There is only so much time to work on anything. And Cybersecurity is not any different, it requires a focus of IT Management (and Cybersecurity specifically)
As far as Cybersecurity goes, what is it that we all must know and understand thoroughly?
- Ransomware defense, IT basics such as test your backup (this means you have a valid backup)
- Weakest link = Human Social Engineering – If someone can call you and you give them access how does a security department defend against this?
- NGFW (Next Generation FireWall) and other automation – A new updated firewall is a must these days
- Threat Analysis
- Compliance only is weak
- Password Failure
- Simplify Instructions to Employees re: Cybersecurity
- Not enough training
- Governance process and procedure
- Good defense is a good offense (what does that mean in Cybersecurity)
How can I come up with this list?
Previous posts and research.
Here are the previous posts or “reference points”:
#1 Ransomware: http://oversitesentry.com/another-hospital-computer-system-down-due-to-ransomware/ A German hospital was affected by Ransomware and was down a considerable length of time due to having to rebuild all machines infected. (likely from scratch). But that is not the only story I tried to answer why ransomware is effective in this post:
7 common mistakes (listed in post) are mistakes or failures in security procedures. The German hospital that got hit with ransomware did not have a proper backup
#2 Social Engineering: This is a primary cause of concern as human error is a major cause of security breaches including at DEFCON22 at the social engineering Capture the Flag event, needless to say the retail teams were breached. If somebody calls you to ask for information on your computer and network be very careful.
#3 NGFW The Next Generation FireWall, the successor to a standard firewall, and really a must in this day and age in a decent size operation.
(A NGFW can inspect applications as well as filter traffic by origin or destination)
#4 Threat analysis: Cyber Threat Intelligence is used to help us defend and make the job of the attacker harder. I.e. the attackers “Pyramid Of Pain” needs to be closer to the top.
FireEye has attempted to explain Threat Intel with a Pyramid representation and I use it here to use the info as an industry standard.
#5 Compliance only is weak – And I discuss that in several ways
If your focus is so narrow as to only focus on crossing all the checks to be marked off a compliance list, then you will miss the overall company security.
#6 Weak passwords and other Password Failures (like 90% of all Point of Sale systems still have default passwords) Our weakness of not solving password management hurts many organizations
#7 Simplify Instructions to Employees as logistical problems create issues and thus hamper Cybersecurity. Some security issues are complicated and IT terms may cloud what non-IT people have to review and learn. Why is simple important? Tom Kolditz of West Point explains: “No plan survives contact with the enemy.”
#8 Not enough training with regards to cybersecurity. No employee should ever answer a phone call and give out too much information, click on bad emails, set up good passwords, but there is a bigger problem. The general sense that we are getting inundated with more and more information. IoT – and Denial of Service and more complexity. But this complexity creates confusion in regular people that needs to be reviewed and trained.
#9 Governance Process and Procedure. Writing complete procedures will be difficult as all are, but once done will be good for the people and the company
#10 Test your network by getting a red team which will act like an attacker — This issue could be higher, and maybe one of the most important items. The best defense is a good offense is well known adage. And the way it is used in Cybersecurity red team is the offense and the blue team is the defense.
This post and image explain red vs blue team as well:
Contact US to review your own Cybersecurity priorities.