BreachExchange mailing list archives
How to be Proactive with Your IT Security this Year
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 8 Sep 2015 19:29:39 -0600
http://www.virtual-strategy.com/2015/09/08/how-be-proactive-your-it-security-year#axzz3lBgxKBfi Today’s cybercriminals are smart and sneaky, and they’re only after one thing — your data. These online hackers are continuing to get smarter and slier every day, which is evident in the number of security breaches that happened last year. There were 744 data breaches and more than 600 million identities exposed during 2014, a year that can rightly be considered the year of the mega security breach. The total number of these attacks, 194% greater than 2013’s number, was the most damaging series of cyber attacks in security breach history to date, and we can only expect to see that threat rise this year for businesses and their customers as businesses collect more information that’s highly valuable to online hackers and as mobile device usage continues to rise. In order to effectively protect your business and your customers this year, it’s important to know about the potential threats your company could face and what the necessary and best plans of action are to better prevent, monitor, manage and respond to these security attacks. Security Breach Overview Security breaches are not only rising, they’re becoming more sophisticated and diverse. We can credit this sophistication and higher frequency to advances in technology and online perpetrators adapting to these changes faster than businesses and their security can. As a society, we are dependent on technology, which makes businesses high-value targets to these high-tech cyber criminals. Businesses know they’re facing cyber conflict, and know the security risk landscape is continually evolving, but it can be difficult to keep up with the latest technological developments and keep their security from lagging behind. Company security breaches don’t just happen in a day or two. Most of them happen during the course of several months, meaning hackers are not only smart they’re extremely patient. They also may not attack servers directly. Instead, they often come in slyly through other areas, such as user devices, media players, and browsers. Cyber attacks have several entry points, and some of the popular attack methods are malware, DDoS, SQL injection, XXS, watering hole, spear phishing, and physical access. Technology and cyber criminals will continue to advance — so your business and its security have to as well. Every organization that collects or manages individuals’ personal information needs to use security safeguards to keep that information out of the wrong hands. You have the responsibility of protecting your customers and their information, as well as yourself, by preventing all the data you store from unauthorized access, use, disclosure, modification and destruction. Implementing an effective information security program is essential for your business to rightly fulfill your responsibility to the individuals who entrust you with their personal information. If you don’t, you’ll lose the trust and business of several of your customers, not to mention your good reputation and the respect of others in your industry. You not only have to be prepared to ward off and handle security breaches, you also have to be ready to report cyber security threats to your customers and the federal government. In February, President Obama signed an executive order requiring private companies to share more information regarding cyber security threats with other companies, as well as with their customers and the federal government. This proposal creates a national notification standard and includes a 30-day notification requirement. The purpose of this legislative proposal is to bring more peace of mind to consumers, but it can be somewhat of a challenging headache for businesses since businesses are now on a time crunch to understand cyber threats and get them reported to the required list of people. This is just another reason why instituting a security plan and company policies that help prevent, monitor, manage and respond to security breaches should be at the top of your business’s priority list. Preventing Security Breaches One of the best ways to prevent a security breach from happening is planning for the unexpected. In this day and age, you have to be proactive. You need to stay a step or two ahead of potential hackers as best you can, which means establishing a strong security strategy. Your plan should include but is not limited to: - Secure all electronic devices by requiring passwords and passcodes. - Using encryption with emails, spreadsheets, etc. - Limiting access to what data employees see. - Monitoring mobile device usage and whereabouts. - Having a company email deletion policy. - Regularly monitoring data movement to track any unusual changes. - Identifying security holes. - Implementing automated patch management. Aside from your security plan, your best and first line of defense is your staff. In order to effectively protect your business and customers and be prepared with the right defenses, your entire company needs to know about the potential threats you could face. Take the necessary time to educate and train your staff on awareness and preventative methods, best practices and company policies. Trust me, it is well worth the time and money spent. You also need to patch your systems since patches facilitate added functionality or address security flaws within your program. Unfortunately, this isn’t a huge priority for businesses, which is why 50% aren’t currently patching their systems. Don’t be a business contributing to this 50%. Timely patching of security problems is critical to maintaining the operational availability, confidentiality and integrity of your company’s IT systems. When you implement patch and vulnerability management, you’re proactively preventing the exploitation of IT vulnerabilities existing within your company. Proactively managing system vulnerabilities lessens or completely eliminates exploitation potentials and takes significantly less time and effort than responding after an exploit occurs. To help keep your OS and third party patches up-to-date, use a patch manager. Many companies follow Patch Tuesday, also known as Update Tuesday. Patch Tuesday is