3 Best Practices for Preventing Cyber Attacks
Cyber attacks are growing steadily in size and sophistication, and they now include data theft and corporate espionage, the infiltration of industrial controls to disrupt manufacturing, extortion by ransomware, and a host of other threats. What’s more, the global cost of cybercrime continues to rise.
According to a recent report by Accenture, the average cost of cybercrime for an organization (since 2018) has increased by $1.4 million to $13 million. In other words, you can’t afford a data breach, so preventing cyber attacks is a safer and cheaper strategy than reacting when it’s too late…
Taking a proactive approach to preventing cyber attacks is now standard operating procedure for many organizations. Security analysts know that attacks should be considered as a matter of when, where and how, and not if. But, how exactly should organizations develop and adopt best practices that support an effective, enterprise-wide security strategy to prevent cyber attacks?
These three best practices for preventing cyber attacks will help you think about cybersecurity holistically and (hopefully) get ahead of your next attack, data breach, or cybersecurity incident.
1. Top-down policies for improving your security posture
Best practices always need to be backed by the right policies, and the first steps begin at the top. This means that cyber security should be an integral part of corporate governance, with buy-in from senior management backed by proper funding for security software and hardware, training, the recruitment of security experts, outside security services and other requirements. Policy making should also include the assignment of roles and responsibilities for all relevant stakeholders, as well as a chain of command that includes both IT and corporate leaders.
In developing policy, management needs to understand that security is more than just a sunk cost. In fact, strengthening cyber security can not only prevent losses, but also support new business opportunities through higher levels of trust from customers, greater confidence in dealing with suppliers, the exploration of new revenue channels, and better risk management for potential acquisitions, divestments and mergers.
Senior managers and analysts should also consider regular cost-benefit analyses for cyber security across functions and business units. An inventory of data assets and their location can help put a dollar figure on the most efficient allocation of funding. It might not make sense to spend a million dollars to protect a business unit that generates only $500,000 in profits. These cost-benefit analyses can also be used to inform cost projections and growth strategies for the organization.
In similar ways, IT-specific policies can be better informed by developing and maintaining a detailed, up-to-date map of the organization’s overall security architecture. In some cases, this begins with analyzing the organization’s attack surface, both internally and externally. This includes determining risk areas in current applications and then finding ways to minimize this risk such as reducing the amount of code running, reducing entry points available to untrusted users, and eliminating services requested by relatively few users.
2. Bottom-up practices for cybersecurity teams
Backed by well-developed policies for cyber security, a number of practices can be adopted to help prevent, limit or mitigate cyber attacks. Software updates, upgrades and patching should be implemented on a regular basis. At the same time, security products’ policies must be carefully reviewed, and incident logs and alerts should be continuously monitored.
Networks should be segmented, with well-maintained firewalls and intrusion prevention system (IPS) safeguards among networks to contain lateral infections. In addition, thorough audits and penetration testing should be conducted across all systems on a regular basis.
Access management systems are also critical. User and software privileges should be kept to a minimum in terms of the number of users and the types of access that are granted. Store privileged credentials, including passwords and SSH keys, in a secure, centralized vault. Automatically rotate privileged credentials, isolate privileged account sessions for temporary employees, and regularly scan for orphan accounts of former employees that might still provide unauthorized access.
Finally, all employees, both staff and management, should be thoroughly trained in the importance of cybersecurity, as well as the dangers of unsecured communications, security gaps in mobile devices, and the widespread dangers of phishing attacks through email. Employees should also be strongly advised to report any suspicious emails or activities that might be detrimental to system or network security.
3. Adopt proactive measures to detect and respond to advanced cyber threats
Perhaps the most important best practice is taking a proactive approach to cyber security. Malware can pose a potential threat for days, months or more as an Advanced Persistent Threat (APT). In fact, you should assume that you’ve already been hacked, even if your systems appear normal and you’ve already implemented traditional solutions such as Endpoint Detection and Response (EDR) platforms, Next-gen antivirus (NGAV) software, or User/Entity Behavior Analytics (UEBA/UBA) tools to detect malware, threats, and other cyber risks.
You need to implement a security solution that hunts for malicious files (threats, vulnerabilities, and more) that have breached your defenses, and also enables users to respond to threats and validate that your endpoints are completely “clean.” This endpoint validation needs to be conducted on a periodic basis — ideally automated — and be available on-demand when needed in dynamic cloud environments. Also consider using detection and incident response tools with deep analysis and forensics-based capabilities that can assesses the health of an endpoint by validating what is actually running in memory at a given point in time, has run, or is scheduled to run in the future.
It almost seems naive to think you can prevent a cyber attack… But, in fact, the majority of cyber attacks are prevented—either by endpoint security tools like endpoint detection and response (EDR) software and next-gen antivirus applications, or strict security policies and compliance guidelines, or security hardware like firewalls and multi-factor authentication devices.
Either way, you can prevent cyber attacks with the right practices, people, and technology in place.
Request a Cyber Security Compromise and IT Risk Assessment
As a first step in upping your game in cyber defense, contact Infocyte to request a cyber security compromise and IT risk assessment. An Infocyte compromise assessment is a fast and affordable way to independently validate your existing security posture, hunt and expose hidden threats and vulnerabilities in your environment, and identify ways to reduce your overall cyber risk and improve IT hygiene.
Infocyte is an easy path to implement EDR or MDR for mid-size organizations. Learn more from Forrester's Now Tech Report here.
Interested in Sunburst and how to address compromises on your network?
Test out Infocyte's endpoint detection and response platform for free with our community edition: