Straightforward Cyber Security
Cyber security is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. Cyber Security encompasses a broad range of elements to consider and these can seem overwhelming. There are however some useful frameworks to help focus on the things that matter to you and your organisation.
In this article we use the 5 functions of the Cyber Security framework from the US National Institute of Standards and Technology (NIST) as a guide and focus on a range of straightforward things an organisation can do to help improve resiliency and cyber security.
Identify - what needs protected
Cyber security is premised on ‘absolute security is absolutely impossible’. It is essential therefore to identify the risks to your information assets then develop effective mitigations against them. This will typically include mechanisms that provide visibility, early warning, along with automated response and reporting of any potential problems or breaches.
Cyber Security planning starts by assessing your overall cyber resiliency (the ability for your business to keep going despite being attacked), identifying your key cyber risks and setting a prioritised roadmap to build out your cyber controls providing defence in depth and getting you to where you need to be.
Protect - effective and proportionate measures
Techtonics specialises in Cyber Security, so you don’t have to, making it easier for you and your staff to get results without focusing a huge amount of resources and effort to get those same results.
You might be surprised how easy it can be to identify your current cyber resiliency and maturity level get to where you understanding your key risks and build your Cyber Security defences at a rate appropriate to your business and budget.
Each defensive layer (defence-in-depth) and reactive mechanism you put in place works together to keep your business resilient and as safe as possible. If you know what your need to protect then you can spend wisely on the cyber controls that you really need.
Detect – Why would someone want my data?
So, you understand what it is that you need to protect and you have put in place the appropriate controls. How effective are those controls? How do you go about detecting the bad actors and incidents and should you be concerned?
Maybe you are only a small business and no one will really be interested in you. The type and size of organisation does not necessarily determine the level of risk that organisation faces. Globally 43% of breach victims are small businesses (Verizon). Bad actors/hackers automate the vast majority of their attacks, spamming everything and anything with an internet connection.
Automated attacks don’t care how important your data is, or where you’re physically located. The primary goal is profit through using your resources and stealing your data and selling it off or ransoming it back to you or disruption/denial of your services to your customers.
The best means of defence against automated and targeted attacks is to make it as hard as possible to successfully achieve their goal.
The graphic from Rapid 7’s Quarterly Threat Report shows breaches by industry, which demonstrates that attackers don’t discriminate:
Detection of attacks on your systems are provided by Incident Detection and Response (often called IDR or SIEM). These tools will give you visibility over your cyber landscape, provide early warning and the alarm against cyber incidents. You can only manage the effectiveness of your protection controls if you are able to detect the incidents as they are happening.
Respond – the best laid plans…
The best protection and detections processes and tools will never completely stop a determined attacker therefore every organisation should have a plan in place on how to respond to an incident when it does occur. Just like a fighter pilot responding to a problem scenario, it’s best to have the technologies, processes and procedures (TPP’s) in place before it happens so you can respond in a playbook fashion rather than trying to make up the process as you react to the incident unfolding. How you respond to an incident and the effectiveness of your response is largely down to how you prepare.
Technologies that identify and inform when a break-in does happen, what happened and what was impacted are vital. This is where your detection tools support your response. In the detect if you have built in mechanisms to lock incidents down and limit exposure using deception technologies such as honeypots, dummy user credentials and data you will gain early warning and be able to slow the attackers down by automatically disconnecting user workstations or servers that have been breached.
Having TPPs and good detection tools in place create a proactive environment for your internal team or Cyber Security provider to limit your exposure and remediate any cyber incident efficiently and effectively. This should include the ability to provide accurate detailed information to your board, clients, insurance providers, NZ CERT and New Zealand Police.
Recover – Backups and beyond
Bad stuff happens and when it does having comprehensive backups and system recovery options for your critical information assets its vital. A backup is only as good as the processes already in place for execution of a successful recovery.
Bringing it all together
Continuity in the event of a cyber incident goes beyond just technology recovery, it requires a combination of planning and execution across People, Process and Technology.
it’s people who drive your business – they use business processes supported by technology to achieve the businesses goals and objectives. It is important to understand that all three of these areas are vulnerable to Cyber Security attacks from threat actors. Therefore, protecting any one area in isolation is akin to locking your doors yet leaving your windows wide open.
Investing in a strong security culture and cyber awareness training across your staff will provide benefit to the business and reduce losses from breach activity.
Techtonics focuses on identifying and applying mitigation against threats across people, technology, and process. Helping you establish and continually build your organisational cyber resilience.