Three Keys to Minimizing Exposure to Cyber Risk
There is a vast array of things organizations should be doing to minimize exposure to cyber risk and reduce downtime after an attack (see our previous post, ‘Protect Your Organization Against Potential Critical Threats – The CISA Advisory). The recent CISA advisory should be seen as a list of fundamentals and act as the ‘minimum’ for all organizations to adhere to in terms of security. We wanted to expand on the CISA requirements, but due to the limits of this blog, we will focus on three key ways to immediately minimize your cyber risk exposure.
Employees should always have the least amount of privilege needed to do their jobs. SysAdmins and IT teams often dish out admin access accounts like it is Christmas. This level of access significantly aids attackers in escalating privilege as they ‘live off the land’ once they get into an environment. The better you are at limiting access and privilege, the more likely you will contain an attacker if they do get in.
Install a Managed Endpoint Detection & Response (MEDR)
If you have not installed a solid MEDR solution (such as Sentinel One), you should have done this yesterday. Not only will MEDR help protect your endpoints by keeping the baddies out, but it will alert you when someone is trying to get in. You can even use your EDR solution to help quarantine systems and speed up the response to getting back online post-attack.
Backups, backups, backups!
If there is one thing organizations should takeaway, it is this. The difference between a few hours or days of disruption, and many weeks of pain and business interruption, is often backups, particularly after a ransomware event.
- Identify your Crown Jewels
- It is often a significant undertaking in its own right that many companies do not do properly
- Backup this data multiple times in multiple locations regularly
- Based on criticality – most critical daily, then weekly, and so on.
- Segregate it
- Online and Offline.
- Test Regularly
- Based on criticality
Emphasis on this last point, backups are useless unless they work, and if you don’t test them, you don’t know they work. Just like when your phone breaks and you lose precious photos because you didn’t back them up correctly, this is the same problem larger organizations encounter post-attack when they don’t have adequate backups in place, just at a much larger scale. The lack of useable backups is the crux of what forces companies to pay ransoms, so getting this right is vital. It is the most significant factor in mitigating the impact/risk of ransom attacks.
Addressing these items will significantly reduce an organization’s exposure to cyber risk and potentially save a company millions of dollars in cost savings.