important IT and business-related decisions.
The NIST framework is the framework we recommend to all of our clients and is how the National Cyber Security Alliance has framed its guidelines for businesses to stay secure online.
NIST consists of 5 functions – Identify, Protect, Detect, Respond, and Recover. We help our clients with each phase of this framework. We even have a service called PREtect that is an all-in-one service that will help you cover the first 4 functions of NIST. PREtect helps organizations make cybersecurity as easy as possible.
The Official 2019 Presidential Cybersecurity Proclamation
The US Government is taking a larger responsibility in protecting individuals and businesses. The National Cyber Security Alliance was created to help small and medium-sized businesses find resources and guidelines to help protect themselves.
As technology advances, so do the tactics used by malicious cyber actors to obtain personal information and threaten our networks. To maximize our Nation’s cybersecurity and mitigate risks, all levels of government must strengthen their partnerships with the private sector to better exchange information, build greater trust, and enhance the resilience of our country’s cyber infrastructure.
In May of 2019, I issued an Executive Order on America’s Cybersecurity Workforce to provide more access to cybersecurity skills training, identify the most-skilled cybersecurity workers, and advance career opportunities in the public and private sectors. This action also established the annual President’s Cup Cybersecurity Competition. The goal of this competition is to identify and encourage outstanding cybersecurity talent within the Federal workforce.
My Administration is also placing a renewed focus on Science, Technology, Engineering, and Mathematics (STEM) curriculums that embrace courses such as computer science, so that the next generation will have the technical skills needed to defend our critical infrastructure and fellow citizens.
Top 10 Cybersecurity Myths for Business
Once your organization has a strong framework in place, your first line of defense should be your employees.
Employees empowered with the resources and knowledge to protect your organization from cyber threats is one of the best lines of defense you can have. Part of that training should involve breaking down often-quoted cybersecurity misconceptions.
Cybersecurity Myth #1: My data (or the data I have access to) isn’t valuable
Organizations of all sizes maintain or have access to, valuable data worth protecting. Such data may include but is not limited to employment records, tax information, confidential correspondence, point of sale systems, business contracts. All data is valuable.
Take Action: Assess the data you create, collect, store, access, transmit and then classify that data by its level of sensitivity so you can take appropriate steps to protect it. Learn more about how to do this.
Cybersecurity Myth #2: Cybersecurity is a technology issue.
Organizations cannot rely on technology to secure their data. Cybersecurity is best approached with a mix of employee training, clear and accepted policies and procedures, and implementation of up to date technologies such as antivirus and anti-malware software. Cybersecuring an organization is the responsibility of the entire workforce, not just the IT staff.
Take Action: Educate every single employee (in every function and at every level of the organization) on their responsibility to help protect all business information. Learn more about how to do this with the National Institute for Standards and Technology guide.
Cybersecurity Myth #3: Cybersecurity requires a large financial investment
A robust cybersecurity strategy does require a financial commitment if you are serious about protecting your organization. However, there are many steps you can take that require little or no financial investment.
Take Action: Create and institute cybersecurity policies and procedures; restrict administrative and access privileges; enable multi-factor or 2-factor authentication; train employees to spot malicious emails and create backup manual procedures to keep critical business processes in operation during a cyber incident. Such procedures may include processing payments in the case a third party vendor or website is not operational.
Cybersecurity Myth #4: Outsourcing work to a vendor will wash your hands of security liability in the case of a cyber incident
It makes complete sense to outsource some of your work to others, but it does not mean you relinquish responsibility for protecting the data a vendor has access to. The data is yours and you have a legal and ethical responsibility to keep it safe and secure.
Take Action: Make sure you have thorough agreements in place with all vendors, including how company data is handled, who owns the data and has access to it, how long the data is retained and what happens to data once a contract is terminated. You should also have a lawyer review any vendor agreements. Learn more about how to do this with this American Bar Association list.
Cybersecurity Myth #5: Cyber breaches are covered by general liability insurance
Many standard business liability insurance policies do not cover cyber incidents or data breaches.
Take Action: Speak with your insurance representative to understand if you have any existing cybersecurity insurance and what type of policy would best ﬁt your company’s needs. Learn more about how to do this with the Federal Trade Commission’s (FTC) Small Business Center.
Cybersecurity Myth #6: Cyberattacks always come from external actors
Succinctly put, cyberattacks do not always come from external actors. Some cybersecurity incidents are caused accidentally by an employee – such as when they copy and paste sensitive information into an email and send it to the wrong recipient. Other times, a disgruntled (or former) employee might take revenge by launching an attack on the organization.
Take Action: When considering your threat landscape, it is important not to overlook potential cybersecurity incidents that can come from within the organization and develop strategies to minimize those threats. Learn more about how to do this using this Cybersecurity and Critical Infrastructure Agency resource.
