Good hygiene keeps you safe and healthy, as well as others around you. Its the same with cyber-hygiene the sets of practices that organizations are increasingly adopting in a structured way to complement their technological layers of cyberdefense. We highlight cyber-hygiene in many of our publications alongside regularly updated education programs, it can be very effective in preventing and mitigating cyberattacks. Here are eight ways to improve your cyber-hygiene, starting today.
One of the reasons data breaches happen is that its too easy for employees to be complacent about cyberthreats the risks are largely invisible to the untrained eye. This is often compounded by an overconfidence about security infrastructure. A resulting perfect storm of cybersecurity has nothing to do with me and cyberattacks never happen to our department can have disastrous repercussions when, for example, a complacent employee receives a sophisticated phishing email that compromises the entire organization.
This is where cybersecurity culture is invaluable. Becoming a company with a strong cybersecurity culture means adopting responsibility for cyber protection as a shared value of the organization. Think in terms of this is how we do things at this company. Ultimately, the Board needs to show leadership on cybersecurity culture and get buy-in from all levels.
Another problem is helping staff understand the connection between their behavior and the cyber-risk profile of the employer organization. The opsec team should never be the only group within a company that knows how to identify potentially malicious activity. A continual program of spreading awareness ensures constant vigilance and reduces the chances of disruption and financial loss.
When educating your people about cyber-risks, concentrate on what they can influence. A seminar on botnets, for example, has limited relevance beyond establishing wider context. So focus on things like phishing emails and social engineering techniques that attackers use to steal user credentials.
The end user is both the weakest and the strongest link in the chain. Expose your people to real-world threat simulations and test them regularly to identify those needing extra coaching and support. This can transform users from a potential weak spot in your security apparatus to a powerful defensive asset.
Each organizations threat profile is unique so it pays to understand it as much as possible, and gear user training programs to suit. Be cautious with generic e-learning modules that use scenarios that arent applicable to your sector and dont match your users day-to-day experiences.
A regular schedule of pen-testing is crucial to safeguarding data and should be carried out by a qualified third party. Ensure you act upon all critical advisories.
You can go even further with a subset of designated red-team employees. Red-teaming is where your own people try to outfox security defenses without warning. Not only does this keep company personnel on their toes (see above in relation to both awareness and practice), but it also uncovers potential weak spots in security posture that you can subsequently improve.
Regularly scanning computers, networks and applications for known weaknesses is an essential hygiene measure its success rests on the freshness of the insights and your ability to manage and prioritize patching efforts.
Use threat intelligence to scan outside the network to detect leaked, stolen and even sold user credentials in underground marketplaces. IT security teams can apply this intelligence to locate the sources of the initial attacks and patch vulnerabilities to ensure additional breaches do not occur through that vector.
Another feature of advanced threat intelligence is the ability to gain qualified, contextual insights into the actual threat actors and campaigns affecting your organization or sector. Graphical representations of kill chains mean you can practise on highly realistic attack simulations ahead of time, patching potential vulnerabilities and minimizing your attack surface.
Passwords are regularly exploited by attackers because simple security measures are not consistently enforced. A recent Tripwire survey of IT security professionals found that one-third do not require users to change default passwords. Many organizations also fail to crackdown on things like password reuse, employees sharing credentials and users forming passwords with dictionary-based words.
While organizations have increased their use of two-factor authentication to protect access to critical data, attackers have become more adept at circumventing this with stolen passwords. An improved measure is multi-factor authentication (MFA) where more than two factors are required. This is particularly effective in conjunction with one-time passwords (OTPs), which typically expire within 5 minutes and remove the need for users to memorize multiple passwords or place them in a password vault that will inevitably come under attack.
