By Grant Asplund, Check Point Growth Technologies Evangelist.
In times of geopolitical uncertainty, organizations need to expand efforts to strengthen their cyber security. In the digital age, real-world dramas are liable to play out in the cyber environment. On that account alone, fortifying security is a must. For defense contractors, infrastructure operators, and government entities, this is especially true.
Across the past two years, the aforementioned industries bore witness to a series of devastating cyber breaches. Brute force attacks, spear phishing emails, harvested credentials, and Active Directory attacks enabled hackers to infiltrate flagship national programs, entities and agencies.
Uniquely vulnerable organizations are advised to take a proactive approach to security, and to ensure adequate preparation for potential intrusions. The following guidance can prevent you from underestimating attackers.
1. Empower your CISO. Executive leaders are encouraged to provide CISOs with the support and resources to perform their jobs as well as possible. Empower CISOs by including them within high-level decision-making processes. More decisions have cyber security implications than many business leaders are aware of and a CISO’s expertise can prevent unintended security consequences.
2. Increase reporting. In the US, reporting is not mandatory among the majority of industries. As a result, some organizations sweep security incidents under the rug in order to avoid reputational damage. This tends to be the case with ransomware events, in particular, as paying hackers is the easiest exit and who really wants to launch a full-scale security investigation anyway?
However, this thinking is short-sighted. Organizations should always find out how the intruders got in and ensure that incidents are reported accurately as to help prevent larger-scale occurrences or damage within similar businesses.
3. Offsite backups. In most cases, organizations should back up data to an offsite and cloud-based server every few minutes. Cloud-based backups should be rendered as “immutable” or unable to be erased. If you have not done so already, implement the 3-2-1 approach to enterprise backups. This involves storing data in three locations, on two types of storage devices, with one copy located off-site.
In the event of a cyber attack, restoring from non-corrupted backups allows for a comparatively easy and painless recovery process.
4. Strengthen your incident response plan. Conduct table top exercises and run mock-trials of your incident response plan. The trial should include testing of restoration from backups. It should also include senior leadership, who will need to know how to shepherd the organization through a potential crisis.
5. Prioritize continuity. In the event of a cyber security incident, how will your organization continue to operate? In the way that you might take backroads home from work in the event of an accident on the main highway, what alternative routes exist to help get your organization up and running again before dinner time? Senior leadership should ensure that these avenues exist, and that corresponding continuity exercises have been conducted.
6. Plan for the worst. Know where the incident response plan is located. Ensure that appropriate persons have offline copies. Be prepared to disconnect critical parts of your infrastructure from one another in the event of a malicious threat, as a foothold in one portion of your network could lead to the exploitation of other network regions.
7. Additional suggestions. In addition to the aforementioned, there are dozens of other means of safeguarding your organization. These include outsourcing cyber security work to a managed security service provider, offering employees cyber security training, securing internet traffic through virtual private networks, mandating multi-factor authentication, implementing lock-out features after a set number of failed login attempts, activating patch management programs, using least privilege principles, and investing in endpoint detection tools.
Insurance myths
Addressing digital weaknesses through insurance policies may or may not pay. In recent years, insurance premiums have increased, and criteria around incidents requiring an insurance payout have become more stringent. Some insurance groups have updated underwriting language to lower cyber security related payouts. Others have implemented new exclusions pertaining to infrastructure damage induced by war.
In summary
Each week, more than 1200 enterprises contend with sophisticated, fifth-generation cyber attacks. In the coming weeks, months and years, this number is liable to increase. The effects of a cyber attack may not only reverberate within your organization, they can also lead to deleterious downstream effects.
For hackers, businesses both large and small can represent high-value targets. However, a strong risk-management foundation can help reduce any potential damage caused by nation-state backed attacks. Protect the integrity of your organization. Understand, manage and reduce risk.
Is your organization doing enough?