While organizations around the world are rightly focused on the COVID-19 pandemic, the work of cybersecurity must continue. In fact, attackers often increase their efforts to breach networks and systems during times of trouble, counting on the chaos as a useful distraction. In such times, the best cybersecurity practices should actually refocus on the most basic, but still the most useful, steps — what we call security hygiene.

Cybersecurity hygiene includes the basic best practices that help protect you against many different types of attacks and attackers. For example, you should:

  • Make sure that all systems are properly patched and current.
  • Make sure that all endpoints have up-to-date malware and antivirus protection.
  • Make sure only the necessary firewall ports are open.

Strengthening Your Security Posture

In IT security, the worst threats often come from devices corrupted with computer viruses such as Trojans, malware or worms.

Many malicious IT viruses are designed to spread to nearby nodes on the network or to hijack normal communication mechanisms to spread their payload. The NotPetya worm, which brought down huge corporate networks for days after spreading as an accounting software update from a compromised machine in the Ukraine, is a case in point of this behavior. For this reason, in IT security, proper and timely defense against known threats is one of the more potent forms of cybersecurity.

With security monitoring — and breach-and-attack simulation platforms more specifically — it is possible to probe the defenses of an organization without performing an attack or test on a production system. This method can provide an objective view of the state of the security posture of that organization and inform recommended defenses against vulnerabilities that the organization’s security and technology systems are not properly configured to defend.

Informed cybersecurity experts can look at a breach, understand the environmental factors, categorize the potential risks and vectors, and prescribe actions. The newer simulation systems can also work with human experts to more effectively prioritize security solutions based on severity of the specific risk to the particular organization. This means business risks can be prioritized on equal footing with more classic risk-rating structures that only account for cyber risks and their relative severity.

Such a view can be deemed objective because the simulation can programmatically run through thousands of known playbook attacks many times per day. The remedy, in this case, consists of recommended changes to configurations and controls that have left the organization exposed to attacks. Again, this is not rocket science or some fancy new product category; it is security hygiene, pure and simple. The best defense is to make sure that security controls are optimized for your current technology attack surface.

Early Detection Is Crucial

In cybersecurity, early malware/virus detection is absolutely crucial. This allows an organization to better map the threat to their environment and plot a response. The earlier a malware or virus is detected, the less chance it has to spread horizontally through the organization’s IT infrastructure.

For example, what if your security monitoring and management tool recognizes that you are sending traffic to an IP address belonging to a bad actor? Then you have a strong indication that there is an infection somewhere in your environment. Security monitoring is practical and effective because it can spot obvious symptoms that almost always indicate something is wrong.

You Don’t Have to Do It Alone

Cybersecurity experts in digital forensics and incident response or management can quickly build a complete picture of most security problems, diagnose the root cause and propose a variety of solutions, including incident response and remediation. It is best to move quickly so as to minimize disruption and keep the cost of security breaches down.

For example, if a security breach is not detected and addressed quickly, then the attackers can spend more time poking around in your systems and steal sensitive business data. While your in-house team may be good enough for this, during a major breach it is almost always helpful to consult with third parties to get their take on the best way to fix a problem and move forward.

A good way to enforce cybersecurity is to ensure each engagement has a tight scope. Another is to have a dedicated third-party resource consultant that your team can turn to for advice and guidance. Ideally, you will also have access to experts who are familiar with your ongoing cyber hygiene approach and feel comfortable operating with your existing set of tools and controls.

Rarely is buying a new security control the answer to your problems. Almost always, it’s putting in place systems and procedures that better utilize the security controls you have and establish better internal management processes and cultural awareness of potential risks.

Security Hygiene Is a Combination of People, Process and the Right Technology

The good news is that it’s never too late (or too early) to practice effective IT security hygiene. Chief information security officers (CISOs) need to reinforce and reteach that connecting insecure, unhygienic home-based machines to your corporate network is highly risky behavior that can result in an infection or a breach.

For technologies to more effectively protect your company and detect threats, simple, low-to-the-ground mechanisms work best and are the simplest to maintain and run. For expert help, bring in a specialist to ensure that your incident response and remediation are running well or to give you an annual security audit with a pair of fresh eyes. Keeping your IT infrastructure secure need not be complicated — but it does require effort, the right technology and expertise.

Learn More

 

More from CISO

How to Solve the People Problem in Cybersecurity

You may think this article is going to discuss how users are one of the biggest challenges to cybersecurity. After all, employees are known to click on unverified links, download malicious files and neglect to change their passwords. And then there are those who use their personal devices for business purposes and put the network at risk. Yes, all those people can cause issues for cybersecurity. But the people who are usually blamed for cybersecurity issues wouldn’t have such an…

The Cyber Battle: Why We Need More Women to Win it

It is a well-known fact that the cybersecurity industry lacks people and is in need of more skilled cyber professionals every day. In 2022, the industry was short of more than 3 million people. This is in the context of workforce growth by almost half a million in 2021 year over year per recent research. Stemming from the lack of professionals, diversity — or as the UN says, “leaving nobody behind” — becomes difficult to realize. In 2021, women made…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Detecting the Undetected: The Risk to Your Info

IBM’s Advanced Threat Detection and Response Team (ATDR) has seen an increase in the malware family known as information stealers in the wild over the past year. Info stealers are malware with the capability of scanning for and exfiltrating data and credentials from your device. When executed, they begin scanning for and copying various directories that usually contain some sort of sensitive information or credentials including web and login data from Chrome, Firefox, and Microsoft Edge. In other instances, they…