6 Must-Have Methods to Combat a Cyber Breach
Cyber security threats come from technology and user behavior, and to date, there’s no single foolproof solution that covers both.
With increasingly sophisticated vectors for attack, bad actors have always managed to stay one step ahead of well-meaning organizations, their risk managers and their information security departments. At the same time, distracted or untrained employees remain an ongoing internal concern .
That being said, there are some baseline tactics that every company — from SMEs to enterprise-level corporations — can proactively put in place to avoid a cyber breach event or, at least, minimize its damage.
Number one, of course, is having a cyber risk insurance policy to cover financial loss, liability and response services and help maintain security standards. Beyond that, some of the best tools in the toolbox include simple technology updates, improved training and incident response or business continuity planning.
The key is to layer these different approaches for an optimal, multi-pronged effect.
1) Have a (relevant) incident response plan (IRP).
With catastrophic events only a few clicks away, your organization should have a detailed and clear set of policies and procedures that anticipate all potential scenarios.
Required in many industries and often by insurers, IRPs are one of the best ways to prepare for the inevitable while curtailing its impact. An effective plan gives everyone a road map for action during a chaotic event, reduces investigative costs and helps companies avoid penalties and fines while ensuring business continuity.
“Companies battle cyber risks every day — you have to anticipate something will happen eventually if it hasn’t already. But it’s not enough to create an incident response plan and put it away for five years,” said Mark Greisiger, founder and president of NetDiligence.
“The most effective, actionable plans are regularly updated to account for new threats, employee turnover and other changes, and they are instantly accessible as the crisis unfolds.”
For instance, companies that have a newly remote workforce due to the COVID-19 pandemic should revisit the IRP and revise it accordingly. It’s also important to rehearse the plan through tabletop exercises so that everyone involved understands the process.
Finally, Greisiger said, an IRP should include experts and outside vendors who are available at a moment’s notice.
2) Deploy multi-factor authentication (MFA).
Cyber attackers often find their way into a system or network through stolen or weak (reused or easy-to-guess) passwords.
The easiest way to shore up password control is by adopting multi-factor authentication, which requires additional proof of identification before granting a user access.
“MFA significantly improves the security posture of an environment — specifically in helping to reduce the chance of unauthorized access to external-facing email or remote protocols,” said Jason Rebholz, principal at MOXFIVE.
“While not a silver bullet to prevent attacks, MFA helps raise the bar and prevent perpetrators with stolen user credentials from using them.”
3) Install an endpoint detection and response solution.
This next-generation monitoring technology utilizes artificial intelligence and machine learning to detect baseline behaviors and aberrant movements in endpoints or computers and devices connected to the network.
Not only does this invaluable tool help a company determine whether there’s an intrusion, but it also helps forensics investigators in the aftermath by opening up a window into the compromised environment.
“An advanced endpoint detection and response (EDR) tool is one of the first things I recommend to clients experiencing and active security incident,” said Marc Bleicher of Arete Incident Response.
“In the majority of incidents we respond to, the threat actor has evaded the client’s traditional signature-based endpoint security, which most of the time is just anti-virus,” he explained. “Where EDR differs than anti-virus is it’s able to not only detect threats in real time but also provide real-time response including stopping the attack.
“The threat landscape is always evolving to keep pace with the counter measures and these solutions are designed to allow companies to detect an attack and respond quickly,” Bleicher concluded.
These solutions also offer protection against multiple types of threats as well as advanced attacks that less sophisticated software might overlook.
“With no known definitions for zero-day or zero-hour attacks, you can’t rely on antivirus software alone,” Greisiger said.
“These next-gen solutions are becoming a baseline standard of care. They aggregate the threats faced by thousands of clients and leverage that data through machine learning, so they are getting better all the time.”
4) Secure email accounts.
The sheer volume of emails most companies process makes this one of the most vulnerable areas for both malicious and careless data loss.
Too often, outside attackers can get in through brute force or socially-engineered phishing schemes and/or spoofing that steal a user’s credentials to access data or place malware on the system.
“Having a robust email security solution and strategy in place is critical to preventing these incidents,” Rebholz said.
In addition to employee training (#6 below), that strategy should include controls such as above-mentioned multi-factor authentication plus the ability to scan and block SPAM, phishing emails, malicious attachments and suspicious URLs.
5) Secure remote access.
Remote access to company servers has always been a security concern, but this is especially true in 2020 with so many workers in remote settings.
One fix is to swap out remote desktop protocols for a VPN solution or cloud services that will guard against intrusions. Again, multi-factor authentication is key.
“Now that many workers are at home and may stay there post-pandemic, all users should have multi-factor authentication when remotely accessing corporate assets,” Bleicher said.
“Where, possibly, you should also limit access privileges to employees by functional level, priority and need. That means not giving all users local admin privileges or any sort of elevated privilege beyond what their function requires.”
6) Employee training.
With so many data breaches resulting from human error, cyber security experts have been hammering home the importance of employee education for decades, but many organizations only implement the bare minimum when it comes to training.
“In my opinion, user training is excellent when done properly, but too many companies treat it like a nuisance or a box to check,” said Bleicher.
A robust training program should address best practices like password hygiene and physical security while elucidating risks such as malware, ransomware and social engineering scams.
Many companies opt for training with simulated attacks (e.g., phishing emails) to test employee readiness. A component on incident response prepares employees to spot and report suspected breach events. Additional functions can include risk assessment and reporting to measure progress.
Training must be required for all employees and repeated regularly to ensure awareness and alertness over time. &