Process-level preventive cybersecurity measures in organizations
By Ronak
Published on Nov 14, 2022Traditional security models were structured to focus solely on perimeter security. As we all know, no IT infrastructure is infallible. However, if a hacker manages to bypass or breach a network perimeter and perimeter security is the only measure in place, there would be no other protective layers guarding organizational data. This is why a multi-layered security approach towards security incident prevention and response is imperative in order to react as fast as possible to cyberattacks and negate as many as possible.
While reactive measures result in changes, solutions, and implementations after an attack takes place, preventive measures, like enforcing appropriate policies and conducting necessary assessments, are implemented before an attack takes place.
At the process-level, an organization's approach towards preventive measures in cybersecurity can be divided into two parts—policy and posture management, and system management—each with two subcategories that dive deeper into how those measures can be enforced.
Policy management: Defining cybersecurity policies
Since the GDPR was rolled out in 2018, data protection has been gaining significant traction. One of the key reasons behind this is the inclusion of process-level preventive measures in the GDPR, such as:
- Privacy impact assessment.
- Data protection by design and default.
- Ensuring security appropriate to the level of processing.
The key areas of preventive measures for organizations are predefined in the GDPR; organizations that wish to be GDPR-ready can implement and practice these preventive measures.
Step 1. Ceaseless discovery followed by assessment
Step 2. Protection of data in all endpoints
Step 3. Protection of applications in data centers
Step 4. Protection of data uploaded, stored, and downloaded from the cloud
Step 5. Detection, investigation, and remediation in a reasonable time (partly reactive measure)
While large-scale organizations typically fall under heavily regulated industries governed by data protection laws such as the GDPR with comprehensive security policies, small-scale organizations are not as heavily regulated due to conditions involving products and compliance thresholds. Therefore, their security policies are not as comprehensive, and can exclusively focus on adopting basic preventive practices. Some of these basic preventive security practices and policies are mentioned below.
- Email encryption practices
- Policies for remote access to organizational applications
- Policies for the creation and protection of passwords
- Policy for social media usage
Policy management: Updating and auditing cybersecurity policies
Technology is ever-changing. Staying up to date with it involves deploying updates at least once a year to make changes to cybersecurity procedures. Organizations should also hold annual reviews and establish a process of updating policies with their primary stakeholders.
InfoSec Institute, an IT security consulting and training company, states a total of three policy audit objectives:
- An organization's cybersecurity policy should be compared to the actual practices.
- An organization's exposure to internal threats should be determined.
- The risk of external threats regarding security should be evaluated.
Updating and auditing cybersecurity policies and procedures offers:
- Insight into which operative process requires a cybersecurity policy with better enforcement.
- Identification of policy rules that no longer apply to the present processes of work.
- Helps avoid negative outcomes like fines, settlements, and brand degradation.
System management: Vendor consolidation
Its raw definition goes something like this: Vendor consolidation refers to the process of obtaining service (in this case, cybersecurity service) from a relatively small group of people or in some cases, a sole provider, which can satisfy as many organizational needs as possible.
A recent survey by Gartner found that 75% of organizations are pursuing security vendor consolidation in 2022, up from 29% in 2020.
Benefits of vendor consolidation include:
- Improvement of risk posture: A survey showed that the number-one reason companies want to consolidate their security vendors is not to stay within their budget or procurement enhancement, but to discourage and decrease complexities to improve their risk posture.
- Opportunities for consolidation: Another survey showed that by the end of 2022, 41.5% of survey respondents are looking to implement secure access service edge (SASE), and 54.5% want to adopt extended detection and response (XDR).
According to Dionisio Zumerle, VP analyst at Gartner, "SASE provides secure enterprise access, while XDR focuses on detecting and responding to threats through increased visibility on networks, cloud, endpoints, and other components."
System management: Vulnerability assessment and penetration testing
The process of identification, quantification, and analysis of security vulnerabilities in a system based on predetermined risks is known as vulnerability assessment. Through this process, security experts can create an action or remediation plan for vulnerabilities by conducting patch management.
Some of the benefits of vulnerability testing include:
- Closing down security gaps. Decreasing the attack vector by profound analysis of vulnerability risks is commonly known as system hardening.
- Getting compliant. Being compliant with location-dependent governing regulatory laws is something that every company works towards.
- Maintaining strong security. Cybersecurity can truly run your pockets dry, therefore, the security policies should be infused with these assessments in order to mitigate attacks.
Steps involved in conducting vulnerability assessments:
- Conducting risk identification and analysis
- Developing vulnerability scanning policies
- Identifying the types of scans
- Configuring the scan
- Performing the scan
- Evaluating and considering possible risks
- Interpreting the scan
- Creating a remediation and mitigation plan
Another preventive measure in cybersecurity is known as penetration testing. Penetration testing, or pen testing, is a planned and simulated attempt to attack a computer system to discover weaknesses and vulnerabilities that can be exploited.
There are five stages involved in penetration testing:
- Planning and reconnaissance
- Scanning
- Gaining access
- Maintaining access
- Analysis and web application firewall configuration
System management: Patch management
The process of identifying, procuring, testing, and installing patches (also known as code changes) to address bugs, fill the gaps between security layers, and include additional features in software is called patch management.
Through patch management, organizations can:
- Secure computers and operative networks by implementing the latest features depending on organizational priority.
- Establish a centralized patch management system that checks for missing patches, downloads them, and distributes them to all systems in need of those patches.
- Negate attacks aimed towards taking advantage of security gaps and older versions of patches.
- Leverage the trending growth of cloud-based software, as the number of vendors who release patches with feature updates has increased over time.
It is recommended that organizations use various kinds of preventive measures; using a multi-layered security structure can help negate many of the cyberattacks aimed at your organization.
A single backdoor can be an entry point for malicious hackers and infiltration. Implementing preventive measures helps minimize the chances of leaving a backdoor open. This is why routine checkups of patches, licenses, and updates to software should be carried out without fail.