E R T N
P
X
E INIO
OP
When combined into a single, integrated
framework, an overlapping strategy based
on security tools, people and processes
will yield the most effective defences.
Security tactics for people,
processes and technology
As IT teams seek to create a layered
security environment, there are several
tactics they should consider:
People: Employees can create some
of the greatest risks to cybersecurity.
However, when they are well informed
they can also be an asset and a first line
of defence. Oftentimes, cybercriminals
will specifically target employees as
an attack vector based on their lack of
knowledge for security best practices.
For example, cybercriminals might
target employees with phishing emails
designed to get them to click on a
malicious link or divulge credentials.
With this in mind, it’s imperative that
organisations conduct regular training
sessions throughout the year to keep
employees aware of potential scams
and the ways they can make their
organisation vulnerable.
Training programmes like these will
create a strong culture of cybersecurity
that can go a long way toward
minimising threats.
A few of the cyberhygiene points IT
teams will want to inform employees
of include:
• Creating strong passwords that are
unique to each account and not
reused, ensuring personal and work
passwords are separate
• Not opening or clicking links in
suspicious emails or those from
unfamiliar senders
• Ensuring applications and operating
systems are updated regularly as
soon as patches are released and
not installing any unknown outside
software, as they can open security
vulnerabilities in the network
42
• Immediately reporting any unusual
behaviour or something strange
happening on their computers
Another way IT teams can improve
cybersecurity at the employee level is
with access management policies such
as the principle of least privilege, which
provides a person with access to data
only if it is necessary to do their job
– thereby reducing the exposure and
consequences of a breach.
Processes: This layer of cybersecurity
ensures that IT teams have strategies
in place to proactively prevent and to
respond quickly and effectively in the
event of a cybersecurity incident.
First, IT security teams should have a
cyberincident response plan in place.
A good incident response plan will
provide an organisation with repeatable
procedures and an operational approach
to addressing cybersecurity incidents to
recover business processes as quickly
and efficiently as possible.
In addition, ensuring proper backups
are in place and regularly testing these
backups is imperative to minimising
downtime and increasing the chances of
data recovery from a cyberevent.
Next is the collection and analysis
of threat research. Every security
strategy and tool must be informed by
current threat intelligence in order to
effectively detect and respond to threats.
For example, threat research might
reveal that cybercriminals have been
carrying out attacks through a specific
vulnerability or targeting endpoints with
a specific malware.
Armed with this information, IT teams
can then take proactive measures by
making any necessary system updates
and increasing monitoring to detect
behaviour indicative of one of these
attacks. It is also important that IT
teams consult both local and global
threat data for the most comprehensive
understanding of the threat landscape.
Another important process on the
road to effective cybersecurity is the
prioritisation of assets. While IT teams
remain strained due to the cybersecurity
skills gap, networks have become
increasingly sophisticated, making it
impossible to manually monitor each area
of the network at all times. Therefore, IT
teams must know where all their assets
are and prioritise these assets based
on which are most business critical and
would have the greatest impact on the
business if breached.
From there, security teams can develop
policies and deploy strategies to keep
this data more secure and minimise
consequences. This might mean using
network segmentation to add an extra
level of security or creating access
control policies based on who needs
access to this specific sets of data.
Technology: As discussed previously,
there are a host of technologies that
Issue 11
|
www.intelligentciso.com