Light Dark
May 25, 2021 By Abhishek Sengar 5 min read
Intelligence & Analytics
Zero Trust
Incident Response
Risk Management
Security Services

Since the beginning of the pandemic, ransomware and other cyber attacks have spiked. Meanwhile, millions of people have shifted from working in offices to working remotely. Organizations are increasingly relying on video conferencing, virtual private networks (VPNs) and remote desktop protocol admin tools.

Many employers believe that, to cut down on these risks, they should invest in new and bigger solutions. However, it’s also important that they review common best practices like password policies, least privilege access, patching and more.

Let’s look at some of those best practices you can use to assess and control today’s risks.

Adopt the Zero Trust Model

It’s time to change the way you think about and approach emerging cybersecurity issues. Many people believe their defenses are so strong that they can overlook small issues and focus only on major holes that could be easy targets for attackers. But today, this mindset will keep you one step behind the attackers. Instead, change the approach by adding the zero trust security model.

Rather than assuming everything is safe behind the corporate firewall, the zero trust model assumes breaches happen and verifies every request as if it came from an unsafe network. The zero trust attitude is ‘never trust, always verify.’

Under the zero trust model, you can authenticate and authorize every access request. It also makes it easier for you to detect and respond to any odd behavior or attacks, blocking them before granting access to the network. On top of this, apply the principle of least privileged access to reduce the risks.

The Insider Threat

The biggest cyber threat to any group is its employees. An IBM report found that insiders were behind 60% of cyber attacks, whether on purpose or by accident. Lots of people make simple mistakes: visiting malicious websites, using compromised USB drives or other personal devices at work or sharing sensitive information and credentials with another person. Then there are malicious insiders who intend to do damage.

Here are a few measures that you can implement to cut down on the risk from insider threats:

  • Set up a policy of least privilege: Limit employees’ access to only the resources they need. Don’t allow people to access the crown jewels data off-network or from a personal device with only user credentials. Provide appropriate identity access and assurance to enable remote access if it is needed, but also put strong authentication in place to grant access to the critical data.
  • Unsecured device policy: In the pandemic, a mobile workforce makes a lot of sense, but security is the main concern here. There are many ways attackers can breach unsecured devices, like losing the devices or having them stolen. Employees might fail to adhere to the company BYOD policies or use guidelines, or use an unsecured Wi-Fi network. A strong device policy is vital to ensure proper security, such as application installation control, updating the antivirus software, proper maintenance/updates of patches, data wipe procedures and encryption of data at rest and in transit.
  • Providing cybersecurity risk training to employees: Everyone can pitch in to promote digital safety, and training helps in reducing the threat from potential scams and phishing attacks. Regular trainings can do a lot to prevent employees from falling for scams.

Third-Party Risk Management

Third-party vendors have access to their clients’ critical systems and sensitive data. But many vendors do not match the level of cybersecurity measures and precautions that large organizations implement. This is a major reason malicious attackers have shifted their focus to third-party service providers: they use them as a ladder to climb to bigger targets.

There are few common threats from third-party vendors:

  • Misuse of privileges: Third-party vendors may misuse their access privileges. They may be able to access data they are not supposed to access. To counter this, use proper access control while providing access to vendors.
  • Data theft: There’s a huge risk of data theft by third parties. If there is no proper third-party management policy in place, there’s a chance critical business data might be stolen.
  • Human error: Alongside intentional data leakage, employees of third parties may make mistakes, like sharing or deleting important business information or misconfiguring systems. These common mistakes may lead to losses, both in terms of money and your company’s good name.

Limit Third-Party Risks

A proper third-party risk management strategy can help reduce the threats coming from third parties. For example:

  • Establish cybersecurity policies: Set clear rules for both third-party vendors and the first-party employees dealing with them. Both parties should sign a service level agreement (SLA) detailing the controls third parties need to have.
  • Limit access to information: Put a privileged access management system in place to make sure only authorized users have access to the resources they require to do their jobs. To add an extra layer of defense, add two-factor authentication. Use VPNs and one-time passwords, which will help prevent breaches from third-party attacks.
  • Perform regular audits and ongoing monitoring: Audit vendors often to make sure they match the agreed-upon requirements and policies. Monitor and audit them to keep an eye on potential weaknesses and flaws in their approaches.
  • Plan third-party incident response: A dedicated incident response solution must be in place to ensure timely detection of suspicious and malicious incidents. Real-time threat intelligence is required that can cue up due diligence when needed.

Missing Security Patches

Missing or delayed patches seem like a small issue, but they are important. Patches are published to protect assets from known attacks. Delays in installing these patches may put data and systems at risk.

While people are working at home, patching VPNs, antivirus software, endpoint protection systems and operating systems should be a high priority. Any out-of-date software should be updated to the latest version to minimize the risk of a data breach.

You can scale up multi-factor authentication (MFA), too. MFA should be required to access sensitive data. If applying patches or new solutions to your network, it is important to apply them to the entire potential attack surface. If any one asset present in the network is not protected, it could become the attack vector for the whole network.

Awareness Training for Employees

Cybersecurity training and awareness, creating ‘human firewalls,’ are critical for employees. Security awareness programs should include an ongoing process of training employees to combat threats.

The main point of these programs is to teach them how to respond when they face a problem. Some employees do not understand data privacy best practices or that cybersecurity is part of their job.

When an attack comes, security is everyone’s job. Awareness programs and training help keep everyone on the same page. Employees shouldn’t be the weakest link in the chain. In reality, they can be the greatest resource.

Real-Time Incident Management and Response

All of this comes together under the umbrella of incident management, the ongoing process of recognizing, recording and hunting down threats in real-time. It gives a comprehensive view of threats and incidents. With a combination of software and human work, your employees can recognize and neutralize threats. ISO/IEC Standard 27035 provides a five-step process for managing security incidents:

  1. Prepare for handling threats and incidents.
  2. Identify potential incidents and risks. Report all incidents for further analysis.
  3. Assess the known threats and incidents to determine the right next steps to mitigate the risk.
  4. Start responding to the incident by containing, researching and resolving it (based on outcome of step 3).
  5. Learn and document key takeaways from incidents and use them as case studies for tackling any future problems.

These best practices will help you implement the incident management process.

To start with, develop an incident response team with defined roles and responsibilities. From there, conduct a comprehensive training program for every role and responsibility. If an incident does happen, run a post-incident analysis to learn from the successes and failures, then make adjustments in the program.

To reduce the damage and recovery costs, you need a strong incident management process. That means choosing the right tools for the job. As attackers find new ways to exploit loopholes and vulnerabilities, the good guys need to adapt these methods to be one step ahead.

 |  |  |  |  | 
Abhishek Sengar
Senior Security Consultant, IBM

More from Intelligence & Analytics
February 21, 2024

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

December 19, 2023

Web injections are back on the rise: 40+ banks affected by new malware campaign

8 min read - Web injections, a favored technique employed by various banking trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In March 2023, security researchers at IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections. This new campaign is widespread and particularly evasive, with historical indicators of compromise (IOCs) suggesting a possible connection to DanaBot — although we…

December 14, 2023

Accelerating security outcomes with a cloud-native SIEM

5 min read - As organizations modernize their IT infrastructure and increase adoption of cloud services, security teams face new challenges in terms of staffing, budgets and technologies. To keep pace, security programs must evolve to secure modern IT environments against fast-evolving threats with constrained resources. This will require rethinking traditional security strategies and focusing investments on capabilities like cloud security, AI-powered defense and skills development. The path forward calls on security teams to be agile, innovative and strategic amidst the changes in technology…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature