The usual advice we provide to companies on best practices for cybersecurity boils down to a 5-pronged approach we call Cyber SMART:
- S = Self-governance: Make sure you have the proper cybersecurity framework in place with governing policies & procedures.
- M = Monitoring: You need to have visibility into your IT infrastructure and always be watching for potential attacks and indicators of compromise (IOCs).
- A = Assessments: Get third-party audits of your systems on a regular basis, and develop a plan of actions for addressing any gaps.
- R = Remediation: This is not only having a system of regular vulnerability scanning & patching in place, but also having a formalized incident response policy and forensic readiness (i.e., have adequate audit logs and an investigative team standing by should something happen).
- T = Training: People are the first and last line of defense, and by enhancing education & awareness, we can help keep them from undermining the other security controls that are in place in the system.
Learn how to write a cybersecurity RFP, choose cybersecurity partners, and implement cybersecurity technology. Download this free report for all the details.The Technology Manager’s Guide: Tips for Buying Cybersecurity Technology
Unfortunately, I believe the “new normal” is assumption of breach. Just as ships need to be built to float with the knowledge there will be leaks, modern systems are so complex and interconnected with so many points of entry that it’s almost impossible to plug every hole. So, we believe that having visibility, performing threat hunting, and continuously monitoring for indicators of compromise is most effective. Sure, you still try to put in layers of defense to make the system as hard to penetrate as possible; but nothing’s every foolproof. That’s why you need constant vigilance and effective incident response.
Abacode provides outsourced Security Operations Center (SOC) services with continuous 24/7/365 monitoring of companies’ networks, and we spring into action with incident escalation protocols whenever we see something happening.
Indicators of compromise (IOCs) can come from numerous sources, such as Intrusion Detection Software (IDS), Security Information and Event Management (SIEM), antivirus, file integrity checking, third-party monitoring services, OS & app logs, network logs, network flows, info on new vulnerabilities & exploits, and people noticing things. The actual IOCs include things such as network connections to known malware command & control sites, files being encrypted, Windows Registry changes, system crashes, packet floods, unauthorized use of system privileges, unauthorized access to sensitive data, execution of malware, etc.