Fixing cybersecurity problems in your organization should be a priority. As the tactics of cybercriminals become more advanced and the number of attacks increases, fixing cybersecurity problems narrows the opening by which these malefactors can pass through. An incident that occurred at the close of 2020 and hammers home the importance of strengthening cybersecurity is the FireEye data breach. A cybercriminal was able to infiltrate the top security firm’s network and steal tools it uses for testing customer security methods. By all accounts, the security firm did everything right to prevent an attack. The unauthorized access in this incident was characterized as one that was custom designed to infiltrate FireEye’s specific data security system. If an experienced security firm can encounter a cyber incident, it can happen to any business.
The FireEye data breach has undoubtedly become a wake-up call for many organizations to fix the broken aspects of their cybersecurity. Unfortunately, there is no one-size-fits-all guide for resolving cybersecurity weaknesses. If you aren’t sure where to start with fixing cybersecurity issues, addressing the following three common problems can help to mitigate your organization’s cybersecurity risk:
1: Unpatched Security Flaws
2: Inadequate Access Controls
3: Human Error
1: Unpatched Security Flaws
Neglecting to patch flawed security is a significant problem because cybercriminals are aware that organizations often neglect to patch security flaws in a timely matter and search for these vulnerabilities to exploit them. A popular example of the consequences of unpatched software is the Equifax data breach. Equifax used third-party software for a consumer-based service (credit disputes) and were notified by the company that a security vulnerability existed. Just two months later, Equifax still hadn’t patched the software and cyber criminals gained access to internal servers containing customer data. Nearly 150 billion of Equifax’s U.S. consumer base was compromised. The unpatched security vulnerability ended up costing Equifax more than $500 million which includes their settlement to mitigate the damages caused by the incident.
Here are five tips for addressing unpatched security flaws:
The obvious first thing you should do is make sure all security patches are applied. According to a report published by Project Zero, a group of Google security analysts, 25% of the 0-days detected in 2020 could have been prevented by patching software.
Keep an eye on critical security vulnerabilities that may impact third-party organizations that have access to your network. One of the regular activities of the Cybersecurity and Infrastructure Security Agency (CISA) is to publish a list of Current Activity related to “high-impact types of security” that affect the U.S. While the listing includes basic information, vulnerabilities requiring software updates are most prevalent.
Patching software can be a tedious task, especially when you have multiple systems to update. Consider using a patch management tool that allows you to remotely deploy a software update to several systems at once from an interface that you can set up with your organization’s specifications.
If your organization is concerned about potential problems that a software update can cause, implement a patch evaluation process that consists of first testing patches on non-critical systems and monitoring the final deployments for any disruptions.
Another option for automating your patching efforts is to consider a cloud patch management service. These services usually consist of scanning systems for known vulnerabilities and deploying software updates, as necessary.
2: Inadequate Access Controls
You should know all the people, devices, and systems that are able to access your network and implement adequate access controls. How important is controlling access to your critical data? The notable Capital One security breach is an example of what can happen when there are insufficient access controls. A singleton cybercriminal (eventually discovered to be a former Amazon employee) was able to gain access to their server hosted by Amazon Web Service (AWS). The criminal obtained personal information for more than 100 million Capital One customers. Capital One estimated that recovering from the incident would cost the company about $150 million.
Implementing adequate access controls not only protects your organization from external intruders but also internal malicious attacks. According to recent research performed by Ponemon Institute LLC that was based on interviews of IT security professionals around the globe, insider breaches cost organizations as much as $871,686 and has tripled in frequency since 2016.
The following are five ways you can improve access to systems and data within your organization:
Create an inventory list of all the employees, resources, and data in your organization that have access to the network. Determine the level of access each of these requires. For example, specific individuals in a financial department require access to the company’s accounting information.
Develop an access control policy that specifies the employees and resources that are granted access to critical systems and data. Make sure you store the information in a safe place.
Implement an authentication system that verifies the identity of employees accessing critical data. To complement this step, consider investing in monitoring software that analyzes access to your network for unusual activity.
Prohibit employees or third-party vendors from connecting to your organization’s network using unsafe public Wi-Fi networks. As an alternative, consider implementing a virtual private network (VPN), which uses an encrypted virtual tunnel to connect to a network, for remote access users.
Hopefully, you already backup all data to a central server or cloud service and all employees know to use strong passwords. In case a system or device that is used to connect to your network lost or stolen, consider installing software on these systems that is capable of remote access that allows you to locate it and prevent unauthorized access to its data.
3: Human Error
If your organization’s cybersecurity plan is focused primarily on protecting the network from outside intruders, you likely have a critical weakness in your system. According to a Verizon Data Breach Investigations Report (DBIR), 34% of the more than 40,000 security events they analyzed were committed by internal actors. There are many data breaches that have exposed the importance of addressing human error. In September 2020, the U.S. Department of Veterans Administration (VA) suffered a security breach due to cyber criminals obtaining access to a financial system used by the organization. In addition to attempting to divert funds from the VA, the cyber criminals were able to access the personally identifiable information (PII) of nearly 50,000 veterans. Modifications to how the VA performs its financial operations are projected to cost $2.5 billion. The VA security breach highlights the consequences of social engineering. The cybercriminals were able to access the VA system using social engineering to trick employees into providing their credentials.
The types of social engineering include smishing (phishing via phone calls or text messages), harpooning (phishing by impersonating executives and using information from social sites), deepfakes (editing a legitimate video or voice clip for the purpose of acquiring personal information), and vishing (impersonation via phone calls or voice message).
The following are five tips for addressing human error in your organization’s cybersecurity plan:
Continuously train employees about social engineering, including, how to identify and report suspicious email, neglecting to provide personal information requested via email, and refraining from clicking a link in an email unless you are 100% sure it is from a legitimate source (contact the sender via phone or other means besides email to confirm).
Use network and email security solutions such as firewalls, anti–virus software, anti–malware software, anti-phishing solutions, and email spam filters.
Implement a multifactor authentication (MFA) system to add an additional method of validation.
Use SSL digital certificates to encrypt all data flowing to and from your network.
Create an accepted list (also referred to as a whitelist) of applications and email addresses that employees can access. Review this list regularly and make any necessary changes.
Hopefully, the FireEye data breach mentioned earlier doesn’t cause you to relinquish the quest to fix the problems with your organization’s cybersecurity. While such custom cyberattacks occur, they are not the most prevalent. Practicing due diligence and fixing cybersecurity problems that are impacting your organization will strengthen your defense system and help to prevent security incidents that can negatively impact your business and the relationships with your customers. If your cybersecurity team doesn’t have the resources to fix the critical problems mentioned above, it’s a good idea to partner with an experienced cybersecurity team to ensure all the cybersecurity problems impacting your organization are addressed.
BACS is a team of consultants with a full range of IT security experience. We are equipped with the tools necessary to perform comprehensive infrastructure analysis to determine where vulnerabilities exist and develop a comparable plan to resolve the issues and establish a robust foundation. We also offer assistance with developing a thorough cybersecurity training program to educate employees and help fix security issues associated with social engineering.