the unofficial term referring to the day when Microsoft regularly releases security patches for its software products, which occurs the second Tuesday of each month. Using this date as an anchor to start your monthly maintenance is a good way to create a predictable update schedule for critical assets. For client systems, it’s highly recommended to update more frequently, especially for laptops and remote users. Most vendors (Google, Mozilla, Adobe, etc.) release updates as needed, introducing security updates throughout the month. At Microsoft’s 2015 Ignite event on May 4th, the company announced "Windows Update for Business.” Depending on your Windows 10 edition companies will have different options to keep systems up to date. The introduction of distribution rings allows companies some flexibility to control how quickly security and non-security updates are delivered to their systems. Companies with Enterprise licenses will have access to the “Long Term Service Branch” which will allow them to stay on a stable branch of the operating system from much longer, and “Current Branch for Business” which gives companies a level of control, but not indefinitely. Pro licenses will have access to the “Current Branch for Business”, which provides access to a few branches in which the company has control over the updates applied to systems, but not indefinitely. Consumer licenses will have access to the “Current Branch”, which will push updates more frequently and does not give much for options to opt out of updates. Before any of these preventive methods can happen, businesses need upper level buy in. Once you talk with the C-level people and receive their approval and cooperation, then you can take your security plan and push it down through the rest of the levels in the organization so everyone is aware and able to keep the security plan in motion. Monitoring Your Systems When it comes to monitoring, you have to spend more time monitoring your systems than online hackers do. Hackers monitor networks for months, sometimes even years, before attacking. More than 200 days is the average time a hacker spends monitoring. Your company must be willing to put in the needed time, effort and patience — like potential hackers do — to keep a watchful eye on your systems to prevent or quickly handle any suspicious movements. Monitoring requires examining all your systems, and you need multiple layers of monitoring in place, which includes perimeter security and adding a botnet to your system network. It’s also important to remember to monitor more than just parts of your environment audited for different compliance standards. Many company machines that have passed their PCI audit aren’t PCI compliant, they weren’t audited since they didn’t directly touch data that requires them to be audited. It’s these machines that hackers use to get into the environment to then search for ways onto machines that may have been audited and compliant. Another way to monitor your systems is regularly checking for necessary updates, i.e. system and tool updates, and then ensure that those updates happen. SharePoint server updates are quite tricky because they can cause things to break and many company departments rely on them, so administrators are typically nervous to do these updates, which often leads to security breaches. VMware tools are designed to help with this problem. Using these tools and virtual environments help reduce required large system updates that could possibly break something. Managing Security Breaches To effectively manage a security breach, having an employee or a team of employees in charge of managing internal security breaches is a must-have. The size of your company will determine if you need one security expert or a team of security experts to effectively manage, but if you have the resources and manpower, a small team is probably the best option with any company. Assembling this security management team is like assembling a startup. You need a handful of people with various skillsets that nicely mold together to create a successful team. Each individual needs their own skills, but each also needs to be well versed in security and privacy situations and not afraid to immediately jump on a problem when one occurs. Maintaining good working relationships with one another and effectively communicating on a regular basis are keys to a successful security management team. Responding To Security Breaches Responding to a company security breach is like firemen responding to a house fire. Firemen have a set plan in place that includes safety, investigating the fire, and then taking action to remediate the problem. Like prepared firemen, you need a plan in place — an incident response plan — to be as prepared as possible to respond to a security breach. This plan should tell all employees what to do if a security breach happens, outlining the necessary steps to take, people to contact for various types of breaches, and the right technology to use. Put your security management team in charge of crafting a company incident response plan. This plan is going to be a lifesaver by limiting damage if a security breach happens. An incident response plan is vital to responding to breaches, but don’t forget you still need patching. Patching is your foundation level. Without patching, it’s like having a car with an engine but no wheels; not the kind of car you want or the type of security you want for your business. Security Breach Review To recap what you need to do, here are the necessary steps to follow to proactively prevent, monitor, manage and respond to security breaches: - Plan for the unexpected. - Have a security strategy. - Educate your staff. - Patch your systems. - Get upper level buy in. - Monitor all your systems. - Check for updates on a regular basis. - Form a security management team. - Create and follow an incident response plan. Cyber attacks are the most likely terrorism attack for 2015. It’s why every employee from every industry must work together, as well as collaborate with regulators and legislatures, to better focus on the prevention and response of likely cyber attacks from today’s very smart cybercriminals to protect your business and customers to the best of your ability.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- How to be Proactive with Your IT Security this Year Audrey McNeil (Sep 09)