Shore Up Cyber Security Now

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.wallstreetandtech.com/security/shore-up-cyber-security-now/a/d-id/1297643


The evolving cyberthreat landscape and increased regulatory scrutiny have
created tremendous pressure for asset management firms as they race to
shore up their IT security. In response to the recent Securities and
Exchange Commission alert declaring an initiative to assess cyber security
preparedness in the securities industry, Gravitas developed a whitepaper to
provide asset management companies with a layered cybersecurity strategy,
including a six-point framework for addressing a range of threats head on.

The framework is constructed to assess a firm's cyber security awareness,
preparedness, and resilience to operational threats and regulatory
compliance requirements. The following highlights the six-point action plan
to help firms generate procedures and add required technologies to protect
themselves better.

1. Physical security
This means protecting the hardware, networks, and data from a material
breach and/or events that could cause catastrophic loss or damage. Physical
security is often overlooked in favor of more technology-driven protection.

Co-location facilities offer sophisticated on-site security (cameras and
biometrics systems) that prevents unauthorized access and 24x7 backup
systems that ensure zero downtime and minimal disruption in operations due
to power failure.

All hardware devices -- old and new -- should be actively managed so that
only authorized devices are given access.

2. Network security
Attacks against organizations can take the form of phishing attacks, emails
with viruses, websites containing malicious code, and other end-user
focused threats. The attacks often provide hackers with privileged access
to secured systems on behalf of a trusted user/system.

Comprehensive network security must be equipped with firewalls and
intrusion detection/prevention systems. Newer firewall technologies provide
web content and filtering defense against web-born malware. Switches and
routers must be configured with their security features enabled. Proper
network segmentation isolates network traffic between backend
infrastructure and user endpoints.

3. Malware defense
The malware layer is defined by controlling the download or the spread and
execution of malicious code at multiple areas across a firm's
infrastructure. The point of entry can vary, but email attachments,
websites, and removable media are popular examples.

Malware defenses must be robust enough to provide continuous updating and
validation to prevent an attack from spreading. They must also be deployed
across all potential entry points to stop the flow or govern the execution
of malicious software. Laptops, workstations, and servers should also be
configured so they will not auto-execute content from removable media
(thumb drives, external drives, or CD/DVDs).

4. Access control and password management
Managing administrative permissions is a primary method for attackers to
penetrate an environment. Access control management is the most significant
challenge with this basic, built-in security mechanism that can rapidly
fall out of sync with business changes so that it no longer reflects an
organization's appropriate level of access.

Limit the number of administrative accounts, and grant access to the
accounts only on an as-needed basis. Configure all automated passwords to
be complex with a retention period of no longer than 90 days. Applications
can be used to monitor user permissions on all administrative accounts and
validate their privileges.

5. Data protection monitoring systems
Once an organization has established business critical access for its data,
the biggest challenge will be to keep access aligned with business
requirements and an ever-growing file system. Access rights to file data
are constantly in flux due to changing job roles and responsibilities and
the addition of data and projects requiring user collaboration. Moreover,
rights changes are very often made by the IT help desk, because most
financial firms don't have a dedicated IT security administrator.

By establishing security policies within a file activity monitoring
solution, IT staff can receive real-time information about permission
changes to sensitive business data through simple web-based query tools. In
addition, file audit logs can be retained for long periods of time.

6. Cyberincident response plan
This plan protects the firm's critical data and reputation by implementing
a set of processes and procedures to discover, acknowledge,
compartmentalize, neutralize, and eradicate the attack from the environment
rapidly. A cyberincident response plan should be coupled with a business
continuity plan when a malicious incident has resulted in data loss,
sustained system outage, or a potentially catastrophic site failure.

The reactive steps taken with a potential attack are detection,
compartmentalization/containment, remediation, and recovery and
restoration. A comprehensive postmortem should be conducted after a firm is
back to a steady state after recovery.

By using a six-layered approach to cyber security, asset management
companies build their resilience to operational threats and regulatory
compliance requirements, thus decreasing the chances of being compromised
by cyberattacks.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!