The usual advice we provide to companies on best practices for cybersecurity boils down to a 5-pronged approach we call Cyber SMART:
- S = Self-governance: Make sure you have the proper cybersecurity framework in place with governing policies & procedures.
- M = Monitoring: You need to have visibility into your IT infrastructure and always be watching for potential attacks and indicators of compromise (IOCs).
- A = Assessments: Get third-party audits of your systems on a regular basis, and develop a plan of actions for addressing any gaps.
- R = Remediation: This is not only having a system of regular vulnerability scanning & patching in place, but also having a formalized incident response policy and forensic readiness (i.e., have adequate audit logs and an investigative team standing by should something happen).
- T = Training: People are the first and last line of defense, and by enhancing education & awareness, we can help keep them from undermining the other security controls that are in place in the system.
Learn how to write a cybersecurity RFP, choose cybersecurity partners, and implement cybersecurity technology. Download this free report for all the details.
The Technology Manager’s Guide: Tips for Buying Cybersecurity TechnologyUnfortunately, I believe the “new normal” is assumption of breach. Just as ships need to be built to float with the knowledge there will be leaks, modern systems are so complex and interconnected with so many points of entry that it’s almost impossible to plug every hole. So, we believe that having visibility, performing threat hunting, and continuously monitoring for indicators of compromise is most effective. Sure, you still try to put in layers of defense to make the system as hard to penetrate as possible; but nothing’s every foolproof. That’s why you need constant vigilance and effective incident response.
Abacode provides outsourced Security Operations Center (SOC) services with continuous 24/7/365 monitoring of companies’ networks, and we spring into action with incident escalation protocols whenever we see something happening.
Indicators of compromise (IOCs) can come from numerous sources, such as Intrusion Detection Software (IDS), Security Information and Event Management (SIEM), antivirus, file integrity checking, third-party monitoring services, OS & app logs, network logs, network flows, info on new vulnerabilities & exploits, and people noticing things. The actual IOCs include things such as network connections to known malware command & control sites, files being encrypted, Windows Registry changes, system crashes, packet floods, unauthorized use of system privileges, unauthorized access to sensitive data, execution of malware, etc.
Jeremy Rasmussen is Chief Technology Officer of Abacode, a Tampa, Florida based company that provides managed cybersecurity services for growing businesses across all industries. Abacode employs global thought leaders and industry experts in ethical hacking, corporate governance, and incident response to provide its clients with a holistic view of cybersecurity. He is also an instructor at the University of South Florida and founder of the USF Whitehatters Computer Security Club (WCSC).
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
You are right that best way to secure online is to be smart. Cybersecurity is a big threat and everything on stake online. Hackers always find new ways for steal people information. If we will learn how to secure and aware of these kinds of things. We can secure our self.