Cybercrime has always represented an existential threat to businesses — many companies go out of business within six months after a data breach. Following a record year for ransomware and other cyberattacks, organizations worldwide are reassessing their cybersecurity plans, priorities and budgets.
The following six best practices can help organizations reduce their risk of cyberattacks and improve their ability to respond quickly and minimize the damage when attacks do occur.
1. Risk Assessments
Security assessments help organizations identify deficiencies in their technology, processes or controls that might put them at risk. Comprehensive assessments typically include these phases:
- A complete inventory of all IT assets, along with a detailed record of all security controls that are in place
- An audit to determine if current security controls meet legal, regulatory and industry standards
- Internal and external network scans to identify specific attack vectors such as unpatched servers and applications, configuration flaws, weak user credentials, and missing or weak encryption
- A report detailing how would-be attackers might exploit any vulnerabilities and what kind of damage they might cause
2. Patch Management
Security analysts say up to 85 percent of all network intrusions exploit unpatched vulnerabilities. A patch management program limits your exposure by establishing a framework for acquiring, testing and installing critical patches and updates. Key elements of a patch management program include:
- Maintain records of the current patch status of all software and devices
- Prioritize patches based on the level of risk they address
- Test patches and verify they are working correctly before applying them in a production environment
- Work with a managed services provider to relieve your internal staff of this burden
Best practices can help organizations reduce their risk of cyberattacks.
3. Training
Most successful cyberattacks involve a human error such as opening a malicious file, following a link or enabling a macro. Security awareness programs help correct such behaviors by promoting security best practices and an understanding of social engineering and hacking techniques. Core training topics should include:
- Phishing awareness
- Safe web surfing
- Proper password practices
- Mobile device security
- Secure Wi-Fi use
4. Continuous Monitoring
Active monitoring and enhanced threat intelligence capabilities are critical for ensuring timely detection and mitigation of cybersecurity events. Continuous monitoring solutions use sophisticated detection engines, one-to-one signature matching and machine learning techniques to catch malware before it enters the network. Monitoring also identifies potential vulnerabilities such as:
- Open firewall ports
- Unauthorized logins and access requests
- Email vulnerabilities
- Configuration errors
- Supply chain and third-party vulnerabilities
5. Endpoint Security
Increasing numbers of network attacks target endpoint devices being used by massive numbers of remote and mobile users. Once attackers compromise a network-connected device, they can circumvent perimeter security controls to gain direct network access. Endpoint security solutions address such threats by:
- Assessing the security posture of devices as they attempt to connect to the network
- Triggering rules-based responses such as sending alerts or logging off unauthorized users
- Using threat intelligence and behavioral analytics to identify malicious activity
6. Incident Response
Organizations must be able to act quickly to limit the damage when a breach or attack occurs. A formal cybersecurity incident response plan is a predetermined set of instructions and procedures that dictates how IT professionals and staff should respond to an incident. The plan should include these steps:
- Prepare a plan that defines the roles and responsibilities of each security team member
- Identify essential tools, technologies and resources to have in place
- Detail containment strategies for limiting the damage
- Establish processes for removing malware, closing any backdoors left by attackers and patching affected systems
- Outline how affected systems will be brought back online and tested
- Create a template for documenting all incidents and identifying processes that could be improved