We have moved well beyond Steven Spielberg’s movie War Games, dial-up modems, lonely dudes sitting in their mum’s basements hacking the local weather channel, and slow internet connections. The internet has leaped forward tremendously in the past decade. Internet of Things (IoT) is growing and certainly disrupting life as we know it.
Everything and everyone is connected somehow. Heck, even my mother has a smartphone and is playing bridge virtually. We call each other weekly on Skype, and she even likes some of my posts on Facebook. She has more friends on Facebook than me and has started to converse with people around the Globe – mainly relatives. It’s rather impressive to watch her evolve her skills, especially as she still struggles to set the clock on the VCR at wintertime and summertime.
We just invested in smart thermostats to help us manage the heating, cooling, and oil consumption. We now live in a smart house and can remotely control the heating. These are not new concepts, although I’m late into the smart house arena.
My awesome Traeger grill is on wireless too. I can monitor my smoking process from my phone while checking the internal temperature, perfecting my grilling skills.
All these technological advancements come with a huge drawback. A risk that is all too real is becoming more and more aggressive in the past few years. It is breeding an increasing number of cybercriminals. Their illegal attempts to earn money have no boundaries or moral limitations; they take pleasure in disrupting governments, extort healthcare organizations, attack private individuals, shut down essential COVID-19 treatment distribution, disabling school systems; all while sitting some behind some obscure tag name, hacking in their sweaty underway and eating fast food.
Cyber Criminality is a full-blown industry that flourishes. It roams freely around on the dark web, much to Neo’s pleasure, taking down the Matrix. Criminals are almost impossible to catch. You cut off one head, and ten more erupts.
Cyber attacks feed a growing population of ill-intended people who thrive on the dark web.
In the “old” days of hacking, hackers took pride in hacking a bank, FBI, some large corporation. It was often a harmless activity, used to impress fellow hackers. “Look, I just hacked this entity!” But, like most crime, it has escalated, and now a 12-year-old kid with a laptop and a cool handle can learn to hack and make some easy money.
It is all about money. They extort several companies a day, working off some predefined worklist, and move from target to target.
The increase in cyber attacks, 445 million cyber attacks to date just in 2020, put extra strain on all companies as they need to increase their defense and secure mindset. Our security perimeter starts with our end-users and needs to integrate with all areas of the organization. It has to become part of the culture and fabric of our users. It puts a significant strain and the responsibilities of your cybersecurity program – if you have one!
Starting or reevaluating a cybersecurity program in your organization is the best defense against these attacks. Staff quickly become the foot soldiers as we slowly fight off waves of attacks.
How do you prepare for a cyber attack?
How do you know if you are well defended?
Preparing Your Defenses
In my humble opinion, a good cybersecurity defense starts with an extensive cybersecurity program. A program defines the technologies deployed, the policies, the procedures, the user awareness training, and controls.
Cybersecurity is not a one-off activity but a 24/7 program that runs throughout the year. It is core to your budget and includes a lot more than just the IT department.
Your program needs to be well planned and be a good balance of technology and end-user awareness activities. The cybersecurity program includes all the awesome documentation you have been writing for months or years, right?
Here are some components of the cybersecurity program essential to your success and critical to your defense. This list is not definitive, and you should add items that I have missed or that you think are needed – in no particular order.
Core Elements of a Cybersecurity Program
The following elements are, in my opinion, important components of any security program. Each item will cover a significant part of your program and enhance your defenses. Neither should be underestimated, and all are mandatory.
I know, insurance is just an extra expense. You only use it when something happens, and you seem to be paying a large amount towards your premium monthly and annually. When stuff does happen, you spend more time debating with the insurance company, and they will many times try to avoid paying you.
Nevertheless, cybersecurity insurance is an absolute must. No debate. No cost cutting option.
It is not a matter of if you get attacked. It is a question about when you get attacked. And when you get attacked, you need to have the necessary coverage to provide you the resources to recover quickly and not close your doors permanently.
A firewall is a network security device that monitors incoming and outgoing network traffic and permits or blocks data packets based on a set of security rules. A firewall typically establishes a barrier between a trusted network and an untrusted network, such as the Internet.
