This week, Simon Taylor, Executive Vice President of PacketWatch, goes over the 'PacketWatch Dozen,' 12 "Ps" for cybersecurity resilience.
See how many of our "Ps" match your current security strategy:
As of 2022, it's estimated that 24 billion usernames and passwords are available in cybercriminal marketplaces, like the dark web, according to research by Digital Shadows. Strong password management is critical.
Password managers are an excellent solution.
It should be a prerequisite to enable and use Multifactor Authentication (MFA) to access any service exposed to the Internet, such as email systems, remote access facilities, file storage, file transfer services, SaaS services, and bank accounts.
Microsoft stated that there was only an 11 percent MFA adoption rate among its enterprise cloud users, according to a 2021 Systems Engineering article.
Most hackers use known, existing vulnerabilities for which patches already exist. Approximately 80 percent of the attacks observed throughout 2020 utilized vulnerabilities reported and registered in 2017 and earlier, according to a Checkpoint report.
Don’t leave yourself unnecessarily exposed.
You can’t prevent every attack, but you can give yourself a fighting chance with some core security tools.
Endpoint Protection: A high-quality endpoint detection and response (EDR) tool is critical. Invest and deploy it everywhere you can. (You’ll be glad you did!)
Email Protection: Email is still the number one attack vector for hackers – implement SPF, DKIM, and DMARC and employ a decent email security/spam filter product or service.
Web Traffic Protection: The web can be a dangerous place. Protect yourself with a DNS filtering service and consider using a Web Application Firewall (WAF).
‘Happy-go-clicky’ folks are always the weakest link in the chain.
Conduct regular security training that simulates real-world phishing and social engineering techniques, and don’t limit this to email-only.
PacketWatch has found rewarding good performers rather than punishing failures creates better incentives and outcomes.
Also, don’t give everyone admin privileges. Restrict admin capabilities to only those that absolutely need it for their jobs. Even then, make separate and specific accounts, not ‘daily drivers.’
Address vulnerabilities you have, hopefully, before hackers can exploit them.
Invest in custom Web-application penetration testing if your business relies on a Web-facing application or service. You will want to find weaknesses before malicious actors do.
You can’t secure what you don’t know about.
Create and maintain an inventory of all your hardware and software assets and understand how each fit into your business operations.
In the days of increasing privacy regulation, extend that to include an inventory of your data as well. You will want to take account of what it is, where it is, and what regulatory requirements may apply to it.
Asset discovery and management tools are available, but even a spreadsheet is better than nothing.
Even in the world of hybrid working, cloud computing, and SaaS services, most companies still have a network perimeter.
Protect this critical entry point to your network by:
Implement a high-quality firewall and configure it to block any protocols that are not strictly necessary for your business operations.
Implement geo-filtering where possible and only permit traffic with countries necessary for your business. Block any traffic to/from countries on the OFAC sanctions list.
Create a demilitarized zone (DMZ) and place any external-facing services within it, with tightly restricted connections into the internal network.
Don’t restrict protocols just at your perimeter firewall.
Data backups are critical to protect against attacks like ransomware or destructive malware.
Backups are important for disaster recovery and business continuity (BCDR), but only if they are tested and shown to be reliable when you need them.
We recommend performing file restore testing on at least a monthly basis to assure yourself that your backups are valid.
Following the “3-2-1” model is also best practice:
No one wants to fund criminals (and increasingly risk sanctions) by having to pay a ransom to try to get your data back.
Log files and other event data for conducting proactive threat hunting and retrospective forensic analysis.
It's great if you have a Security Information and Event Management (SIEM) tool, but there are other less expensive ways to aggregate and retain logs. It is most critical to have the logs for when you need them. You will also need to take note of any industry regulations or legal requirements that necessitate retaining them for set periods of time.
Ensure you have maximum visibility across your entire operations, including server, endpoint, network, infrastructure, and cloud services.
PacketWatch advocates for having full network packet capture capabilities within your network. Having PCAPs allows you to ‘go back in time’ and replay network traffic when you need to perform investigations.
Remember, not all infrastructure can support tools like EDR, such as the Internet of Things (IoT), Industrial Control Systems (ICS), and Supervisory Control and Data Acquisition (SCADA) systems.
However, everything must talk on the network.
Don’t wait for an incident to suddenly try to work out what you’re going to do.
Have an incident response plan ready and written, clearly stating what needs to be done, and who needs to do what.
Of course, a plan is no good if you don’t practice it. Conduct regular incident response tabletop or simulation exercises to create ‘muscle memory’ so everyone knows what’s expected of them in a time of crisis.
Also, don’t put yourself under the stress of having to find an incident response partner at 5 p.m. on a Friday. Prepare yourself with an IR Retainer with a trusted provider so you know you’ll get priority service.
As much as PacketWatch excels at incident response, we would rather not have to meet our clients under such traumatic circumstances. By following the 'PacketWatch Dozen,' we are confident you’ll sleep a lot easier, and we can look forward to meeting you calmly and pleasantly without "that" phone call!