Cybersecurity Awareness Month is, once again, upon us. At its core is an issue that can have a massive impact on organizations in every industry, public and private, large and small: successful cyberattacks and how to prevent them from happening in the first place.
As an industry, we’ve evolved to address the challenges that today’s cyberthreat landscape presents, with both tactics and technology. We’ve not yet surmounted the challenges, but there are innovative minds in garages and boardrooms across the country trying to do just that. In the meantime, there are fundamentals that have stood the test of time and can help prevent successful cyber breaches from occurring despite the pace at which the landscape shifts.
To help ensure a solid foundation of protection from cyberattacks, I offer you The Ten Cybersecurity Commandments – the most important and fundamental practices to help ensure successful cyberattacks are avoided, business productivity is left undisrupted, and customers continue to place their trust in your brand.
1. Ensure that systems, applications and users are patched. The importance of applying the latest security patches cannot be overstated. Attackers will always attempt the easiest route to break into an organization, which is often an unpatched system. As for employees, make sure ongoing user training is implemented, and ensure that strong password policies are in place, along with multi-factor authentication requirements.
2. Share preventions natively. The best chance of preventing cyberattacks and defeating adversaries is when effective security controls on the network, endpoint and cloud operate together as parts of a single platform. This means security teams won’t have to manage and orchestrate separate policies, enforcement, visibility and threat intelligence. Each element can gain leverage from the other so that what’s discovered on the endpoint, for instance, can automatically be prevented on the network and in the cloud, without manual intervention.
3. Implement a consistent security model, regardless of user location or device type. When there is consistency of prevention across all locations, attackers lack the ability to gain an initial foothold in a less protected area and pivot to other parts of the organization. Whether it is a remote user or system, the core data center or perimeter, a cloud-based service or a SaaS-based application, you must ensure there are no gaps in security posture. Consider extending the perimeter to remote users and networks in the same way that you would if they were on the core network.
4. Practice the principle of least privilege. Segmentation is a requirement, and micro-segmentation is fast becoming one. No one or no one thing needs to talk to everything. There should be no default trust for any entity, regardless of what it is or where it is. By establishing Zero Trust boundaries that compartmentalize different segments of the network, organizations can protect data from unauthorized apps or users, reduce the exposure of vulnerable systems, and prevent the lateral movement of malware throughout the network.
5. Embrace advanced endpoint methodologies. Ensure that endpoint protection can share threat intelligence seamlessly across the network and endpoint, and prevent known and unknown malware on the endpoint itself. Endpoint technology should be able to identify and prevent exploits without any prior knowledge; otherwise, it can’t effectively protect your organization.
6. Make safe application enablement a requirement. Security teams must be able to determine the exact identity of applications traversing the network, irrespective of port, protocol, evasive tactic or encryption (TLS/SSL or SSH), and apply safe application enablement policies based on business needs.
7. Gain leverage from threat intelligence. Controls and preventions are only as good as their visibility into known and unknown threats, and their ability to instrument security infrastructure that blocks what’s discovered. If your security technology is constantly learning, whether through discreet observables like new malware samples or machine learning, it should have a wide enough data set to know what is good, and what is bad, and tie all of that back across network, endpoint and cloud to implement new prevention measures.
8. Understand your threat environment. Depending on your organization, there is a certain set of malicious playbooks that will be run against you by cyber adversaries, using specific tools and techniques. If you understand what threats are most likely to impact you, your industry peers and the global landscape, you can proactively use that data to better architect new prevention controls to block the successful execution of these playbooks.
9. Aim for efficient consumption of new security technologies. Deploying and orchestrating siloed capabilities from multiple vendors is a struggle and could leave your organization exposed. To ensure effective prevention of cyberattacks, decreased costs and operational burden, consider adopting new security functionality that can operate as an extension of the infrastructure you already own and operate – ideally delivered from the cloud.
10. Think holistically about your prevention philosophy. Ensure that all of the decisions and investments made map back to a philosophy that strives to prevent successful cyberattacks, with the ultimate goal of making your organization safer and protecting our way of life in the digital age.