Cybersecurity Practices for Secure Infrastructure
Build a Secure Foundation – The First Step to Strengthen Cybersecurity Posture
Globally, we are surrounded by, connected to, dependent on, and benefit from ever-evolving digital transformation and technology. Every industry is dependent on technology for some aspect of its business. Be it cloud computing, big data, artificial intelligence, or machine learning.
The connected, digitally dependent world makes it easier to communicate with more people and businesses. Being connected brings more opportunities that benefit businesses, provide new experiences, and enrich everyone’s lives. But unfortunately, this new digital world also exposes people and businesses to a whole new type of threat. A massive number of motivated attackers with mixed motives, means, opportunity, greed, political agendas, and little fear of reprisal also comes with digital transformation.
With the increasing number of attacks, all companies require strengthening their security infrastructure to prevent potential threats.
Cybersecurity is an essential component of any organization’s overall strategy in the current market. Marsh referred to it as a New Cyber Risk Paradigm in their Cyber Insurance Market Overview: Fourth Quarter 2021. Companies must have a solid security foundation before benefiting from more complex security systems that support artificial intelligence or machine learning features. Implementing a secure foundation is the leading step in developing a secured infrastructure. We previously touched on Three Keys to Minimizing Exposure to Cyber Risk. Here we delve deeper into twelve cybersecurity controls that will increase your cyber security posture.
Why Focus on Key Cybersecurity practices?
As the proverb goes, if a foundation is cast wrong, the building can’t be durable even if it uses the strongest materials. Focusing on the foundation is the foremost step for building a secure and safe building. A strong foundation is essential for minimizing a catastrophe. The same applies to a company’s security posture. If a company ignores the most basic security practices, they are already vulnerable to most cyberattacks. If the basics are not followed, even a complex security system will not protect an organization.
Cybersecurity Key Practices
Key cybersecurity practices refer to all those small deployments and security controls that minimize potential threats by limiting access, minimizing the attack surface, and only integrating secured services provided by third parties.
1. Multi-Factor Authentication(MFA)
Multi-factor authentication is a security measure that requires more than one form of authentication to verify the user’s identity. MFA typically includes something the user knows (like a password) and something the user has (like a security token).
What is it: A third-party service that allows you to verify your identity to access an account.
Why we need it: To verify that the person logging into your system is who they claim to be.
How is it used: Depending on the application software, it can be a physical token the user has a phone call or a text message.
2. Endpoint Detection and Response (EDR)
Endpoint Detection and Response is a term used to describe a category of security solutions that focus on identifying and responding to threats on devices such as laptops, desktops, and servers. EDR solutions use various techniques such as behavioral monitoring and artificial intelligence (AI) to identify malicious or unauthorized activity. Once a threat actor is identified, EDR solutions can help organizations respond by automatically cleaning up the device or providing guidance on remitting the issue.
What is it: The use of an artificial intelligence product to monitor and protect endpoints within a computing environment.
Why we need it: It is an endpoint security tool that keeps your machine safe from malicious software and threats.
How is it used: A piece of software is deployed to each endpoint on a network, and the owner or a third party can then monitor for malicious activity.
3. Backups Secure and Encrypted
Backups are an essential part of any cybersecurity plan. They are used to create copies of data if the original data is lost or damaged. Secure and encrypted backups allow businesses to continue to operate even if there is a data loss incident. There are two main types of backups: full backups and incremental backups. Full backups create a copy of all the data on a system. Incremental backups only copy the data that has changed since the last backup. Most businesses use a combination of full and incremental backups to create a current and complete backup.
What is it: In case your systems ever fail or are attacked, you can quickly recover them by simply restoring them from a saved backup.
Why we need it: In the event of an attack, backups aid in the recovery as quickly as possible and as cost-effectively as possible.
How is it used: It utilizes services and software that create copies of virtual machines, computers, servers, and storage drives.
4. Privileged Access Management (PAM)
Privileged Access Management is a security solution that enables organizations to manage and control accounts and credentials. PAM solutions help to ensure that only authorized users can access privileged accounts. This simple action helps mitigate the risk of malicious actors gaining access to sensitive data or systems.
What is it: Making sure that elevated privileges are limited to protect users’ identities beyond regular users.
Why we need it: This is to make sure that any account with elevated privileges is subject to stricter control than a regular user account.
How is it used: There are multiple methods to keep track of all the privileges accounts, a role-based access control system (separating server and workstation admins), implementing the least privilege (limiting access to certain parts of the network).
5. Email Filtering and Web Security
Web security and email filtering are methods of protecting your computer from unwanted or dangerous content. Web security is the process of protecting your computer from online threats, such as viruses, spyware, and hackers. Email filtering is the process of automatically sorting your email messages into different categories based on a set of rules that you create.
What is it: Protecting users against unwanted links and attachments by using 3rd party applications.
Why we need it: Email filtering is required to prevent malicious links or attachments from being received and opened by users. Web security is needed in order to avoid users from accessing sites that may be malicious.
How is it used: We use third-party services or tools that scan emails (incoming and outgoing) for any malicious content.
