According to research conducted by Gartner, in 2015 the MENA region spent up to $1.1 billion on information security, and this figure is expected to increase in the coming years. Organisations today face attacks that have become so large and multi-faceted that information security and risk management teams struggle to keep track of their security status. While businesses investing in the protection of their assets is a good thing, it is important that such large investments are being made wisely.
In this complex security landscape, it is critical to be proactive, vigilant and protected against cyber threats in order to be as secure as possible. Practicing good cyber hygiene is the cornerstone to achieving this, however doing so is easier said than done. Organisations have valid concerns about how to properly do so, and what preventative measures they need to take to combat against vulnerabilities of tomorrow.
In order to address these points, it’s important to gain a thorough understanding of what good cyber hygiene is. In an enterprise, proper cyber hygiene would be ensuring that individual data points, devices and your networks are protected against vulnerabilities while also ensuring that all systems are maintained, if not future proofed, by using cybersecurity best practices – and the latest technologies.
Good cyber hygiene would also mean that security and monitoring is controlled exclusively from a centrally managed point, pushed out to outlying terminals, and not reliant upon individuals to update their systems.
Each organisation will have its own unique structure aligned to their needs, but there are some basic things that everyone should be doing to ensure proper cyber hygiene is being practiced.
Examine Your Network. The first step to good cyber hygiene is being able to identify every inch of your network – you can’t protect what you can’t see. You have to know what type of equipment is on your network and where it is – internal networks, hosted on the Internet or part of a cloud platform. It’s important to have an updated inventory at hand to know which hardware and software is being used at all times.
Do Some Housecleaning. Once you know what’s authorised to be on your network, it is equally important to identify and remove those things that don’t belong. This is typically accomplished by running continuous scans, and then comparing the results against the list of authorised hardware and software. Once you’ve determined what doesn’t belong, take the needed steps to remove them.
Sweep and Patch. Once you gain insight into the devices and applications on your network, you should scan them from a central point on a regular basis and have the ability to patch and deactivate remotely. For larger organisations, the scale of this operation is the challenge, especially with limited maintenance windows and architectural complexities. Due to this, the need for flexible and scalable security scanning services are therefore increasingly necessary as web apps and devices proliferate.
Constantly Look For Weak Spots. With the increased frequency and complexity of attacks, it is no longer an option to scan your network on a semi-regular basis. You should try to constantly monitor for threats, and quickly address them within your network. This is likely to be the biggest challenge for security professionals within the next decade – finding the time to carry out the necessary checks, without impacting business operations.
Use Secure Configurations. Before deploying any system or device, it is important to ensure that the system is configured to both achieve its purpose and be attack resistant. For example, one of the most effective configurations for preventing the compromise of an endpoint is to remove administrative privileges from end users. Once configured securely, your next step is to control configuration drift or change.
Continuously Look for and Control Change. In operations, when something breaks, the first question asked is – ‘What changed?’ This question is equally important from a security perspective. Change is necessary but oftentimes introduces new risks and vulnerabilities into a system. Organisations should develop a system in which systems and applications are continuously monitored for changes. As changes are identified, security needs to ask a series of ‘what-if’ questions to identify and respond quickly to risk. For example, if a host firewall is disabled and there is no supporting change ticket, automatically generate a ticket notifying the incident response team.
Equip Your Employees and IT Team with the Right Tools. Security professionals can’t be at every meeting or necessarily be involved in every IT project. Nor can security staff sit with every employee as they make hundreds of security-related decisions every work hour – e.g., should I click on this link? Instead, security must equip the organisation with the right tools, typically starting with easy to understand policies and procedures. It is also important to train staff on these policies and procedures. Where possible, you should also provide your IT staff with security tools and make them an extension of your team. For example, provide your C developers with a static code analyser so that they can quickly catch and fix security vulnerabilities, such as buffer overflows, before they get introduced into production.
We are moving to a world where continuous security will become critical to keep up with the evolving threat landscape. Cyber hygiene best practices will enable organisations to shift from an ‘event driven’ mindset, to being able to respond to threats in an agile manner and minimise the impact on your overall security posture.