There are many different ways that cybercriminals try to gain access to your organization’s network. Here are the top 8 changes to make today based off of our team’s observations made while conducting Center for Internet Security (CIS) based cybersecurity risk assessments.
1. Update Hardware and Software Inventories
Organizations can’t protect what they don’t know they have. The first step in maturing a cyber program is to ensure an accurate inventory of hardware and software. Many tools, some of which are free, are available to help with this effort.
2. Ensure Offline Backups Exist
Ransomware attackers will not only look to impact an organization’s primary systems and data, but any backups that are accessible from the network. Having a good, current, tested offline backup is the best defense against a Ransomware attack.
3. Implement Network Segmentation
Network segmentation is a strategy to create separation between critical systems, user PCs, and other equipment such as printers. Effective segmentation can prevent an attacker from compromising a user (e.g. phishing), then laterally moving to impact critical systems.
4. Patch Third-Party Applications
Software developers release patches continually, and while these patches are often advertised as feature enhancements, the majority of patches are to address security vulnerabilities. Attackers will look for unpatched applications as an easy way to compromise a system.
Learn more about the impact of these vulnerabilities.
5. Remove Local Administrator Rights on PCs
Admittedly, this recommendation isn’t a very popular one since it takes away the ability for users to install their own software. However, doing so limits the ability of an attacker to compromise a PC.
6. Implement Multi-Factor Authentication (MFA)
Most organizations have now made efforts to implement MFA to protect critical applications, some of which is driven by requirements to obtain cyber insurance. There are many ways to configure MFA so that it’s less disruptive for users.
7. Develop an Incident Response Plan
Most organizations have or will experience a cyber attack, and the best time to develop a response plan is before an attack occurs. If you do not have an incident response plan, start with a simple plan and build on it each year. Also, be sure to have a copy of your plan accessible in case your network is unavailable due to a compromise.
8. Decide Between Automated or Manual Penetration Testing
During the scoping process of engagements, we often hear questions such as “what is a penetration test?” and “what does a team of penetration testers actually do?” The most straightforward answer is that we mimic what cybercriminals do to gain access to your network, except we show you what we did to break in and how to defend yourself against it. Click to read our blog on understanding the differences between automated and manual penetration testing.
The information provided in this communication is of a general nature and should not be considered professional advice. You should not act upon the information provided without obtaining specific professional advice. The information above is subject to change.