To conclude National Cyber Security Awareness Month’s theme, “Own IT. Secure IT. Protect IT,” we’ll focus this post on the final phase, “Protect IT.”
Beyond CIS controls, it’s critical for organizations to arm their infrastructure with additional layers of security. Here are three areas to acknowledge:
- Security Frameworks
- Vulnerability Scanning
- Employee Training
While we previously covered CIS controls, there are several IT security frameworks and cybersecurity standards out there to help protect company data. These blueprints are valuable resources to build your information security program to manage risk and ultimately reduce vulnerabilities. Some frameworks were developed for specific industries, as well as different regulatory compliance goals. You’ll find there is a large amount of overlap in these frameworks related to general security concepts, but it’s valuable to embrace the framework that makes most sense for your organization.
Vulnerability scanning and penetration testing are valuable first layers of defense because they will help you identify potential flaws in your IT security. Vulnerability scanning and penetration testing are often confused, but in fact the two security procedures are quite different and are used for different purposes.
At the most basic level, vulnerability scanning aims to identify any systems that are subject to known vulnerabilities, while a penetration test aims to identify weaknesses in specific system configurations and organizational processes and practices that can be exploited to compromise security.
Lastly, security training for all employees is imperative if you are trying to ensure the best level of cyber hygiene possible for your company. Employees are often the weakest link in the cyber security chain. According to Forrester Research, approximately 80% of security breaches today involve privileged credentials. Making sure employees are educated about social engineering, phishing, malware, and other scams, is beneficial as you begin to mitigate the number of breaches involving privileged credentials. With the proper training, employees are able to properly report and escalate routes that they identify as threats.
People, processes, and technologies all play significant roles in ensuring the security of an organization. Ideally these three areas work harmoniously, but is this enough? Experts at MITRE, another source of a widely recognized security framework, have said “even if an organization’s enterprise patching and software compliance program is perfect, an adversary may use a zero-day exploit, or a social engineering attack to gain a foothold in a potential victim’s network.” Thus, in 2010 MITRE began researching data sources and analytic processes for detecting advanced persistent threats (APT) more quickly through the use of endpoint telemetry data.
This aligns with our approach at Bay Dynamics. By implementing centralized analytics, organizations can pull together relevant information from various elements, including everything from user interactions with sensitive data to emerging threats and the exposure of known vulnerabilities to those factors to identify and mitigate risks BEFORE they effect the business. Having a centralized hub to assess all the systems and data being processed is a key piece to solving the cyber security puzzle.
While many of today's models leverage data detected on endpoints, they lack the critical context of how users are interacting with data and sensitive applications in the cloud, and from devices lurking in blind spots from traditional controls. When you have a moment, check out our recent webcast to learn how integrated analytics can help:
- Provide more robust data protection, married with targeted threat prevention
- Pinpoint users and systems that pose the greatest risks, related to exfiltration
- Highlight key differentiators between internal and external threats
- Tie business-driven data protection priorities directly to incident response
With October coming to a close, another National Cyber Security Month will come to an end. Hopefully, you’ve found this NCSAM aligned blog series of value and have learned how you can “Own IT. Secure IT. Protect IT.”