Public Sector Field CISO, Fortinet.
The threat of cyberattacks always exists, but recent concerns sparked by geopolitical developments globally have led many organizations to examine their security more closely. Any organization can end up being collateral damage in a destructive, politically motivated cyber action. For example, in 2017, the NotPetya attack initially launched against websites in Ukraine spread to cause $10 billion of damage globally as it wiped data from financial, government, energy, transportation and organizations in other sectors around the world.
But for every attack that makes headlines, countless other unheralded ones occur that collectively can have an impact comparable to a NotPetya-like event. While you may need to make drastic changes in your operating posture response to an unpredictable event such as a global pandemic, you shouldn’t have to resort to improvising your response to most cyber problems. Cybersecurity should be an ongoing priority, and basic cyber hygiene and best practices can stop most malicious activity or reduce the impact of a successful breach. Simply performing the following activities can go a long way toward protecting your organization.
1. Implement Basic Cyber Hygiene
Recent analysis demonstrates that implementing basic cyber hygiene measures can reduce vulnerability to attack by as much as 90%. These are steps that can be taken even by organizations that lack cyber experts and for little or no cost. Measures such as multifactor authentication (hardware or software tokens used to validate identity) are available at a modest cost and markedly increase the security of remote user access. They are also foundational to implementing zero-trust network access and increasing security in a hybrid operating environment.
Organizations also need to be sure they don’t overlook operational technology (OT), which, because of trends such as smart building technology and IoT devices, is no longer limited to organizations focused on manufacturing or critical infrastructure services. IT and OT networks are increasingly interconnected within organizations, and basic cyber hygiene and zero-trust operating principles are equally applicable to OT environments.
MORE FROMFORBES ADVISOR
A key part of hygiene should be cyber awareness training for your organization. Free training is widely available for organizations that need it.
2. Patch Known Vulnerabilities
Threat actors often target known network and IT product vulnerabilities. Fixes or patches for these vulnerabilities are usually created by the product manufacturer, so patch management—finding and applying these fixes—should always be in an organization’s first line of defense.
There are over 171,000 publicly disclosed common vulnerabilities and exposures cataloged, but only around 2% are typically exploited by threat actors—and these are not always the newest or most damaging vulnerabilities. The challenge for an organization is knowing which vulnerabilities you should be worried about. Using security products that are automatically updated with digital threat signatures and detection rules can help protect your organization against any vulnerabilities that it hasn’t yet patched.
Organizations also need to make sure they have an up-to-date inventory of IT assets and those responsible for maintaining them. When people leave the organization, it’s not only essential to deactivate their user accounts but also essential to ensure that any IT and security products they maintain are transferred to someone else. Shadow IT (user-installed equipment that is not known to or supported by corporate resources) poses a security problem for organizations since they cannot effectively protect assets they don’t know they have. This challenge is exacerbated when users leave and such products are unattended because patch notifications and alerts may be sent to email addresses that are no longer active.
3. Back Up Critical Systems
With the rise in ransomware and wiper malware that can delete an organization’s data or render it unusable, backups should be on the agenda at every organization. If yours doesn’t have a backup plan in place, the time is now to set one up.
Since some types of malware also look for connected backups to corrupt or destroy them, make sure that you have copies of your backup data stored offline and preferably off-site. Consider running a recovery exercise with your IT team to verify that you can restore your data (it’s surprising how many organizations discover the hard way that their backup or recovery program doesn’t work) and how long it takes. If there is an impact on your organization’s operations, it’s better to find out in an exercise so you can make adjustments.
4. Test Incident Response
Backups aren’t the only things that should be tested. Talking to key internal stakeholders about how you would respond to both a typical and a worst-case cyber incident is better than having to figure it out during an attack. Review your procedures for responding to an incident, including disaster recovery and business continuity strategies.
Cybersecurity Requires Continuous Effort
These steps are the basics that all organizations and individuals should follow. Organizations that have more financial resources and in-house cyber experts can obviously do more, but the reality is that we face a significant cyber workforce and skills gap, and there are not enough cyber experts to meet the demand. Fortunately, an organization’s capability in areas ranging from analysis to incident response and even security as a service can be augmented or even wholly provided from external expertise and capabilities.
While a geopolitical crisis can increase the attention being paid to cybersecurity, the actions to manage cyber risk are among the basics that every organization should be working on all the time. These actions aren’t one-and-done. Staying up to date on cyber hygiene, monitoring vulnerabilities and prioritizing patching, running what-if scenarios and maintaining awareness about threats are all activities that should be performed continuously.