The Center for Internet Security (CIS) offers a diligently researched and updated set of 140+ free to access configuration guidelines for operating systems, cloud providers, server software and desktop software as well as mobile, network and even multifunction print devices. Developed and accepted by government, business and academia, base-level versions of the benchmarks can be implemented simply and rapidly, while more detailed level 2 benchmarks address the needs of the most security-conscious organizations. The US DoDs Defense Information Systems Agency (DISA) publishes similar materials in the form of Security Technical Information Guidelines (STIGs).
Validating your approach with these best-practice benchmarks is labor-saving, plus it allows you to benefit from world-class security resources. Each institution regularly updates its canon in line with system versions and high-level changes to the overall threat landscape.
The key to emerging from cyberattacks intact is discovering them as fast as possible. It suits the cyberattacker to remain silently undetected, particularly when motivated by commercial gain rather than conspicuous disruption. However, not everyone uses fit-for-purpose threat intelligence, which is why the average timelag is 206 days. And each day that attacks go undetected enables attackers to compromise more data. Literally billions of data records were exposed in 2019, many from exploits that lay undetected for weeks if not months.
The problem of spotting new devices on your network is exacerbated by the rapid growth in IoT endpoints. 57% of IT security pros said it takes them hours, weeks or longer to detect these far too long given that cyberattackers only need a few minutes within which to launch a successful attack.
There are lessons to be learned outside of the cyber paradigm, at those sectors where the mindset needed to adopt standard safety hygiene has evolved to become second nature. You cant help but notice it on construction sites in the form of bold signage, specialist apparel and regular inspections.
On hospital wards its less visible but just as ingrained: despite all the advanced drugs and technological therapies money can buy, washing hands and keeping dressings clean is the baseline for medical care.
Thats the objective your organization should have for cyber-hygiene; make these measures so obviously beneficial for everyone that it becomes fully ingrained.
The post Eight ways to improve cyber-hygiene in the enterprise appeared first on Blueliv.
Recent Articles By Author
*** This is a Security Bloggers Network syndicated blog from Blueliv authored by Joshua Hoppen. Read the original post at: https://www.blueliv.com/cyber-security-and-cyber-threat-intelligence-blog-blueliv/improve-cyber-hygiene-enterprise/
Originally posted here:
Eight ways to improve cyber-hygiene in the enterprise - Security Boulevard
- Is COVID-19 Making the Internet Sick? - Government Technology - May 27th, 2020
- Thanks to Physics, This Chocolate Is Iridescentand Safe to Eat - Smithsonian.com - May 27th, 2020
- $100 million in bounties paid by HackerOne to ethical hackers - BleepingComputer - May 27th, 2020
- Types of Encryption: 5 Encryption Algorithms & How to Choose the Right One - Security Boulevard - May 27th, 2020
- Asian consumers worried about securing their data - BusinessWorld Online - May 27th, 2020
- Move online to survive businesss new mantra - BizNews - May 27th, 2020
- China Demands Us Withdraw Sanctions on Tech Suppliers - Manufacturing Business Technology - May 27th, 2020
- DDoS Protection Market Overview, Regional And Restraint Analysis By 2020 2026 - 3rd Watch News - May 27th, 2020
- Galaxy S20 security is already old hat as Samsung launches new safety silicon - The Register - May 27th, 2020
- Amid the COVID-19 crisis and the looming economic recession, the Electronic Bill Presentment and Payment (EBPP) market worldwide will grow by a... - May 27th, 2020