Basically, if you configure this device correctly, you will control access to your network. Alerts can be put in place for certain patterns and behaviors. You can block common and insecure ports. It basically allows you to decide what traffic is permitted into your network.
Yes, the rules you put in place may interrupt or cause some issues for certain applications. However, it will allow you to improve the security of your perimeter.
End Point Protection
This is not to be confused with anti-virus programs. Anti-virus programs are no longer a secure tool to protect your network and often rely on updated definitions a few times a week. It looks for known patterns and will protect you.
While it offers great security, I personally do not think it offers enough.
It does not proactively scan the network and devices. It does not analyze the traffic within the network or detect abnormal patterns.
That is where a sophisticated endpoint protection tool comes into play. It goes beyond the traditional AV functionalities and goes deeper within the protection of your network. You will get alerted if something odd is happening, and you will have an improved perimeter.
A large amount of cyberattacks actually starts with an email. The threat actors create clever (and sometimes not so clever) phishing emails, imitating senior people with your organization and persuade them to disclose credentials. Some share a link or a document that may install malware.
The amount of emails that a user gets daily is staggering. How can a user distinguish between valid emails and fake emails?
That is why you need to have some email filtering tool in place. A tool that will allow you to filter out a huge amount of fake emails before they even arrive in the inboxes. If some do arrive, inspect URLs and attachments and eliminate those that are fraudulent and malicious.
Server & Computer Patching
I’m not going to spend too much time on what this actually means. It is fairly self explanatory.
Make sure ALL your servers and computers are up-to-date with latest security and OS patches.
Eliminate old OS versions and standardize on your OS levels. If you cannot install and deploy the latest version, then use the latest -1.
Don’t try to be a hero using Windows 95, Windows 7, or some other less secure OS platform for your computers. They are not updating any longer and are easy targets for criminals.
web content filtering
Similar to email filtering, you need to have a content web filtering tool in place. Not only to monitor the people and prevent them from browsing fewer savory sites but also to help them not visit obscure and illegal sites.
A lot less temptation for staff and you might even help with company productivity if you block gambling and social sites.
Creating a Secure Mindset
Our first line of defense, and our weakest link, is the end-user. It is not uncommon for end-users to use company email for personal stuff, and they might subscribe to many online services; news, sports, social, etc.
No offense to the end-users, but they might not be able to spot phishing attempts and may inadvertently click on URLs and documents they receive.
Even worse, they might respond to emails from HR, Finance, or IT to provide sensitive and personal details, which are then shared with the hackers. Emails appear legit, although they come from outside accounts.
It is the responsibility of IT and Security teams to provide training and increase the organization’s security mindset. Many of my IT colleagues might bark at me and call me out on this, but I truly believe that IT owns the IT & Security awareness topic. We work with users, and we know the technologies.
However, we need help communicating, as many IT departments are not the greatest at communicating or training staff. But, there are great tools for security awareness that are already populated and ready to go.
The last piece you need to consider is establishing a formal security framework. I’m referring to COBIT, NIST, ISO, HiTrust, whatever framework you deem best for your organization.
A well-structured framework will help you identify all the procedures, policies, audit controls, and templates, which you need to have in place to comply.
Just know that a framework can only show you the way. You and the team need to embrace it and invest time in getting it built. Once it is built, it needs to be maintained regularly and not just put to one side. You don’t just review it once a year, dusting it off, and then back on the shelf.
What Does the Future Hold?
Honestly, I have absolutely no idea. I do know this. Cybersecurity incident is on the rise, and I do not see them slowing down. The criminals are after money and will use any means necessary to get it. Their skills and tools are getting more advance.
Cybersecurity consultants and software companies need to be at the same level or ahead to keep the security arsenal loaded.
IT departments need to invest in appropriate security tools and maintain them. We must have the necessary skills and resources available to combat the increased cyber threat.
Our users need to increase the security mindset. Without more awareness, our first line of defense will be run over. Technology can alleviate many attacks, but a single successful phishing mail can break the defense in the end.
Get your team in battle format. Seek our allies in the security consultancy world, reduce your users … and make sure you have your cybersecurity insurance in your back pocket.
Phew, that was a long post! Thoughts? Ideas?