Cybersecurity requires a holistic organisational approach. From all corners of the organisation, a concerted effort must be maintained to establish, execute, and follow through with a plan to address cyber-risk management.
Although there is no one-size-fits-all plan for organisations’ cyber-risk management needs, there are basic, core principles every organisation should adhere to in order to maintain a solid security posture in the face of persistent attacks.
Below are the five most common mistakes organisations make when it comes to defending their assets from cyber adversaries and how to prevent them.
Mistake #1: Assuming you’re not a target
Whether large or small, companies in virtually every industry are vulnerable to attacks. Adversaries are conducting massive campaigns in every sector of the economy to penetrate networks and extrapolate information and assets. Every organisation needs to recognise this fact and work to detect and prevent the potentially devastating damage cyberattacks can cause.
Solution: Take cyber-risk seriously by finding qualified security experts to test and assess the vulnerabilities within your organisation to determine if they occur at the technology, people or process level.
Mistake #2: Approaching security as just an IT issue
Security is not 'the CIO’s problem'. Technology is a part of the solution, but the holistic response requires a comprehensive strategy, policy and process. While the CIO or CISO may ultimately be the 'accountable executive', everyone in the organisation, especially the C-suite, owns the data and has a responsibility to protect the company’s core assets.
Solution: Companies need to focus not only on protecting personally identifiable information but also on guarding intellectual property, trade secrets, and research and development. Furthermore, cyber-risk should be elevated to the highest levels of the company’s decision-making body, including members of the board (on a periodic basis).
While business leaders aren’t required to know technical details, they must have enough threat awareness to be able to help formulate adequate cyber-response plans and allocate sufficient resources to carry out these plans. Through training, education, and simulations, the entire company should be taught — from the top down — how to identify threats and prevent and recover from attacks; this way the significant impact on bottom line, reputation, and operations can be mitigated.
Mistake #3: Neglecting to understand and update your network
Companies will never be able to prevent every attack; networks and the target space are too vast and there are too many opportunities to get in. Failing to understand the architecture of your network and keeping your software updated opens the door for an adversary to breach the system.
Solution: Stay up to date. The IT team must implement strong protocols to ensure all software is updated in a timely manner; if you use a cloud-based model for delivering cybersecurity, updates can be rolled out almost immediately on an automated basis. The organisation must know where its critical data is, how big the network is, where the entrance points are and how the network is segmented. A lack of understanding of the basic network principles and standard 'network hygiene' puts the company at unnecessary risk.
Mistake #4: Relying solely on antivirus technologies
In today’s sophisticated threat landscape, antivirus technologies alone are not sufficient to prevent persistent and advanced attacks. Adversaries evolve their tradecraft faster than security companies can update their tools. What is compounding the challenge is that attackers increasingly employ malware-free intrusion tactics. In fact, less than 40 per cent of attacks today involve malware. Security at the perimeter alone is not enough to keep the enterprise safe.
Solution: Traditional antivirus solutions may catch run-of-the-mill malware, but are no match for advanced adversaries going in with stealthy intrusion tactics. Organisations need to employ solutions that identify adversary objectives and motivations, along with the effects of the attack, even if there are no known signatures. Only a unified approach of next-generation antivirus, endpoint detection and response, along with proactive hunting for threats – all delivered by a cloud-based model for security – can put organisations in the best position to stop breaches.
Mistake #5: Failing to monitor your enterprise endpoints
Today, more often than not, adversaries are finding ways to penetrate the network and execute code at the system’s endpoints. Watching the perimeter only allows for 'silent failure'. That is, once an adversary is inside, he operates freely without threat of detection because nobody is looking. He will operate with impunity, posing grave danger to the organisation.
Solution: Employ technologies that monitor endpoints continuously. Endpoint visibility is critical for making the transition from reactive security to proactive hunting and detection. Aggregating large swathes of data and looking for anomalous behaviour across the enterprise will help to identify indicators of attack. All of this can be done if you deploy a cloud-based model for delivering cyber security. If you can identify adversary activity quickly, you can isolate and mitigate the attackers impact on your network.
Cybersecurity doesn’t happen in a vacuum. Just as the threats are interconnected, so are the solutions. A cohesive top-to-bottom plan is what gives companies the best chance at raising the bar on security and keeping the bad guys at bay. Cyberdefence tactics and tools cannot remain static. They must be tested, improved and evaluated on a regular basis. The threat never sleeps, and companies can’t afford to be asleep while the adversary threatens their existence.
Shawn Henry, CSO, CrowdStrike
Image Credit: Pavel Ignatov / Shutterstock