Building Cyber Security Defenses
In the modern world of advanced cyber-security and cyber threats, you’ll need a lot more than consumer-grade antivirus and firewall applications to get the job done. Built in Microsoft firewalls don't work and most IT experts and consultants are simply recommending rolling back to the built in Windows firewall just to have something installed. All clients should hire IT managed services experts that have a mature understanding of cyber-security including ransomware protection and disaster recovery methodologies.
Your IT environment and technology stack must have the right software and protection stack and services to best protect your environments.
Having a robust security offering is not only a matter of due diligence; it is a must. The essentials listed below are flexible enough to help you support a better protection plan for your environment. Everyone must be aware of these tools and offerings as well as proper implementation and tuning them for proper protection..
security assessment
Conduct assessments of IT environments to identify gaps in security coverage and existing vulnerabilities that create risks criteria. Utilize security assessment tools and consider and adopt continuous optimization and reporting — Your IT and security consultants must conduct quarterly business reviews (QBRs) and present your security posture and readiness for new patterns of cyber threats.
Password Management
All the cyber security solutions in the world can’t protect systems effectively if you are using “1234” as your password. Strong password management tools that ensure and enforce the adherence to password policies like complexity requirements, rotation policies, timeouts and multi-factor authentication (MDA) are essential for all end users. Many passwords have already been breached due to their use on most of the sites that have had user passwords exposed during these breaches. Most people use the same password or slight variations everywhere. How hard is it for hackers to try your email and password on yahoo, hotmail, gmail and other standard and free platforms that are out there. https://haveibeenpwned.com/ is a great pleace to visit and type in your email and it will tell you which breach your email was included in.
"Collection #1" - 772,904,991 breached accounts - Posted:Wed, 16 Jan 2019 a large collection of lists (combinations of email addresses and passwords used to hijack accounts) was discovered being distributed on a popular hacking forum. The data contained almost 2.7 billion records including 773 million email addresses with passwords those addresses had used.
Email Security
As one of the front-line defenses against malicious attacks, clients need email security. This has become the most common way to start major attacks. Security awareness training is a key process to make sure all your users know what to do and what to look out for. Email security will protect against spam, phishing attempts and other more sophisticated attacks that try to infiltrate clients. As many cyber security attacks today originate via email, this must be an essential component in all email deployments. Cloud based email platforms make this much easier to deploy.
Security Awareness Training
Building a strong fortress is useless if the gates are left open. Attacks will simply get get through. No matter what you do, end-users need to act as a line of defense against phishing emails, ransomware and other social engineering attacks. Ongoing security training program that can help stay vigilant in order to identify and avoid these threats will go far in your efforts.
Backup and Disaster Recovery
Backup and DR is your last and final line of defense. Backups remain a critical component of any cyber security stack as this is our final protection by allowing recovery if an attack is successful. It’s vital to maintain local and cloud offsite backups. In the recent Sony attack the attackers destroyed backup restore capabilities in order to cause more damage and prolong time to recovery. Can your business lose 24 hours of data and survive? RTO is the amount of time it will take to bring your critical systems back online, even if its in a temporary fashion. A true DR plan would reduce both manageable and tolerable thresholds. A well-documented disaster recovery (DR) plan that allows systems to be restored and data recovered in the event of a breach or incident is a must. DR and backups used in conjunction with one another can be the foundation of your cyber security protection.
Advanced Endpoint Detection, PROTECTION and Response
The bulky antivirus software is useless. The threats are sophisticated and the variants are large enough where these signature based software does not work. Advanced detection methods using machine learning and AI is the only option to combat malware, viruses and various other cyber attacks with multiple layers of analysis and protection against security threats.
Device Updates and Patching
Updates and patching are the main reason systems get breached and cone an attacker is on the inside of your network their job becomes easy. Your crown jewels will be gone before you know it. staying up-to-date on patching and using later versions of operating systems is a must, Microsoft, Adobe, and other products will help reduce known vulnerabilities as well as back doors and other weak spots in the environment as long as you patch.If your computer consulting company providing IT managed services has not taken on this responsibility then you have the wrong team supporting you.
Firewall
Today’s advanced firewalls allow to control the network traffic coming into and exiting clients’ environments and provide key monitoring of all network traffic. It remains an essential tool in identifying and preventing potential network intrusions or infiltrations.
Dark Web Research and Monitoring
Using credit reporting agencies and monitoring the dark web which is the hot-bed for criminal activity is a way of identifying if you have your info out there. Keeping tabs on the status of this information will help in preventing data breaches and reducing risk.
Firewall
Today’s advanced firewalls allow to control the network traffic coming into and exiting clients’ environments and provide key monitoring of all network traffic. It remains an essential tool in identifying and preventing potential network intrusions or infiltrations.
DNS and Web Security
Similar to firewall protecting your traffic you must also have DNS based protection. Domain name service which is teh cor eof how the Internet works by tranlating website names to IP addresses can be used to protect you when you type the wrong URL or visit a website where the site is known to be malicious. DNS monitoring technologies can be used to block vulnerable, suspicious and malicious web sites using real-time detection of known bad web and email security threats. Same technology can be sued to block sites that are not business appropriate using standard categories such as porno, gambling, drugs and alcohol and more.
Mobile Device Security
The differences between computers, phones, tablets and other computing hardware is becoming increasingly hard, and therefore endpoint security must protect beyond the desktop based PC and onto any device in a client network and eco system. Mobile device security extends these capabilities onto client mobile devices that in turn cab be used to decrease the malicious infiltration of business networks and reduce the attack surfaces.
Data Encryption
Data that can’t be read is data that can’t be used by bad actors and encryption technology should be used for data in your environment both when it is being stored and while it is in transmission. These concepts are called encryption of data in transit vs data at rest. It will help minimize the risks associated with third-party interception or the theft of sensitive information. Your files and critical emails should be encrypted.
SIEM and Log Management
Malicious actions typically leave tracks that are buried in device log files alongside other legitimate log entries. The volume of logs makes it impossible to proactively monitor these events. This is where the security information and event management (SIEM) comes ot play and is designed to automatically monitor for these log entries and then correlate this information for analysis and review. SIEM protects against sophisticated, advanced threats, and is a modern, foundation component required to meet today’s compliance requirements.
ATTACK SURFACE
Hackers have a better chance to penetrating your environment if you have a large attack surface. The point is to make your environment look as small as possible to outsiders. That involves closing down any unneeded access to inbound servers and protecting the ones that are needed with the right technology.
Source: Continuum