Proactive Countermeasures and Strategies
SYSCOM GLOBAL SOLUTIONS’ Security Operations Center is on the frontlines of ever-changing cybersecurity threats and responses. As a service to our clients and partners, the Cybersecurity Minute provides updates on evolving cybersecurity threats, countermeasures, and security strategies they’re seeing and using in the course of their regular security work.
In our previous article, we discussed the variety of cybersecurity threats that pose a danger to businesses. Here, we’ll lay out proactive cybersecurity measures and strategies that can be introduced and implemented with a relatively low budget and a short timeframe. Measures like these are a prerequisite obtaining cybersecurity insurance, an integral part of today’s corporate insurance policies and a vital component of compliance.
1. Password Management
Cloud-based email services have been widely used among enterprises. Microsoft 365, for example, is a powerful cloud service being deployed by more companies every year, with its own powerful cybersecurity measures built into it. However, if an unauthorized person logs into a verified Microsoft 365 account within your organization, they can access email and shared files, exposing sensitive information about your company and customers. From there, the compromised account can send spam and phishing emails to internal and external parties, resulting in further damages.
Password management measures are key to preventing this kind of unauthorized access and the harms that follow. Strengthening account password policies, implementing multi-factor authentication (MFA), and granting only the minimum necessary access rights are required.
Effective password policies should be structured to prevent brute-force attacks. They should require passwords to:
● be at least 16 characters in length;
● include uppercase and lowercase letters, numbers, and symbols;
● be complex.
MFA acts as a secondary defense strategy, kicking in even when a password leaks anyway. Multi-factor authentication requires you to have a combination of a verified login in addition to additional verification via a variety of methods, ideally from a second device or account unconnected to the initial one, like SMS text, email, or app verification. Without verification from another device, an unauthorized person cannot log in. While a relatively basic cybersecurity measure, it can be very effective against unauthorized logins, and we strongly recommend it as a part of any cybersecurity management program. Any companies that have not yet implemented it should consider it immediately or consult with a security firm.
2. Cybersecurity Awareness Training
Not every cybersecurity threat or breach is the result of sophisticated technical attacks—some are the result of simple human error, even when the method of attack is well-known to the target. As often as we heard that we shouldn’t open suspicious emails, SMS text messages, links, and attachments, phishing and email spoofing techniques continue to get more sophisticated. It can be hard to identify a phishing attempt when it comes from a seemingly trustworthy email address.
Cybersecurity managers should train all employees several times a year with simulation emails to test their phishing readiness. When performed alongside regular cybersecurity awareness training, these tests can raise employees’ awareness of information security (infosec) and prevent accidents. SYSCOM offers phishing email training services for various patterns, as well as infosec courses by active security analysts. We strongly recommend reaching out to us for more information if you haven’t already implemented this kind of training.
3. Vulnerability Management
A 2018 study showed that 60% of information leaks in corporate systems are due to a lack of system patches, such as Windows updates for PCs and servers or firmware updates for network equipment. While being hesitant about updating a system you’ve been using without issue is understandable, putting off these patches leaves your system exposed.
Cyber attackers are hoping you’ll put these off, leaving identified vulnerabilities undefended and your system unable to prevent attacks. Regular updates may seem cumbersome in day-to-day operations, but patches have become essential in recent years. Of course, it isn’t practical to constantly keep every single network device, server, and employee PC updated daily, so vulnerability management tools have become the norm. SYSCOM offers a variety of vulnerability and patch management solutions, which we strongly recommend to any business of any size.
The countermeasures above, while basic, are all cost-effective and will significantly reduce your risk profile, helping you better manage cybersecurity risk. If you haven’t yet done so, consider this your opportunity to learn more about these proactive strategies.
In our next column, we’ll explain the zero-trust model, a cybersecurity strategy that focuses on limiting the amount of access a compromised account could have, as well as information leakage cybersecurity measures as an application of security measures.
News and Resources
Employee Spotlight: Hector Melo
How Hector Melo’s desire to keep growing sets the tone for SYSCOM. “You don’t stop learning at SYSCOM. You always learn something new.”
The differences and importance between OT Security and IT Security
In this article, we’ll explain the reason why OT security is so important and lay out steps and key points for successful OT security measures.
Cybersecurity Minute by SOC Team ③
The third article of our Cybersecurity Minute series explains two powerful applications of cybersecurity for modern businesses: the Zero Trust Model and Information Leakage Mitigation.