Benjamin Franklin advised fire-threatened Philadelphians in 1736 that, “An ounce of prevention is worth a pound of cure. Clearly, preventing fires is better than fighting them……”
So, to what extent are we able to protect ourselves from Cybersecurity events? With the alphabet soup of acronyms out there such as NIST, ISO, SOC, CISA, DevSecOps, etc…… protecting your business from Cybersecurity threats can be overwhelming. Making Cybersecurity a priority can save your business down the road.
Threat Actors, once in, may lay dormant for months much like a human virus. The hacker with the persistent access in place will sit in the background infecting as much as possible and gathering as much data as they can. Like a cold, you may feel fine, but you’ll notice things are off a bit. You get tired easier; seem a little sluggish.
The same symptoms will occur in your IT environment as the malware spreads downloading data and expanding across your global network corrupting backups and leaving little options. Once the actor has embedded themselves, they will strike. Ransomware and stolen customer data can put an enterprise out of business for months.
Social engineering is the most prevalent way threat actors find their way into your environment. Disguising themselves as legitimate web sites, email, and customer service entities they depend on people’s kindness, willingness to help and urgency to resolve perceived threats/problems. Training your employees on recognizing these threats is both simple and critical in preventing an intrusion.
Verifying the URL on a link is the quickest and easiest way to determine validity. The safest bet; is if you don’t know who sent it don’t click it. Look up the phone number for the company on an independent site and call them to verify the request. Do not use the number that was embedded in the email. Many businesses or government entities will never call or email you. Getting an unexpected call from the Social Security administration or the IRS will never happen. Instead, they will use traditional mail.
Network design and architecture
Architecting a robust network with multiple layers of firewall protection, redundant pathways for both external and internal and isolating critical data is paramount in limiting the damage done by a threat actor. In the first layer all client data should be completely isolated from external facing equipment. Access to these environment’s should be heavily restricted to a limited number of people and applications.
The next layer is the application layer and should be divided into those applications accessing the data and those processing it. Lastly is the customer facing layers. These will sit on the public internet or companies’ intranet and be most exposed to threats. Utilizing a simple three-layer approach can prevent most leakage points from being exposed. More complex architectures may be needed depending on the industry or the data.
All assets on the network must be identified and tracked. Assets that are not in the inventory or patched can be Trojan horses themselves. Sitting on the network these assets are easy targets for Threat Actors. Knowing the age of the assets and patch levels is critical. Older assets may be out of maintenance; therefore, they may no longer have patches available and can be easily exploited.
Newer assets may sit unpatched due to the application utilizing them not being able to support the most recent patches. These machines must be isolated and scrutinized more closely. Lastly, having an active patching process of N-1 or better as well as subscribing to the latest threat alerts with your vendors is paramount to making sure you are safely secured.
Backups of data and applications are necessary to restoring your operations in the event of a ransomware or other intrusions. Since Threat Actors may have been lurking in your environment for months prior to being identified, your backups may be corrupted. If this occurs, once you restore, the Threat Actor will simply shut you down again. It’s imperative to keep the restoration environment isolated until you can scan all restored systems and verify that they are clean prior to going back online.
Some intrusions occur due to carelessness or lack of processes and procedures. In others, it is a lack of budgetary foresight creating cyber risk. Technology debt occurs quickly when finances are tight, and decisions are made to put off upgrades and maintenance to save money. “We’ll take care of it next year when things are better”, so they say.
One year quickly becomes three. As long as mission critical applications are functioning as expected, long range planning for them are overlooked. Proper budgetary planning for equipment maintenance & replacements, software patching and application upgrades are an imperative. It must be an integral part of every company’s financial planning process.
Just like with home protection; running fire drills, having home escape plans, regularly testing your security system and maintaining your smoke detectors; you need to do the same with your IT environments. Have a certified third party review your infrastructure and application architecture to ensure it has solid protective layers in place and all sensitive data is isolated. Conduct a review of all security policies, procedures, and training.
Run external and internal penetration tests to see if any holes exist and quickly execute remediation plans. Have a ransomware playbook in place and run preparedness drills. Regularly scan your backups for known malware. Maintain an active asset inventory list and perform quarterly audits of move, adds and changes to ensure nothing is on the network that shouldn’t be there.
An ounce of prevention
Even with proper grounding, installing smoke detectors, and sprinkler systems; fires still occur. Setting up and maintaining safety and security measures ensures that damage is avoided, minimized, and contained.
To the Threat Actor, data theft, ransomware, and denial of service attacks are a very profitable game. They are patient and will continue to probe until they find a way in. Companies that have fallen behind with updates and upgrades will become easy marks. As an IT leader you must stay one step ahead of them with proper planning and maintenance of your total environment.