- Global Internet of Things (IoT) Security Market Research Studies Competitive Strategies, Regional Analysis Forecast 2025 - WaterCloud News - May 27th, 2020
- When COVID-19 and Economic Fallout Put Millions of Kids in Unsafe Places, Communities in Schools Went in After Them. - The 74 - May 27th, 2020
- DNS over HTTPS: How to activate it on Windows 10 Build 19628 - WinCentral - May 27th, 2020
- The lack of women in cybersecurity leaves the online world at greater risk - The Conversation US - May 17th, 2020
- COVID-19 Impact and Recovery Analysis | Internet of Things (IoT) Security Market 2020-2024 | Increasing Incidence of Cyberattacks to Boost Growth |... - May 17th, 2020
- Break On Through To The Other Side - Seeking Alpha - May 17th, 2020
- Post-COVID 19: The Virtual World And Digital Participation And Its Challenges In Ghana - Modern Ghana - May 17th, 2020
- Embracing Remote Learning and Working after COVID-19 as our New Reality - THISDAY Newspapers - May 17th, 2020
- The lack of women in cybersecurity leaves the online world at greater risk - Kiowa County Press - May 16th, 2020
- Internet security Market Research Report 2020 By Size, Share, Trends, Analysis and Forecast to 2026 - Cole of Duty - May 16th, 2020
- The best antivirus protection of 2020 for Windows 10 - CNET UK - May 16th, 2020
- Bill Proposes to Incentivize Cybersecurity Innovations With Cash Prizes - Nextgov - May 16th, 2020
- The Confessions of Marcus Hutchins, the Hacker Who Saved the Internet - WIRED - May 16th, 2020
- Spains DGT Warns Of A New Scam Circulating Which Tricks Users Into Giving Their Data - Euro Weekly News - May 16th, 2020
- What is the Internet of Things? - Fox Business - May 16th, 2020
- Air Force aims to make secure mobile identity management the norm - FCW.com - May 16th, 2020
- Internet Security Market Analysis, Size, Regional Outlook, Competitive Strategies and Forecasts to 2027 - Cole of Duty - May 9th, 2020
- (2020-2026) Internet Security Audit Market to Witness Robust Expansion throughout the Forecast Period - Cole of Duty - May 9th, 2020
- OODAcast A Conversation With Lou Manousos, CEO of RiskIQ - OODA Loop - May 9th, 2020
- COVID-19 Crisis To Help Akamai Replicate $300 Million+ Revenue Growth From The Past 2 Years? - Forbes - May 9th, 2020
- Global Internet Security Market is Segmented by Applications, Technology, Product Type And Service and Region - TechnoVally - May 9th, 2020
- Google Releases May 2020 Android Security Patch; Fixes Bug That Allowed Remote Code Execution - Mashable India - May 9th, 2020
- Gregory Boehm | The Harvard Press | News | Obituaries - Harvard Press - May 9th, 2020
- Wifi/ Internet/ IoT Testing and Security Solutions Market 2020 by Company, Regions, Type and Application, Forecast to 2024 - Cole of Duty - May 9th, 2020
- More Salt in their wounds: DigiCert hit as hackers wriggle through (patched) holes in buggy config tool - The Register - May 9th, 2020
- Zoom's Rise, Reign and Era of Reform at the Top of the Teleconferencing Throne - BroadbandBreakfast.com - May 9th, 2020
- The Pleasures and Pitfalls of Motherhood on Instagram - ELLE.com - May 9th, 2020
- Global IT Security Spending in Government Market Expected to reach highest CAGR by 2025: Check Point Software Technologies, Cisco Systems, Fortinet,... - May 9th, 2020
- Millions of Android users need to update, or risk having attackers take over their phone - Express - May 9th, 2020
- Deal of the Month: 50% off Integos Mac Internet Security X9 bundle - 9to5Mac - April 20th, 2020
- COVID-19 impact: Internet Security Firewall Market: Promising Growth Outlook with a Steady CAGR of X% 2020-2026 Cole Reports - Cole of Duty - April 20th, 2020
- Russia And China Hijack Your Internet Traffic: Heres What You Do - Forbes - April 20th, 2020
- Internet security Market 2020 Break Down by Top Companies, Applications, Challenges, Opportunities and Forecast 2026 Cole Reports - Cole of Duty - April 20th, 2020
- Investor Paul Meeks overhauls tech strategy due to coronavirus risks, turns negative on two widely held stocks - CNBC - April 20th, 2020
