Essential grains of truth
“If you can’t get the basics right, it doesn’t matter how brilliant your strategy is”
Harvard Business Review (https://t.co/3UowXYLfgD)
Every business should be considering the potential opportunities and cyber threats that the future could bring, but, with the future more uncertain than ever, how do you start to plan? Steven Usher, Senior Security Analyst, Brookcourt Solutions, offers his insights into the three areas he believes you should be looking at to stay ahead in the coming year.
When it comes to cybersecurity, the likelihood is that the majority of 2022’s cyber threats won’t be new or unheard of; they will be well-known issues that have been seen repeatedly. Yet these ‘well-known’ issues continue to catch out organisations year-after-year.
Always be aware of what is on your network. Take the time to ensure the asset register is fully populated, as it can be all too easy for an organisation to lose track of what is on their network. Having unknowns on your network is risky, as it opens up gaps in your network and ultimately puts the organisation at risk.
Taking this time to ensure your asset register is updated, fully populated and that there are as few items missing as possible should be a key priority for all organisations. After all, you can’t effectively protect or secure an asset, if you didn’t know it existed in the first place.
Once you have a clear picture of what exists on your network, you can then start to understand where the highest risks are, patch any outdated software and look to implement security measures that will dramatically improve your overall security posture.
Testing your security
Whether this testing includes penetration testing, red teaming etc that are in place, testing should be done continuously on a regular basis, by external groups, as well as tested internally, utilising breach and attack simulation products. If possible, red team engagements should be run in a purple team situation to ensure that the defence of the organisation is also analysed and reviewed.Often, recommendations made in reports from penetration tests and red team engagements are considered and mostly implemented. However, those changes need to be tested regularly, as well as maintained through the various changes that naturally occur in the environments in question. If software is displaced, the recommendations made and the policies implemented need to be maintained to ensure that the security posture of the organisation does not degrade.
Tabletop exercises should also be carried out internally on a regular basis, ensuring all the departments and employees who should be involved in responding to, as well as dealing with, incidents, have the correct knowledge and experience to do so. They should also be provided with the opportunity to look for and report on any weaknesses that are currently in the processes. Finally, tests should be run on restoring backups.
Organisations should change their viewpoint on the hiring of Cyber Security staff. There is a well-documented and well-known shortage of qualified Cyber Security staff in the industry, resulting in organisations becoming even fussier about who they hire, in an already lightly resourced industry.
This problem leaves the responsibilities of that unfilled role, within an organisation, open and unaffected a lot of the time, which ultimately reduces the efficacy of the company’s security overall and opens up gaps to allow vulnerabilities. Instead of looking for the most experienced candidate in the field, organisations should be open to searching for candidates with a passion for the industry and who have the potential to become the ideal candidate.