71% of organisations were compromised by a successful cyber attack in 2014 and 2017 witnessed continued growth in number and sophistication of cyber attacks

cyberthreat Defense Report from CyberEdge Group

Did you know :

  • 77% of attacks in 2017 utilized fileless techniques
  • 69% of organisations don’t believe their antivirus can stop the threats
  • 4 out of 5 organisations replaced their antivirus solution in 2017
  • Security is getting more expensive and difficult to manage

One of the most challenges aspects of IT is the constantly evolving nature of security risks. Traditional approach to managing risks has over-run its shelf-life and unless your business is moving aggressively towards pro-active prevention you will slowly fade into the ice-age.

Below are 10 commandments that you must consider seriously to stand a chance against these new age cyber-attacks

  1. IT Security Policies
    • Ensure you have the basic policies in place to protect data and assets.
    • Ensure they are quarterly reviewed and updated (as applicable)
  2. 2-Factor authentication for all remote access
    • Ensure adequate authentication toll-gates are in place
    • Consider OTP or App or SmartCards
  3. Dedicated staff for Security
    • 100% accountability within the organisation for security is crucial.
    • Sharing of accountability is not the same – have a dedicated team
  4. Centralised Log Management
    • All platforms, applications should have logging enabled
    • Consider Splunk or ManageEngine for Real-Time Incidents Search & Diagnosis
  5. Perform Penetration Testing
    • Run quarterly vulnerability scans for exploits including sub-domain enumerators
    • Consider pro-active tools such as Netsparker, Metasploit or Acunetix
    • Remember, If you know neither the enemy nor yourself, you will succumb in every battle
  6. Disaster recovery plan
    • Ensure a business continuity plan exists that’s tested and kept up-to-date
  7. Intrusion Prevention System (IPS)
    • Vulnerability exploits usually come in the form of malicious inputs to a target application or service that attackers use to interrupt and gain control of an application or machine. IPS has a number of detection methods for finding exploits, but signature-based detection and statistical anomaly-based detection are the two dominant mechanisms.
    • Centralised log management will help detect and prevent such attacks.
    • ManageEngine EventLog Analyzer provides out-of-the-box support for multiple IDS/IPS vendors such as CiscoJuniperSonicWallBarracudaWatchGuardNetScreenFortinetCheck Point
  8. End-Point Protection Solution
    • This is an absolute must. No DLP (data loss Prevention)  or controls of critical data at endpoints or in email or critical applications is a 100% audit failure
    • Invest in Endpoint Protection Platform (EPP) that are an integration of antivirus, firewall, anti-spyware, application control featuring host intrusion prevention techniques – all in one single platform. Symantec, McAfee, Endpoint Protector and Sophos are great options
  9. Scheduled Maintenance
    • Ensure monthly maintenance across all systems for OS, network and patching
  10. Documentation
    • Document EVERYTHING – network & system drawings showing architecture and data flow

One excellent framework to learn is the NIST (National Institute of Standards and Technology) Cyber Security framework. NIST implements practical cybersecurity and privacy through outreach and effective application of standards and best practices necessary to adopt cybersecurity capabilities.

Finally, when considering tools remember to evaluate them throughly to ensure they meet your business capacity. Process and Tools must be kept up-to-date, after all it is the survival of the fittest.

Posted by:Jimit Dattani

Intrapreneurial technology professional offering over 16 years of experience in delivering strategic business initiatives. Possess powerful blend of technology vision and business acumen results in consistent development of powerful business strategies supported by cost-effective, high-performance IT infrastructures and applications. Expertise in product architecture & design, project life cycle management, client & vendor relationship and financial & operational management. Extensive experience in complex solution design covering cloud-based applications; design, development and rollout of robust, scalable and secure products. Engineered turnaround of IT performance and service levels; transformed IT into a strategic business partner; delivered multiple large scale projects on time and within budget involving budgeting, design and support of all technologies. Front-led projects on design & delivery of strategic IT transformation plans and operating models that enabled revenue growth, reduced costs and streamlined operations to ensure competitiveness.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s