- Authentic8's Front Line of Defense Tool Aims to Safeguard Government Agencies from Cyberthreats - WashingtonExec - April 20th, 2020
- Blockchain: The Most Awaited Ally For The Security Of The Internet Of Things - CoinCodex - April 20th, 2020
- The internet's battle against bots is heating up - The Hustle - April 20th, 2020
- Bot creates millions of fake eyeballs to rip off smart-TV advertisers - Naked Security - April 20th, 2020
- Where to buy Kaspersky Internet Security? - RecentlyHeard.com - April 17th, 2020
- Citing coronavirus disruptions, PhishCloud offers year of free service to prevent phishing scams - GeekWire - April 17th, 2020
- The Global Software Defined Perimeter Market size is expected to reach $10.7 billion by 2025, rising at a market growth of 23.7% CAGR during the... - April 17th, 2020
- Women are essential helpers during crises but they need access to the internet | TheHill - The Hill - April 17th, 2020
- How To Browse The Internet Privately on Your Phone (Our #1 Tips) - Know Your Mobile - April 17th, 2020
- Faster Internet and protection against cyberattacks: UPC Business offers customers free additional services during the coronavirus crisis -... - April 17th, 2020
- Teaching your kids to surf the internet safely - The Star Online - April 17th, 2020
- No, the Internet Is Not Good Again - The Atlantic - April 17th, 2020
- Cyberattacks on endpoints will rise by up to 40 per cent unless we act quickly - Techerati - April 17th, 2020
- RBR's CyberPatriots Continue their Winning Ways - The Two River Times - April 17th, 2020
- The Weaponization of Dogs on the Internet - Lawfare - April 17th, 2020
- Investment opportunities in the internet sector - Times of Malta - April 17th, 2020
- Matt Hancock has no answers for anything but he does have a six-point plan and a very small badge - The Independent - April 17th, 2020
- Best internet security suites of 2020: anti-virus and anti-malware cyber security - TechRadar - April 17th, 2020
- The security conundrum of 5G network slicing - Urgent Communications - April 13th, 2020
- How to Make Sure that Antivirus is on your Endpoints - Security Boulevard - April 13th, 2020
- Why you can't trust your vote to the internet - CyberScoop - April 13th, 2020
- IoT security, neglected infrastructure, and a crisis of trust deemed major threats for 2022 - TechRepublic - April 13th, 2020
- Aspects of cybersecurity not to overlook when working from home - Big Think - April 13th, 2020
- The Rise of the Secure Internet Gateway - Communal News - April 13th, 2020
- The University and its students must be more considerate of essential USC staff - Daily Trojan Online - April 13th, 2020
- Foreign Operatives Allegedly Using Zoom To Spy On Americans - Brinkwire - April 13th, 2020
- Top Ways to Guard Against Work-from-Home Phishing Threats - Infosecurity Magazine - April 13th, 2020
- Get 2 years of Webroot internet security and antivirus for $50 at Amazon - BGR - April 12th, 2020
- Internet Security Software Market Growth Analysis, Top Manufacturers, Shares, Growth Opportunities and Forecast to 2026 - Germany English News - April 12th, 2020
- Foreign Spies Are Targeting Americans on Zoom and Other Video Chat Platforms, U.S. Intel Officials Say - TIME - April 12th, 2020
- iOS users beware: Myth of Apple security invulnerability is just that - The Star Online - April 12th, 2020
- Experts: Internet voting isn't ready in the face of coronavirus pandemic - CyberScoop - April 12th, 2020
- Slack in the security spotlight lessons for collaboration servers - Naked Security - April 12th, 2020
- Google removes Android VPN with critical vulnerability from Play Store - Naked Security - April 12th, 2020
- Is there a way to find this file that's being used by another processor? - Windows 10 Support - BleepingComputer - April 12th, 2020
- Global Internet of Things (IoT) Security Industry 2020 Market Research With Size, Growth, Manufacturers, Segments And 2026 Forecasts Research -... - April 12th, 2020