The cyber security threat landscape is constantly changing with the ever growing number and scale of attacks. The consequent measures necessary to combat the threats need to be robust, comprehensive and agile. Simply put, it is about developing an effective approach and constantly testing and refining it. The sections below cover the first 5 sections of some 10 essential recommended steps that should be taken to achieve a effective level of cybersecurity and is based on Guidance from NCSC. The second part will be featured in a future blog post.
Executive Risk Management
Because of the vital role that technology plays in most organisations today, information and their supporting systems need to properly categorised in the business risk profile. The impact of information and systems compromise could be more critical than many other types of business risks and result in reputational and financial damage.
It is important for the risks to be defined and communicated from executive level thus conveying the importance of information and systems.
Further essential steps that the Board should take include;
Education and Awareness
Training and awareness can help to establish a security conscious culture in the organisation. This could help to reduce the number of people clicking links in phishing emails or writing down passwords on post-it notes. Lack of awareness could result in; users connecting personal removable media that is compromised, users being subjects of phishing attacks, users seeing security as prohibitive and therefore trying to circumvent it. User ignorance to handling sensitive information may result in legal and regulatory sanction as will failure to report certain breaches.
Effective management of the user awareness risk include some of the following;
Systems that are not securely configured will be vulnerable to attack. A baseline secure configuration of all systems is essential to reduce risk of attacks and the potential for compromise. A lack of secure configurations and updated patching carries risks such as; unauthorised system changes occurring, exploitation of software bugs in unmatched systems and exploitation of insecure systems.
To avoid poor system configuration it is necessary for effective security controls be put in place such as the following;
Network connections could expose your systems and technologies to attack. A set of policies, architectural strategy and technical controls will help to reduce the chances of a successful attack which could include exploitation of systems, compromise of information in transit, propagation of malware, damage or illegal posting to corporate systems.
To effectively manage network security it is important to follow best practices and industry standard design principles at least.
All inbound and outbound traffic should be controlled, monitored and logged. This could be done with an advanced or next generation firewall, intrusion prevention techniques and anti-malware at the perimeter – in addition to endpoint anti-malware
Internal network protection is often ignored especially in the case of small networks. They should however include the following techniques
Managing User Privileges
Controlling user privileges to the correct level is important to ensure they have what they need to work effectively. Users with unnecessary rights should be avoided and is generally a major risk. If these accounts are compromised it could have a severe impact on your cyber security. Some of the potential harm that could be caused by such a compromise include; users could accidently or deliberately misuse their privileges and cause unauthorised information access
Attackers could also exploit these privileges to gain administrative level access and even negate security controls to increase the scope of their attack.
Some sensible steps that should be taken to manage these risks include;