5 IT Security Fundamentals for 2022
Many companies are under the impression that breaches are caused by zero-day exploits and attacks on the firewall, when endpoint vulnerabilities and user error are typically the cause. For example, the Colonial Pipeline ransomware attack was staged through a virtual private network portal (VPN) that was not protected by multifactor authentication (MFA).
To defend against today’s threats, organizations must rethink their baseline security fundamentals to develop a modern security strategy. Many companies are lacking the fundamentals needed to defend themselves in the current threat landscape.
Here is an overview of 5 security fundamentals for 2022:
1) Modern Endpoint Protection
Endpoint detection and response (EDR) solutions help block and fight threats that target the devices used by employees to connect to your network, leaving it vulnerable to cyberattacks. Endpoint protection solutions can fight malware and exploit attacks.
EDR uses machine learning to analyze data and uncover attacks that target managed and unmanaged devices. Threats can be intercepted and added to algorithms for future detection. Real-time monitoring and collection of endpoint data is combined with analysis and automated response.
2) Modern Identity Management
Multifactor authentication (MFA) should be used with all access points, not just primary ones. Not protecting the VPN with MFA was Colonial Pipeline’s mistake. Hackers were able to use a password obtained from a data dump on the dark web to gain access. Other authentication factors, such as a token or biometric marker, would have blocked access. MFA is needed for remote access of applications.
After converting to MFA, single sign on (SSO) gives your users something that is convenient because they only need to log in once. Installing SSO on your apps makes things easier for employees. Employees can log in to a company portal at the beginning of the day and access any of the apps they need.
3) Active Monitoring and Incident Investigation
Unless you are a large enterprise with significant financial resources, you probably can’t afford to deploy a proper security operations center (SOC) with the kind of personnel you need to monitor your systems 24/7 and investigate all the threat data coming in.
One of the earlier significant breaches was the Target data breach in which credit card numbers were stolen, affecting anywhere from 70 million to 110 million customers. When the company looked back at the log data, it had the information to know about the breach for 6 months before. However, the company was overwhelmed by the amount of data and didn’t have the proper SOC system needed to read the incidents and diagnose them.
You can use the SOC capabilities provided by managed detection and response to actively monitor and hunt threats in your environment.
4) Top Tier Email Protection
Email protection is important because users are a big threat. Phishing emails are a popular attack vector for malware, including ransomware.
Look hard at what you’re doing on the email side. Email protection can filter out spam that might contain malware and provide login security to prevent the account from being stolen. Some email protection solutions prevent employees from responding to phishing emails.
Monitoring and investigating email incidents helps your company stay ahead of hackers that use phishing attempts to distribute malware, including ransomware.
5) User Training
Lack of security awareness is a major vulnerability for businesses. To combat this risk, your company should have active weekly or biweekly user training in place. User training could be a brief video that employees click on to learn something every week just to keep email security in the forefront of their minds.
Other types of user training may include sending phishing emails to test employees’ ability to identify and avoid suspicious emails.
Laying a Security Foundation
Making at least some of these baseline fundamentals part of your organization’s security strategy can reduce your risk significantly. It’s not always about buying products.
Instead, it’s about your strategy for deploying these products. Your company may want to divest certain solutions and optimize a group. Think about solutions that can talk to each other and make each other better.
At Right! Systems, we talk to companies every week that don’t have the security fundamentals in place. We can help you assess your current security strategy, find gaps, and invest in the solutions that make sense. We are a Gold Cisco Certified Partner and managed security provider dedicated to serving companies in the Pacific Northwest.