Since the beginning of the pandemic, ransomware and other cyber attacks have spiked. Meanwhile, millions of people have shifted from working in offices to working remotely. Organizations are increasingly relying on video conferencing, virtual private networks (VPNs) and remote desktop protocol admin tools.

Many employers believe that, to cut down on these risks, they should invest in new and bigger solutions. However, it’s also important that they review common best practices like password policies, least privilege access, patching and more.

Let’s look at some of those best practices you can use to assess and control today’s risks.

Adopt the Zero Trust Model

It’s time to change the way you think about and approach emerging cybersecurity issues. Many people believe their defenses are so strong that they can overlook small issues and focus only on major holes that could be easy targets for attackers. But today, this mindset will keep you one step behind the attackers. Instead, change the approach by adding the zero trust security model.

Rather than assuming everything is safe behind the corporate firewall, the zero trust model assumes breaches happen and verifies every request as if it came from an unsafe network. The zero trust attitude is ‘never trust, always verify.’

Under the zero trust model, you can authenticate and authorize every access request. It also makes it easier for you to detect and respond to any odd behavior or attacks, blocking them before granting access to the network. On top of this, apply the principle of least privileged access to reduce the risks.

The Insider Threat

The biggest cyber threat to any group is its employees. An IBM report found that insiders were behind 60% of cyber attacks, whether on purpose or by accident. Lots of people make simple mistakes: visiting malicious websites, using compromised USB drives or other personal devices at work or sharing sensitive information and credentials with another person. Then there are malicious insiders who intend to do damage.

Here are a few measures that you can implement to cut down on the risk from insider threats:

  • Set up a policy of least privilege: Limit employees’ access to only the resources they need. Don’t allow people to access the crown jewels data off-network or from a personal device with only user credentials. Provide appropriate identity access and assurance to enable remote access if it is needed, but also put strong authentication in place to grant access to the critical data.
  • Unsecured device policy: In the pandemic, a mobile workforce makes a lot of sense, but security is the main concern here. There are many ways attackers can breach unsecured devices, like losing the devices or having them stolen. Employees might fail to adhere to the company BYOD policies or use guidelines, or use an unsecured Wi-Fi network. A strong device policy is vital to ensure proper security, such as application installation control, updating the antivirus software, proper maintenance/updates of patches, data wipe procedures and encryption of data at rest and in transit.
  • Providing cybersecurity risk training to employees: Everyone can pitch in to promote digital safety, and training helps in reducing the threat from potential scams and phishing attacks. Regular trainings can do a lot to prevent employees from falling for scams.

Third-Party Risk Management

Third-party vendors have access to their clients’ critical systems and sensitive data. But many vendors do not match the level of cybersecurity measures and precautions that large organizations implement. This is a major reason malicious attackers have shifted their focus to third-party service providers: they use them as a ladder to climb to bigger targets.

There are few common threats from third-party vendors:

  • Misuse of privileges: Third-party vendors may misuse their access privileges. They may be able to access data they are not supposed to access. To counter this, use proper access control while providing access to vendors.
  • Data theft: There’s a huge risk of data theft by third parties. If there is no proper third-party management policy in place, there’s a chance critical business data might be stolen.
  • Human error: Alongside intentional data leakage, employees of third parties may make mistakes, like sharing or deleting important business information or misconfiguring systems. These common mistakes may lead to losses, both in terms of money and your company’s good name.

Limit Third-Party Risks

A proper third-party risk management strategy can help reduce the threats coming from third parties. For example:

  • Establish cybersecurity policies: Set clear rules for both third-party vendors and the first-party employees dealing with them. Both parties should sign a service level agreement (SLA) detailing the controls third parties need to have.
  • Limit access to information: Put a privileged access management system in place to make sure only authorized users have access to the resources they require to do their jobs. To add an extra layer of defense, add two-factor authentication. Use VPNs and one-time passwords, which will help prevent breaches from third-party attacks.
  • Perform regular audits and ongoing monitoring: Audit vendors often to make sure they match the agreed-upon requirements and policies. Monitor and audit them to keep an eye on potential weaknesses and flaws in their approaches.
  • Plan third-party incident response: A dedicated incident response solution must be in place to ensure timely detection of suspicious and malicious incidents. Real-time threat intelligence is required that can cue up due diligence when needed.

Missing Security Patches

Missing or delayed patches seem like a small issue, but they are important. Patches are published to protect assets from known attacks. Delays in installing these patches may put data and systems at risk.

While people are working at home, patching VPNs, antivirus software, endpoint protection systems and operating systems should be a high priority. Any out-of-date software should be updated to the latest version to minimize the risk of a data breach.

You can scale up multi-factor authentication (MFA), too. MFA should be required to access sensitive data. If applying patches or new solutions to your network, it is important to apply them to the entire potential attack surface. If any one asset present in the network is not protected, it could become the attack vector for the whole network.

Awareness Training for Employees

Cybersecurity training and awareness, creating ‘human firewalls,’ are critical for employees. Security awareness programs should include an ongoing process of training employees to combat threats.

The main point of these programs is to teach them how to respond when they face a problem. Some employees do not understand data privacy best practices or that cybersecurity is part of their job.

When an attack comes, security is everyone’s job. Awareness programs and training help keep everyone on the same page. Employees shouldn’t be the weakest link in the chain. In reality, they can be the greatest resource.

Real-Time Incident Management and Response

All of this comes together under the umbrella of incident management, the ongoing process of recognizing, recording and hunting down threats in real-time. It gives a comprehensive view of threats and incidents. With a combination of software and human work, your employees can recognize and neutralize threats. ISO/IEC Standard 27035 provides a five-step process for managing security incidents:

  1. Prepare for handling threats and incidents.
  2. Identify potential incidents and risks. Report all incidents for further analysis.
  3. Assess the known threats and incidents to determine the right next steps to mitigate the risk.
  4. Start responding to the incident by containing, researching and resolving it (based on outcome of step 3).
  5. Learn and document key takeaways from incidents and use them as case studies for tackling any future problems.

These best practices will help you implement the incident management process.

To start with, develop an incident response team with defined roles and responsibilities. From there, conduct a comprehensive training program for every role and responsibility. If an incident does happen, run a post-incident analysis to learn from the successes and failures, then make adjustments in the program.

To reduce the damage and recovery costs, you need a strong incident management process. That means choosing the right tools for the job. As attackers find new ways to exploit loopholes and vulnerabilities, the good guys need to adapt these methods to be one step ahead.

More from Intelligence & Analytics

What makes a trailblazer? Inspired by John Mulaney’s Dreamforce roast

4 min read - When you bring a comedian to offer a keynote address, you need to expect the unexpected.But it is a good bet that no one in the crowd at Salesforce’s Dreamforce conference expected John Mulaney to tell a crowd of thousands of tech trailblazers that they were, in fact, not trailblazers at all.“The fact that there are 45,000 ‘trailblazers’ here couldn’t devalue the title anymore,” Mulaney told the audience.Maybe it was meant as nothing more than a punch line, but Mulaney’s…

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today