The Best Offense Is a Good Defense: Turn Cyberthreats Into Opportunities for Increased Security Awareness
Over the holidays, many employees will complete their shopping online or via mobile during work hours. They may even be using corporate email addresses and accounts to complete transactions. Unfortunately, this opens the door for cyberattacks against an organization’s network and employees. But there are several things CISOs can do to increase security awareness within their organization and prevent threats from manifesting.
The first step is to be aware of what the top threats are so that you can be prepared to prevent or respond quickly to an attack.
The Top Threats
In the “IBM X-Force Threat Intelligent Quarterly, 4Q 2015” report, IBM’s Security Services Team identified the top three cybercrime trends that are affecting companies in every industry:
1. Onion-Layered Security Incidents
An onion-layered security incident refers to a situation in which a secondary, more damaging attack is found while investigating a more obvious one.
The first layer is highly visible and is usually caused by an unsophisticated attacker who is careless about getting caught. The secondary attack is more sophisticated and might remain hidden for a long period of time, making the damage to the victim’s network severe.
Ransomware was the most frequently encountered threat by IBM’s Emergency Response Services (ERS) team in 2015. This malware steals data and encrypts the files. The organization is then forced to pay a ransom to get the data back.
What leaves an organization vulnerable to ransomware attacks? Some subpar practices include:
- Failing to back up data;
- Poor vulnerability patching procedures; and
- A lack of security awareness by users.
3. Malicious Insiders
When accountability is not enforced, organizations are left vulnerable to insider attacks. For instance, bad password policies can undermine the effectiveness of termination procedures. This allows disgruntled former employees to perform unauthorized activity on the network via the shared accounts they’d had access to while in their job.
How Organizations Can Prepare for These Threats
Although outsourced security solutions can prevent network attacks or other compromises, a proactive security awareness program can prevent many issues from forming in the first place. Here are some tips for avoiding the most popular threats.
1. Defend Against Stealthy Layered Attacks
- Keep systems updated.
- Increase visibility into what’s happening on the network.
- Build an internal security operations center or outsource this task to a managed security services provider.
- Create operation procedures for responding to common events.
- Make sure the level of logging is appropriate and that logs are centrally stored.
- Periodically perform penetration testing.
2. Avoid Falling Victim to Ransomware
- Focus on improving patching procedures for recognized vulnerabilities.
- Create a companywide training program on security awareness.
- Give users an easy way to report suspicious emails.
- Implement antiphishing defense techniques such as checking email headers on the mail server.
- Consider implementing software to detect anomalies or suspicious code.
3. Minimize the Risk of Malicious Insider Attacks
- Enforce accountability and good password policies.
- Give administrators their own usernames and passwords and require a separate login to perform admin tasks.
- Prohibit password sharing between team members. If sharing admin accounts can’t be prohibited, they should be limited and monitored closely.
- Disable all employee credentials immediately upon termination.
How to Build Security Awareness
How can CISOs cultivate an internal awareness program for employees that meshes with the external services they already have? It starts by educating employees about threats and best practices, but you can take it one step further by giving workers hands-on experience dealing with and evaluating risks.
- Practice: Use tabletop exercises to prepare for a security emergency. Include stress tests, educational scenarios, technical and nontechnical discussions and cross-functional review.
- Plan: Put more focus on planning for computer security incidents, increasing your ability to respond quickly and efficiently to threats that are bound to come along.
- Evaluate: Get an environmental assessment to identify potential risk factors that can be mitigated.
Preparedness Is Key
A proactive defense strategy that includes patch management, education to increase security awareness, proper password procedures and standard security best practices will help organizations reduce their vulnerability to cyberattacks.
Preparedness for the threats that will come is critical. Hiring a team of outside experts can be useful in organizing your defenses so that you are able to respond quickly to a threat and prevent it from happening again.