NopSec.com uses cookies to make interactions with the Company’s Websites easy and meaningful. When you visit one of the Company’s Websites, NopSec.com’s servers send a cookie to your computer. Standing alone, cookies do not personally identify you; they merely recognize your Web browser. Unless you choose to identify yourself to NopSec.com, either by responding to a promotional offer, opening an account, or filling out a Web form (such as a “Contact Us” or a “Free Trial” Web form), you remain anonymous to the Company. Please go to our privacy statement for details.

Acknowledge
More Menu Less Menu
Schedule a Demo
Security Team Intelligence

Fundamental Steps Organizations Can Take to Minimize Breach Risk

We’re living through the gold rush of information security. The awareness and importance of information (or cyber) security has never been higher. Budgets are flowing, technology is addressing most needs, and senior level buy-in is present.

But we still see incidents and breaches occur at an alarming rate. It can be easy to draw the conclusion that the attacks are increasingly sophisticated which is why so many companies are being breached.

The reality is somewhat different. Most attacks are known, or predictable based on data that the infosec industry collects and analyses. Many breaches occur because fundamental security controls were not implemented properly.

Breaches aren’t occurring because the right technology isn’t available. After most incidents, evidence of the breach can be found in logs and alerts. So, let’s look at some of the fundamental steps that most organizations can take in order to minimize the risk of being breached.

1. Know Thy Assets

Perhaps one of the most fundamental, yet overlooked aspect of technology is knowing what assets a company owns and assessing its importance.

This not only provides the digital footprint, but also helps in prioritizing response, not just for incidents, but also in understanding which vulnerabilities need to be addressed immediately.

2. Segregation of Duties

Splitting a task between two or more people can be very beneficial. It can prevent mistakes as well as malicious intent. It’s why missile launches are controlled by having many layers of checks and balances, culminating in two soldiers having to simultaneously turn their respective keys.

Having properly segregated accounts and roles not only prevents, say a junior bank teller make large financial transfers, either intentionally or by being scammed, but also limits the amount of damage a criminal can do if they take over an account.

3. Change Management

In larger organizations, change management can often be viewed as an overly bureaucratic overhead. However, it can be an essential tool in safeguarding the integrity of the environment.

What you quickly come to realize, is that even the sometimes most mundane of changes have a security impact and if you’re lucky enough to be on the change approval board you need to look at a change from all angles to make sure it doesn’t affect the current security setup.

It’s not always the big changes that one has to worry about. When making a change to your payment platform, everyone is aware that security is of paramount importance and will focus on it. It’s the smaller changes that sometimes catch people out.

Change management is also very useful for spotting when a change shouldn’t be occurring. If a change to the environment occurs with no corresponding change record, it could very well be that an attacker has gained a foothold into the network and is working their way through.

4. Least Privilege

The principle of least privilege is to give people only the minimum amount of access and rights needed for them to carry out their job. Like segregation of duties, it limits the amount of damage that can be inflicted if a user account is taken over.

It is important to regularly review access rights and privileges to ensure for appropriateness. It may seem like an additional burden, but it can hamper or fully deter an attacker.

5. Monitoring and Auditing

In today’s day and age, it is relatively simple to pick up a technology that will unify logs and give an overview of all activity in the environment. The basic principles of monitoring remain the same though.

First you need to be clear as to what you’re looking for, once you’ve found it, you need to know what to do with an alert.

Secondary to this is auditing, which is almost identical to monitoring, except it’s done later. It’s about going through the systems and logs making sure everything is working as intended.

Having suitable monitoring and auditing in place would perhaps have allowed many companies to detect breaches long before they become public.

Conclusion

The fundamentals are usually enough. Don’t be blinded by marketing buzzwords and the shiny new toy/technology. You can do a lot worse than sticking to the fundamentals, using good hygiene, vulnerability management, and correlated threat intelligence.

By Javvad Malik – Security Advocate at AlienVault

Categories
Category
Tags
Verizon 2020 DBIR Report, Vulnerability management
Read Next

Schedule a Product Demo Today!

See how NopSec's security insights and cyber threat exposure management platform can organize your security chaos.