We've seen a 25 percent rise in ransomware attacks in the first quarter of 2020 when compared to Q4 of 2019. Others like phishing attacks and distributed denial-of-service (DDoS) attacks are also taking on more sophisticated forms. Data by Atlas VPN shows that Google identified a 350 percent increase in phishing websites in 2020 from January to March. Even more alarming is that 4.83 million DDoS attacks took place in the first part of 2020. Because you can't implement each new security technology immediately when it's released, it's vital to enforce a few key cybersecurity practices to fortify your organization's network.
Here are seven best practices that you need to include in your cybersecurity plan. We recommend that you start with a risk assessment of your organization that will help you determine what risks your organization is exposed to, the risks that need immediate attention, and how to tailor your budget to suit your security requirements.
We suggest you review this post on how to assess the risks at your organization before you continue.
Preventing a threat is better than having to find its cure, and it's vital that you detect and stop incoming threats before they infect your network. We recommend that you implement user and entity behavior analytics (UEBA) as an early threat detection and prevention system. With UEBA, you can construct a baseline that defines normal user behavior patterns. In case of any anomalous behavior on your network, you'll be informed about it instantly. This is particularly useful for thwarting insider attacks. Intrusion detection systems that flag malicious network traffic are another great strategy. Antivirus software can also serve as a frontline defense against potential threats.
Every organization will have users in highly critical roles; these users might have higher security privileges for access to sensitive resources on the network. While greater access privileges should be granted only with proper verification, sometimes this process can be exploited, and the result is an insider threat. It's important to monitor to determine if resources have been misconfigured, or if information unrelated to a user's role has been accessed.
Creating an incident response plan that is executed when a threat is discovered can help contain the threat and block it from infecting the entire network. You might want to create an incident response plan that is unique to every specific security incident. This plan will result in a series of containment and elimination measures that prevent a potential threat from spreading and infecting the network. This response plan can be automated so that you benefit from an immediate reaction to the threat.
Endpoint security is a crucial element of any cybersecurity plan. Effectively protecting your endpoint devices, like servers, laptops, and desktops, includes setting up firewalls, antivirus solutions, and email filters. Your endpoint solution should have threat detection and automatic response capabilities, and you should expand your endpoint protection to your cloud resources as well.
When you have 24/7 network monitoring enabled, several logs that are generated might not seem relevant. Correlation rules help you identify security incidents across your network, and establish a pattern between them. This helps you see the big picture, and identify a potential threat. A lot of SIEM solutions provide you with the option to build customized correlation rules that can be tailored to fit your business's needs, and your security risk strategy. A framework of built-in rules can help you get started.
A recommended practice is to grant the least privileges to each user that are required for their day-to-day work. This is a way to limit the possibilities of insider threats, and the adverse effects of an account compromise. It's obvious that all users do not need access to all the resources on the network. Create categories of accounts that users will be sorted into based on the privileges they're given. A least privilege policy diminishes the attack surface, and prevents the spread of malware to more critical aspects of the network.
With sophisticated password cracking software available, it's not hard for hackers to obtain a password. You need more than one way of authenticating users into your domain. Other authentications can be done via quick response (QRs), push notifications, and Security Assertion Markup Language (SAML) authentications. ManageEngine's own ADSelfService Plus offers a variety of multi-factor authentication techniques. Authentications through alternative modes makes it difficult for threat actors to impersonate your identity. Multi-factor authentications are part of many compliance laws, so that is another item checked off your compliance checklist.
These seven practices are not an exhaustive list, but they are definitely practices that should be a part of your cybersecurity plan. You should keep in mind that cybersecurity strategies are constantly evolving according to business needs, and that new threats constantly appear.
© 2020 Zoho Corporation Pvt. Ltd. All rights reserved.