The cyber threat landscape is constantly evolving. For businesses, particularly small or medium-sized enterprises, the effort needed to stay ahead of cyber risk is daunting. However, there are practical exercises organisations of any size can undertake to protect themselves against cyber threats.
Here Mike Groves, Director of Cyber Advisory, outlines five tips every organisation should consider when protecting itself against cyber threats and offers specific advice on ransomware readiness – the most prolific of all the cyber incidents we see at S-RM.
Understand that your data is attractive to attackers
An organisation’s data is a very precious resource, and there is little surprise that regulations around data, particularly personal data, are growing and hardening. For any business collecting, storing, or processing customer, employee, or client data, you must understand that this is an attractive target for attackers and hence presents your greatest area of risk and liability.
Take steps to understand the evolving threat landscape
You don’t have to be a technical cyber expert to understand the evolving threat landscape. You can build knowledge and awareness incrementally. Focus on your industry and keep up to date with the risk businesses face – you can do this by subscribing to weekly risk bulletins, free alert services, and by signing up to receive material from organisations like the National Cyber Security Centre (NCSC) in the UK. As a next step, consider engaging a professional cyber security consultancy to help you understand your firm’s threat profile.
Understand and map your IT environment and attack surfaces
Are your printers networked? Do you use a third-party supplier to host your company website? It’s important to map out your IT environment, which can get very complex – but you can’t protect what you can’t see or don’t know is exposed. Making sure your IT team (be that internal or external) has up-to-date network diagrams, asset registers, public (and private) IP address inventories is important. Having these resources ready and available allows you to assess your own exposure to vulnerabilities accurately, implement mitigating controls, and also respond more quickly and effectively in the event of an incident.
Carry out a comprehensive review of your cyber security controls
Once you have mapped out your IT environment, you can start to carry out a risk assessment of each point of exposure. This will provide the foundation of a ‘road mapping’ exercise in which solutions can be intelligently focussed on known and prioritised weaknesses. However, there’s no point in having a ‘to do’ list with no one assigned to carry out the tasks. So, when it comes to implementing changes, ensure that the programme is owned at the right level of leadership and resourced with appropriate expertise. We also recommend that companies align their roadmap against a well understood technical framework (for example CIS18, NIST, etc.) This will allow you to make sure you have considered all control domains.
If time and budget are scarce, focus on quick wins:
If there isn’t time or budget to go through these steps, assume that an attack is likely to happen sooner rather than later and focus on quick wins:
- Provide security awareness training for your staff
- Arrange penetration testing to expose and remediate the flaws most visible to would be attackers
- Update and simplify your Incident Response plan
- Exercise response teams and processes with a simulated attack
Of all the cyber security threats organisations face, ransomware remains one of the most pervasive, and is the key driver behind most incidents we respond to at S-RM.
There has been recent speculation within the cyber security sector about the war in Ukraine and whether Russia-based hacking groups might step up new forms of attack on certain western targets as a result.
However, for the time being, the majority of organised cybercriminal groups appear to be operating as normal, and ransomware groups continue to target western companies indiscriminately.
Such groups will often scour the internet and use publicly available vulnerability scanning tools to identify ‘low hanging fruit’ to target – in other words, companies with weak security postures and exposed vulnerabilities.
You can minimise your chances of being impacted by a ransomware incident by implementing the following core security controls:
- Review your public facing infrastructure for vulnerabilities and ensure that the latest security updates and patches are applied and tested as fast as is feasible.
- Deploy multi-factor authentication (MFA) to all external services and remote access methods.
- Deploy and monitor an Endpoint Detection and Response (EDR) solution to increase your capabilities to detect and respond to threats as they occur. Remember that a tool like this is only as good as the time and resource you give to configuring and monitoring it properly.
- Maintain regularly tested backups of critical systems and data which are off-network or offline to reduce downtime in the event of a cyber-attack. These backups should be stored away from the core infrastructure with a segregated method of access management in place.
- Enable logging within the environment at the most granular level and with the longest retention feasible, particularly for network logs. This will mean that, in the event of an incident, you can easily and effectively investigate what vulnerabilities may have been exploited and how a threat actor may have gained access to your environment – in turn, this will mean you can emerge more resilient from an incident and remediate any security failings identified.
- Review your denial of service protections with your ISP and consider using web application firewalls where applicable.