In our second part of a two part series on cyber threats, we look at how opportunistic cyber criminals are and ways you can protect your organization (and your data).
It’s pretty clear that cyber criminals are employing a wide variety of tactics to breach your organization for financial gain. Their efforts result in significant costs for those on the receiving end. The Center for Strategic and International Studies, in partnership with McAfee, released a study earlier this year that estimates the annual cost as a result of cybercrime is $600 billion in the U.S. alone.
Cyber preparedness isn’t easy – that’s partially why hackers are so successful. But there are steps you can take that will make it harder for them to illegally infiltrate and compromise your systems. And because cybercrime is a numbers game, they may well move on to their next target if breaching your systems is difficult.
Get the IT Basics Squared Away
According to the Center for Internet Security (CIS), you can reduce your risk of a breach by 80 percent if you follow these five steps:
- Maintain an accurate inventory of authorized (and unauthorized) devices.
- Maintain an inventory of authorized (and unauthorized) software.
- Develop and manage secure configurations across all devices.
- Conduct continuous / automated vulnerability assessments and remediation.
- Actively manage and control the use of administrative privileges.
Drilldown on Incident Preparation
Breaches will happen so it’s important to minimize vulnerabilities and mitigate the risk. To be prepared, create an incident response plan and align the mission with business objectives, priorities and risk appetite. You must:
- Prioritize mission critical data, networks and services.
- Determine roles and responsibilities for your internal team.
- Identify all internal and external entities with shared interests.
- Develop detection and response procedures.
- Define a roadmap for incidence response capability maturity.
Train like you fight
Don’t let an actual breach be the first time you try your incident response plan. Test your playbook and adjust as needed.
- Conduct tabletop, live ‘fire’ exercises.
- Test your detection, data collection tools.
- Recover archived logs.
- Validate and refine your escalation and notification process.
- Include lessons learned from previous run-throughs in mock exercises.
Maximize your Technology Stack
Consider your all of your network and endpoint data and locate any gaps in visibility.
- Baseline and test your controls.
- Conduct a self-evaluation of your Security Operations Center (SOC) maturity.
- Communicate with senior management and earn their buy-in on your readiness plan.
Measure and communicate risk
Choose the right metrics to measure based on what makes the most sense for your organization and risk appetite.
- Determine how long ago the breach occurred.
- Define what remediation is required.
- Balance your in-house resources with third-party resources.
One critical component to cyber threat preparedness is to understand how endpoints can often be your biggest source of risk. According to IDC, 70 percent of databreaches originate on an endpoint such as laptops, tablets, mobile phones and other devices. Visibility and control over your devices, where they are and what they are running is a key component to a strong security posture.
For more information on how to increase your cyber threat readiness, check out our webcast, Cyber Threat Checklist: Are You Prepared with SANS Institute.