One of the integral parts of cybersecurity is patching, and it needs to be included in any organization’s security strategy. Patching is the process of fixing vulnerabilities in a computer system or application. Software vendors typically release patches to address security flaws discovered in their products. Organizations that use software must keep updated with the latest patches to protect their systems from attack. The recent Log4J vulnerabilities are a perfect example of the importance of patching quickly.
What is it: Security patching addresses vulnerabilities identified by a vulnerability scanner and is used to make systems more secure.
Why we need it: It protects your systems from being vulnerable to known exploits.
How is it used: Windows patch management allows you to schedule and manage Windows updates and most third-party software. This is done via group policies in Windows or through other means.
7. Response Planning & Testing
It creates a plan for how an organization will respond to a cybersecurity incident. The process includes identifying potential threats, creating a response team, developing a communication plan, and rehearsing the response. Then testing that plan to make sure it will work in a real-world scenario.
What is it: It involves developing, planning, and testing a Disaster Recovery Plan (DRP) for a computing environment.
Why we need it: In the event of a cybersecurity breach or incident, we need a DRP to respond to a breach or cyberattack rapidly.
How is it used: In an incident, clients will have a step-by-step plan to react immediately and begin the recovery process.
8. Cybersecurity Awareness Training & Phishing Testing
Cybersecurity Awareness Training is a program that helps employees learn how to protect their personal information and company data from cyber threats. The program usually includes a variety of educational materials, such as videos, articles, and e-learning modules, as well as interactive exercises that allow employees to test their understanding of the material.
What is it: It includes the training of end-users on general cybersecurity best practices keeping their systems and computing environments secure, followed by follow-up sessions as required.
Why we need it: Inform end-users about cybersecurity concerns and help them recognize threats such as suspicious emails or attachments.
How is it used: The purpose of this is to educate and test the ability of end-users to recognize threats. The success of the training can be determined by sending emails to end-users to see if the users identify the threat and respond accordingly.
9. Hardening (including RDP)
Remote Desktop Protocol and hardening is the process of making a system or network more secure by reducing its vulnerability to attack. Hardening can include installing security patches, configuring firewalls, and disabling unnecessary services.
What is it: The act of locking down applications, systems, or network ports that are not being used and are, if left open, potential entry points for attackers
Why we need it: It prevents threat actors from using open entry points on parts of the network that may not be frequently used.
How is it used: Implementing Microsoft Security Best Practices, using vendor-supplied software, or consulting onsite to evaluate and remediate the computing environment.
Logging and monitoring are essential cybersecurity processes that help organizations detect and respond to cybersecurity incidents. Logging refers to collecting and storing data that can be used to identify and investigate cybersecurity incidents. Monitoring refers to the regular review of logs to identify suspicious activity and potential incidents.
What is it: Informs System Administrators about the health of the computing environment and alerts them about suspicious activities that should be investigated further.
Why we need it: Lack of log collection, storage, and analysis can cause a significant gap in your security visibility.
How is it used: Logging must be enabled for all endpoints, and logging should be checked regularly.
11. End-of-life Systems
When the manufacturer no longer supports end-of-life systems. This means that they are no longer being updated with security patches. As a result, these systems are more vulnerable to attack.
What is it: It involves adopting industry-standard practices for life cycle management for hardware and software. It is necessary to reduce the risk of using outdated technology that is no longer supported.
Why we need it: Vulnerabilities from unpatched software would leave an organization exposed. It is crucial to ensure that you aren’t using outdated software or hardware that the vendor doesn’t support.
How is it used: Implementing a process for updating old devices and end-of-life software before they become obsolete.
12. Vendor/Digital Supply Chain Risk Management
The vendor/digital supply chain risk management process is the proactive identification and assessment of risks that could impact a vendor or supplier’s supply chain. Risk management aims to identify potential risks and take steps to prevent or mitigate them.
The first step in risk management is to identify potential risks by reviewing the business’s operations and identifying any possible points of failure. Potential risks can also be determined by researching the supplier or vendor’s industry and looking for potential hazards.
After identifying potential risks, they need to be assessed to determine their severity. The assessment should consider the likelihood of the risk and its impact on the business. After the risks have been evaluated, the company needs to decide what steps it can take to prevent or mitigate them. The following steps may include developing policies and procedures, conducting due diligence on suppliers and vendors, and putting in place contingency plans.
What is it: Implementation of strategies to manage the risks associated with using 3rd party software or hardware to reduce vulnerabilities in computing environments.
Why we need it: This process helps you identify risks associated with using 3rd-party vendors, software, and hardware. Keeping continuity with these vendors and their software and hardware products will prevent you from causing unnecessary damage to your computing environment.
How is it used: Once a framework for risk management has been established, monitoring is critical in identifying risks. Identifying and tracking the indicators of risk has been made possible by digital tools for even complex supply chains.
The adoption of these key cybersecurity practices will help secure your infrastructure. They are the most reliable and straightforward way to implement changes that derive noticeable results in any security foundation. These twelve strategies will increase your security maturity without spending a large portion of the budget on a complex system.