As hard as it is to believe, we are already more than a month into 2021 – and our Data Privacy & Cybersecurity Team is well on its way to managing over 2,000 data security incidents this year. It serves as an important reminder that a few cybersecurity suggestions can have a big impact as we embrace the months to come. The following are our top five suggestions to enhance the security of your network, detect intruders more quickly, and reduce the scope and expense of data security events this year.
1. Deploy Heuristic-Based Endpoint Monitoring
Ransomware attacks are the most dangerous online threats facing business information systems today. As encryption has become weaponized through sophisticated ransomware attacks, one of the strongest elements of a layered defense is the use of endpoint monitoring, with strong data analytics used in a heuristic manner. New variants of ransomware are being deployed daily, and are intended to lock up critical data to extort money from the victim business. New exfiltration extortion models are increasingly being utilized, in which sensitive information is stolen before the encryption attack is executed, providing the criminal more leverage in extorting money from a business. Since malware is increasingly “zero day,” or a previously unknown malicious code, a heuristic-based endpoint monitoring tool is one of the best defenses to these attacks. Unlike traditional antivirus programs – which rely on a predefined database of known malware – a sophisticated endpoint monitoring tool can identify and protect against malicious behaviors in addition to known malicious code. A robust endpoint monitoring tool is no longer a discretionary spend – it is a necessary part of any information security program in 2021.
2. Deploy Multi-Factor Authentication
Two of the most common attack vectors for system intrusions are phishing attacks on email account users and brute force attacks on open remote desktop protocol ports. One of the best ways to defend against these attacks and prevent the unauthorized use of user credentials is to deploy a secondary verification method that verifies the user is authorized to access the account. Multi-factor authentication (MFA) requires the user to provide not just something they know (a password), but also something they have (a remote code from their phone), or something they are (a fingerprint or a retinal image), making it exponentially more difficult for unauthorized individuals to gain access to email accounts and information systems. Like a robust heuristic-based endpoint monitoring tool, MFA is no longer a discretionary spend, but a necessary part of any information security program in 2021.
3. Enhance Patch Management Programs
Malicious actors are constantly attempting to compromise component parts of information systems. As a consequence, vulnerabilities are frequently identified and alerts about them are publicized and circulated by software and hardware manufacturers and distributors. Many of these alerts arise from ongoing malicious exploits, making it critical that patch management programs be enhanced or better resourced to ensure that these alerts are immediately reviewed upon receipt, and implemented as quickly as possible to secure vulnerabilities that are being actively exploited by malicious actors. Patch management is a critical aspect of a layered defense. Ensuring that all patches are identified upon being released, and implemented as quickly as possible, will reduce the vulnerabilities available to attackers and thus reduce your cyber risk.
4. Create Human Firewalls
It is no secret that the weakest link in information security is the human element. No matter how much a company invests in technology, a well-educated and attentive workforce is an essential part of a layered defense. Employees must be trained to realize that they are constantly targeted as access points to their corporate computer network. They can be the impediment or the gateway to a system compromise. It is especially important to recognize that executives, and information technology, financial, and human resources personnel are the primary targets of malicious actors. Network security awareness training for employees should incorporate this reality and explicitly acknowledge that these personnel are at a heightened risk of being targeted because of the information at their fingertips. All employees, however, should be encouraged to immediately report suspicious activity to the appropriate information security personnel. By creating a culture of security and encouraging employees to participate in the process, each employee can become a human firewall.
5. Incident Response Planning
Visualize the crisis before it occurs. Don't wait until a cyberattack to determine how to respond. Develop a plan for responding and test that plan, before the crisis occurs. The incident response planning process will help to identify appropriate internal and external responders, and delineate their roles and responsibilities. These will include internal information technology and security personnel, and certain business unit managers – especially financial, human resources, and marketing/communications personnel. It will also involve third-party resources, including legal counsel, digital forensics, and consumer remediation (notifications, credit monitoring, dark web monitoring, etc.). The planning process should ensure that, as appropriate responsive resources are identified, processes are developed to ensure they can be immediately deployed in the event of an incident. The incident response planning process should also involve an assessment of whether existing cyber insurance coverage will likely meet the evolving online threats. Once an incident response plan is in place, it should be tested – through “table top” exercises – to ensure all stakeholders understand the severity of current online threats and their roles and responsibilities for meeting the challenges faced in responding to them.
Originally Published by Lewis Brisbois, February 2021