Stepping into a cybersecurity leader role these days is a bit like being dropped onto the front lines of a war zone. There are attacks coming at you from all sides and they’re more sophisticated than ever before.
Ransomware cartels, access brokers, hackers, and other bad actors are pulling out all the stops to get a foothold even in smaller-sized businesses.
So what’s a security leader to do to keep their company safe from cyberattacks?
With Cybersecurity Awareness Month in full swing let's dive into some insights and recommendations for security leaders of small and mid-sized businesses.
Take care of the fundamentals
Step one is to make sure the fundamentals are in place. Here’s a quick checklist:
- Do you have a complete view of what your assets are?
- Are you on top of patching?
- What sort of border security (i.e., firewall protection) do you have?
- Are you using VPN for remote workers?
“There’s lots of basic things you can do that help lay the groundwork for you to be in a good situation going forward,” says Nick Biasini, who leads Cisco Talos Outreach.
Start at the end
One of the first and most effective steps you can take today is to secure your endpoints—devices such as laptops and cell phones that are physical end points on a network.
While firewalls, intrusion prevention systems (IPS), and other security technologies work to block malicious payloads at various points in the network, much of today’s internet traffic is encrypted, which can allow malicious code to go undetected.
“The endpoint is your last bastion of defense,” Biasini says. “And that’s where you should start with security because that's where you’re going to get the most visibility.”
3 types of attack—and what to do about them
Cyberattacks fall into three basic buckets: phishing, active exploitation, and leveraging the user.
Phishing
Phishing continues to be one of the most common and most damaging forms of attack. It’s the path of least resistance for bad actors trying to steal credentials (such as valid usernames and passwords). The selling of stolen credentials on the dark web has become a lucrative trend in large part because of the rise of ransomware cartels.
What you can do about it
Top strategies to mitigate phishing include MFA (multi-factor authentication) and educating users on practices like not clicking on unknown links and attachments in emails. Companies can also hire “red teams” that try to break into their networks to help identify weaknesses, as well as consultants to help them identify their assets, build patching policy, and more.
To find out more about multi-factor authentication and Cisco’s Duo MFA solution, click here.
Active exploitation
These are attacks where bad actors actively try to compromise systems using known vulnerabilities or unknown vulnerabilities (aka “zero days”). In some cases, attackers use off-the-shelf vulnerability scanners or utilities that fingerprint systems on the internet to identify vulnerable versions of software (e.g., the VMware Horizon servers known to be vulnerable to the Log4j exploit). Vulnerabilities can also arise from a system that you didn’t patch, or a dev, lab, or test system that you didn’t realize was connected to the internet.
“The bad guys are really good at finding those mistakes that you make and making you pay for it,” says Biasini.
Zero-day attacks can be especially difficult to defend against because they exploit vulnerabilities that have not yet been detected and for which patches are not yet available.
What you can do about it
The best protection against known vulnerabilities is to make sure you’re applying patches. This is why knowing what your assets are is vital, because you can’t patch a system if you don't know it's there. Your assets could include everything from data and software to APIs and system tools that people have forgotten about. To block zero-day attacks, endpoint security is your best defense, along with XDR (extended detection and response) and EDR (endpoint detection and response) solutions.
To find out more about endpoint security, click here.
Leveraging the user
Social engineering, spam, malicious documents, SMS messages—these are just some of the techniques that leverage the user to infect a system.
What you can do about it
The remedy is a combination of user education and security technologies. On the user education side, the industry has done a good job of hammering home the importance of not clicking on links or opening attachments. But Biasini says it neglected to flag a third danger: don’t answer the phone or make calls to suspicious numbers.
“We’re starting to see more and more adversaries say, ‘Hey, call this number if there's a problem with this,’” Biasini explains. “We didn't have the foresight to see that this is where it would go.”
On the tech side, endpoint security is the first line of defense for detecting and blocking malicious files. You’ll also want to manage users so they cannot enable macros in Office files or run programs like Microsoft PowerShell, because both can pose a security risk. For smaller businesses looking to implement security quickly, DNS (Domain Name System) security is a great choice. More than 90% of malicious activity involves domains. Employing a solution like Cisco Umbrella kills the activity at the domain level by using DNS to stop threats over all ports and protocols. At a more basic level, you’ll also need some kind of firewall, preferably a next-generation firewall, at the border.
“Otherwise, you're going to be in a really, really bad place,” Biasini says.
To find out more about Umbrella DNS security, click here.
It is a particularly challenging time for someone stepping into a security leader role in an SMB, but implementing these security basics will put you in a much stronger position.
You might still lose a battle here and there, but you’ll win the war.
###