Cybersecurity Myth #7: Young people are better at cybersecurity than others
Oftentimes, the youngest person in the organization becomes the default “IT” person. Age is not directly correlated to better cybersecurity practices.
Take Action: Before giving someone the responsibility to manage your social media, website, network, etc., educate them on your expectations of use and cybersecurity best practices. Learn more about how different generations behave online.
Cybersecurity Myth #8: Compliance with industry standards is enough for a security program
Complying with the Health Insurance Portability & Accountability Act (HIPAA) or Payment Card Industry (PCI), for example, is a critical component to securing sensitive information, but simply complying with these standards does not equate to a robust cybersecurity strategy for an organization.
Take Action: Use a robust framework, such as the NIST Cybersecurity Framework, to manage cybersecurity-related risk. Learn more about the NIST Cybersecurity Framework.
Cybersecurity Myth #9: Digital and physical security are separate
Many people narrowly associate cybersecurity with only software and code. However, when protecting your sensitive assets you should not discount physical security.
Take Action: Include an assessment of your office’s layout and how easy it is to gain unauthorized physical access to sensitive information and assets (e.g. servers, computers, paper records) in your planning. Once your assessment is completed, implement strategies and policies to prevent unauthorized physical access. Policies may include controlling who can access certain areas of the office and appropriately securing laptops and phones while traveling. Learn more about physical security on the FTC’s website.
Cybersecurity Myth #10: New software and devices are automatically secure when I buy them
Just because something is new, doesn’t mean it’s secure.
Take Action: The moment you purchase new technology, make sure it is operating with the most current software and immediately change the manufacturer’s default password to a secure passphrase. When creating a new passphrase, use a lengthy, unique phrase for the account or device. Sign up for a new online account? Be sure to immediately configure your privacy settings before you begin using the service. Find information on securing new devices.
View and download a condensed version of this content you can share around your business and with your networks.
Understand your enemy with these ethical hacking benefits. Here are 5 reasons to consider how hacking can help your business.
From coast to coast and in countries around the world, businesses are spending millions of dollars and countless IT hours to keep hackers out of their computers. So, it may seem counterintuitive that some businesses are welcoming the hackers with open arms.
It may seem strange, but businesses are using ethical hackers to identify weak points in their cyber defenses, provide valuable insights into the actions of their less ethical counterparts and create better, stronger and more resilient networks.
If you do not think that a hacker could help your business instead of hurting it, you may want to rethink those assumptions. Here are five business benefits ethical hackers can bring to your organization.
#1. They Know How the Bad Guys Think
Even if you have an IT background, getting inside the mind of a hacker can be a real challenge. Failing to understand how hackers think and what they want could be devastating to your business, and the bad guys are ready to exploit your blind spots.
They may be ethical in their actions, but white hat hackers know what makes their less scrupulous counterparts tick. They understand how hackers operate, and they can use that knowledge to protect your network for intrusion.
#2. They Know Where to Look
Each business network is amazingly complex, with interconnected computers, mobile devices, home-based workers and traveling employees logging on from the road.
Knowing what to look for when assessing cyber security can be a real challenge, but ethical hackers know where to start and where potential weak spots are likely to be hiding.
#3. They Can Expose Weak Spots You Have Overlooked
You may think your network is as secure as possible, but it could have hidden weak spots you do not know about. Those weaknesses may be invisible to you, but an experienced ethical hacker will see them from a mile away.
Finding hidden weaknesses in their cyber defenses is one of the biggest reasons to hire an ethical hacker. These good guy hackers are experts at finding open ports, back doors and other possible entry points into your computer network.
#4. Their Testing Skills are Second to None
Testing and retesting your network is a key part of successful cyber defense, but the success of the strategy rests on the skillfulness of the testers. If the people testing your network do not know what to look for, you could end up with a false sense of security – and a devastating data breach.
When it comes to network testing and intrusion detection, ethical hackers are second to none. With years of experience probing networks for weaknesses, they know how testing should be conducted, so you can rely on the accuracy of the results.
#5. They Can Help You Build a Robust Network from the Start
If you are new to the business world, making an ethical hacker part of your start-up team can help you build a better and more robust network. Building a computer network with built-in security features will vastly reduce your susceptibility to breaches and data theft and employing white hat hackers gives you a major advantage.
Members of the ethical hacker community have seen all kinds of networks, and they understand how those systems should be constructed. If you want to build a network that is fast, scalable and resistant to hacking, these experts can help you do it.
It may seem strange to invite hackers into your company, but the right hackers can actually enhance the security of your organization and your network. Employing ethical hackers is a great way to test your cyber defenses, so you can build a better and safer corporate network.
Ethical Hacking Benefits – Conclusion
When you partner with a cybersecurity firm like Cybriant, we can walk you the benefits of ethical hacking, penetration testing, and gap analyses. Schedule a consultation to understand how we can help you secure your business.