Fundamental Steps Organizations Can Take to Minimize Breach Risk
- Jan 08, 2018
- Guest Author
We’re living through the gold rush of information security. The awareness and importance of information (or cyber) security has never been higher. Budgets are flowing, technology is addressing most needs, and senior level buy-in is present.
But we still see incidents and breaches occur at an alarming rate. It can be easy to draw the conclusion that the attacks are increasingly sophisticated which is why so many companies are being breached.
The reality is somewhat different. Most attacks are known, or predictable based on data that the infosec industry collects and analyses. Many breaches occur because fundamental security controls were not implemented properly.
Breaches aren’t occurring because the right technology isn’t available. After most incidents, evidence of the breach can be found in logs and alerts. So, let’s look at some of the fundamental steps that most organizations can take in order to minimize the risk of being breached.
Perhaps one of the most fundamental, yet overlooked aspect of technology is knowing what assets a company owns and assessing its importance.
This not only provides the digital footprint, but also helps in prioritizing response, not just for incidents, but also in understanding which vulnerabilities need to be addressed immediately.
Splitting a task between two or more people can be very beneficial. It can prevent mistakes as well as malicious intent. It’s why missile launches are controlled by having many layers of checks and balances, culminating in two soldiers having to simultaneously turn their respective keys.
Having properly segregated accounts and roles not only prevents, say a junior bank teller make large financial transfers, either intentionally or by being scammed, but also limits the amount of damage a criminal can do if they take over an account.
In larger organizations, change management can often be viewed as an overly bureaucratic overhead. However, it can be an essential tool in safeguarding the integrity of the environment.
What you quickly come to realize, is that even the sometimes most mundane of changes have a security impact and if you’re lucky enough to be on the change approval board you need to look at a change from all angles to make sure it doesn’t affect the current security setup.
It’s not always the big changes that one has to worry about. When making a change to your payment platform, everyone is aware that security is of paramount importance and will focus on it. It’s the smaller changes that sometimes catch people out.
Change management is also very useful for spotting when a change shouldn’t be occurring. If a change to the environment occurs with no corresponding change record, it could very well be that an attacker has gained a foothold into the network and is working their way through.
The principle of least privilege is to give people only the minimum amount of access and rights needed for them to carry out their job. Like segregation of duties, it limits the amount of damage that can be inflicted if a user account is taken over.
It is important to regularly review access rights and privileges to ensure for appropriateness. It may seem like an additional burden, but it can hamper or fully deter an attacker.
In today’s day and age, it is relatively simple to pick up a technology that will unify logs and give an overview of all activity in the environment. The basic principles of monitoring remain the same though.
First you need to be clear as to what you’re looking for, once you’ve found it, you need to know what to do with an alert.
Secondary to this is auditing, which is almost identical to monitoring, except it’s done later. It’s about going through the systems and logs making sure everything is working as intended.
Having suitable monitoring and auditing in place would perhaps have allowed many companies to detect breaches long before they become public.
The fundamentals are usually enough. Don’t be blinded by marketing buzzwords and the shiny new toy/technology. You can do a lot worse than sticking to the fundamentals, using good hygiene, vulnerability management, and correlated threat intelligence.
By Javvad Malik – Security Advocate at AlienVault