According to security experts, private and public sector organizations are usually an easy target for cyber attacks (Security Breach). And unless organizations get the basics right, they will keep falling prey to battling fraudsters, ransomware rings, or nation-state hackers. In times like these, it is crucial to make sure that organizations shore up their basic defenses, like using Multi-Factor Authentication , and as soon as they suspect an incident, they must take it seriously and act quickly.
Why is there a need to prioritize the basics?Several Organizations have long ago implemented the Multi-Factor Authentication and a Security Incident Response Plan. They have also continued to actively shore up any defenses that may have been lagging. And yet, organizations that support critical infrastructure still lag behind when it comes to the security basics. Before the advent of Artificial Intelligence and Machine Learning , security experts have been warning that the basics too often get overlooked. But still, cybersecurity has remained partially a story of organizations continually tackling new problems, just to leave them half-finished and move to a new one. Usually, organizations are hyper-obsessed with the latest technology and get caught up in just about whatever the industry is selling. But the truth is that organizations are still failing to get the basics right.
Information Security Mitigation StrategiesIn 2011, the Australian Signals Directorate published top four (4) information security mitigation strategies which are considered by many experts as the best place to start.
- Whitelist Applications
- Patch Applications & Operating Systems
- Update to the latest versions of Applications & Operating Systems
- Minimize Administrative Privileges
Who is at risk?Organizations in the financial, defense, government, and oil & gas sectors are the most likely targets for cyber attacks. Even the best prevention in the world cannot guarantee that an organization will not get breached. To identify exactly what all organizations should be doing to survive a data breach, organizations should learn how to build a Data Breach Response Playbook or a Security Incident Response Plan. The single most important factor is to set up everything, ahead of time, get buy-in from all levels of the Organization, including the Board, and then practice the Playbook.
Data Breach Response Playbook or Security Incident Response PlanChief Information Security Officers ( CISOs), especially in government agencies, aerospace and defense sectors, should conduct a 4-week review to shore up defenses, resilience and they must ensure that they can get back up and running after a successful attack. Here’s a four-week "Cyber Sprint" or top 10 items that organizations can focus on.
- Board: The Board and Executive leadership team should be properly communicated about the need for dedicated resources for ensuring that the organization is prepared and is able to do a 4-week cyber-sprint, including securing people, obtaining extra funding and support.
- Keys: All the encryption keys and privileged administrative passwords should be rotated regularly & as a standard practice
- Passwords: Password reset for all Users and external login access should be made a mandate with a fixed frequency.
- Multifactor: Every system must use Multi-Factor Authentication .
- Endpoints: Every endpoint should have an active, working and updated protection. All the nodes that do not have any protection should be terminated & if termination is not possible, then they should be isolated & put on a separate network
- Patching: Every critical vulnerability should be patched. Organizations should apply the latest patches to all workstation computers.
- Disaster Recovery: Availability of all necessary backups and the ability to work with warm or hot replication sites should be confirmed.
- Hygiene: All accounts should be closed for those who are no longer employed by the Organization.
- Phishing: A message along with a 60-second educational piece on phishing should be pushed out to every User.
- Monitoring: Turn up controls for IPS, email monitoring, web traffic monitoring and IDS, Gateway Firewall and Web Application Firewall (WAF) protection to a higher level.