Threats are real
Lets face it, there are people that target your network and users with bad intentions. The threat landscape is real and ever changing. According to the major findings section within Cisco’s 2017 Midyear Cybersecurity Report;
- Business email compromise (BEC) has become a highly lucrative threat vector for attackers. According to the Internet Crime Complaint Center (IC3), US$5.3 billion was stolen due to BEC fraud between October 2013 and December 2016. In comparison, ransomware exploits took in US$1 billion in 2016.
- Spyware that masquerades as potentially unwanted applications (PUAs) is a form of malware—and a risk that many organizations underestimate or dismiss completely. However, spyware can steal user and company, weaken the security posture of devices, and increase malware infections. Spyware infections are also rampant. Cisco threat researchers studied three select spyware families and found that they were present in 20 percent of the 300 companies in the sample.
- The dramatic increase in cyber-attack frequency, complexity, and size over the past year suggests that the economics of hacking have turned a corner, according to Radware, a Cisco partner. Radware notes that the modern hacking community is benefiting from quick and easy access to a range of useful and low-cost resources.
- When it comes to enterprise security, cloud is the ignored dimension: Open authorization (OAuth) risk and poor management of single privileged user accounts create security gaps that adversaries can easily exploit. Malicious hackers have already moved to the cloud and are working relentlessly to breach corporate cloud environments, according to Cisco threat researchers.
- In late 2016, Cisco threat researchers discovered and reported three remote code-execution vulnerabilities in Memcached servers. A scan of the Internet a few months later revealed that 79 percent of the nearly 110,000 exposed Memcached servers previously identified were still vulnerable to the three vulnerabilities because they had not been patched.
What you should know
Set aside the nasty Hackers, your users pose the biggest threat to your network and systems. A comprehensive Cybersecurity practice will significantly decrease your changes of a malicious attack, virus or user error.
Common mistakes:
- No patch/update plan
- No USB lock/control
- Inadequate firewall protection
- Inadequate anti-virus protection
- Poor password management
- Disabled System Locks
- Excess Access
- Insufficient user tracking
- Lack of identity access management
- Unsecured wireless access points
- No change management policies
All aboard. Implementing a cybersecurity practice requires an on-going corporate wide commitment with clearly defined objectives.
What you can do
Implement a cybersecurity practice
Initial steps
Flows: It is impossible to build a practice without an understanding of the flow of information to and from internal/domain users and external users. A data flow document connecting all the dots is a helpful guide.
Assessment: With all the moving parts of IT, it can be difficult to determine what is and isn't working. Are the best practices in place? What areas require immediate attention? Do I have deep visibility into IT assets? A network or site assessment report is needed for the design of your layered security practice.
Design steps
The abbreviated Design steps segments the IT environment in (7) layers Users, PCs, Servers, Network, Mail Systems, Mobile Devices and Cloud.
Users - Action Items
- Password Policy
- Identity Access Management
- Phishing Awareness
PCs (Desktop/Laptop) - Action Items
- Patches/Updates
- Anti-Virus/Malware
- Lockdown
- Monitoring
- Administration
Servers - Action Items
- Patches/Updates
- Anti-Virus/Malware
- SSL
- Monitoring
- Administration
Network - Action Items
- Firewall
- WAP
- VPN/Tunnels
- PenTest/IPD
- Monitoring
- Administration
Mail System - Action Items
- Anti-Virus
- ATD
- eDiscovery
- Archiving
- Encryption
- Backup
Mobile Devices - Action Items
- Patches/Updates
- Anti-Virus/Malware
- Lockdown
- Monitoring
- Administration
Cloud - Action Items
- DNS
- Monitoring
- Administration
The 3rd step being implementation.