We see it often: You Wanted a Cybersecurity Bunker, but Built a House of Cards.
Protecting your organization from modern cyber threats can feel like building a house of cards, with dozens of pieces that fit together in the loosest way, and always at risk of tumbling down in spectacular fashion. There was a time not too many years ago when an IT manager could solve their cybersecurity challenges with good antivirus software and a firewall. Sadly, those days are long behind us, as today’s threats are more stealthy and sophisticated than ever before.
A small or mid-sized business might be tempted to assume that they have little of value, and that today’s threat actors are targeting much larger fish, but that would be a massive mistake. Modern attackers participate in a global cybercrime ecosystem, where a great deal of the complexity of executing an attack is automated and pre-packaged in a way that dramatically reduces the cost to execute an attack. In this world, hacking becomes a numbers game, and even small-sized businesses can be profitable targets. In fact, 43% of all data breaches happen to small and medium businesses, and inflict sufficient damage that 60% of breached SMBs go out of business.
At the same time that threats have become more prevalent, the digital landscape that needs protecting has exploded. The broad adoption of Software-as-a-Service (SaaS) applications and the shift to remote work means that many of the users, systems, and data that used to be comfortably protected inside the company’s network are now spread to every corner of the world.
Compounding the problem yet again, the cybersecurity industry hasn’t made the defender’s job easy. On the plus side, never before have we had so many new and innovative solutions for preventing, detecting, and responding to threats. Unfortunately, for an IT manager who wears a dozen different hats on any given day, it’s nearly impossible to sort through all the possibilities and identify the sweet spot: the right set of defenses to get the job done, in a way that’s manageable for a small team.
And so we come to the stack of cards, looking to build a solid basic set of defenses that doesn’t tip over at the slightest breeze. Fortunately, you can build a very serviceable house with only a few building blocks.
The first step toward protecting your business is to implement basic IT hygiene to minimize exposure to cyber threats. Hacker groups are well aware that critical patches sometimes slip through the cracks, and insecure configurations often go unnoticed, and are continuously probing networks with automated tools to find easy points of entry. Good hygiene ensures the obvious gaps are filled, including:
With a solid foundation in place, next we’ll put up a few protective measures to defend the assets that matter most. While over time we might expand our house to have many rooms and hallways, to begin we really need to focus on four solid walls.
Wall One: Endpoint Protection. Today, with a great deal of work happening outside the traditional office, having solid protection for your endpoints is a high priority. Modern endpoint protection solutions leverage sophisticated analytic techniques such as machine learning and behavioral analysis to provide good protection from ransomware and other types of malware. While it’s easy to focus on threats to Windows systems, don’t neglect threats to other endpoints, including macOS and mobile devices.
Wall Two: Network Protection. In days gone by, protecting the network meant you put up a firewall and VPN at the perimeter, and called it day. The perimeter today looks and feels a lot different than it did back then. Most organizations today rely heavily on SaaS applications such as Microsoft 365, Google Workspace, Salesforce, and many others. These cloud-based services require a different approach for protection, with a focus on protecting the underlying application, and not the network. Most organizations will benefit from dedicated email protection, as well as a Cloud Access Security Broker (CASB) solution to provide protection and access controls for critical enterprise applications.
Wall Three: Cloud Protection. Applications deployed by organizations are often no longer deployed to servers in a traditional data center. Instead, applications are hosted by cloud providers such as AWS, Microsoft Azure, and Google Cloud, who can provide cost effective and highly scalable computing and storage resources on demand. Cloud Workload Protection (CWP) solutions provide security that is tailored for protecting these dynamic compute environments, while Cloud Security Posture Management (CSPM) ensures that containers and cloud workloads are securely configured and deployed.
Wall Four: Identity Protection. For the last wall in our security house, we’ll focus on protecting our users' credentials. Verizon’s 2022 Data Breach Investigation Report showed that nearly 50% of security incidents started with stolen credentials, which underscores the importance of securing identities. For starters, we will want to ensure that users are using strong passwords, which can be enforced by any enterprise directory. Implementing a single sign-on (SSO) solution will help to minimize the number of passwords users need to remember, reducing the chance that they pick a weak one. Finally, multi-factor authentication (MFA) provides stronger security for your users' identities, and is critical for use in high-value business applications.
Up until now we have focused mostly on technical controls for protecting your business, however technology is only one part of a cybersecurity program. Providing good protection for your business also requires some help from people and processes. It’s important to regularly manage your security solutions, to ensure that any newly-discovered assets are properly protected (remember that foundation!) and security controls are working properly. When security alerts occur, an investigation will reveal whether the intruder has been properly ejected, or whether additional remediation steps might be necessary.
Endpoint Detection and Response (EDR) technology collects and analyzes telemetry from your endpoints, providing access to key information you may need in order to fully understand the context of an emerging threat. Security Information and Event Management (SIEM) consolidates logs and alert data from all your remaining security tools, giving you a single console for security alerts and investigations, dramatically cutting down on the time needed to investigate, understand, and respond to security threats.
At ContraForce, we provide comprehensive cybersecurity designed to help small and mid-sized businesses build strong security, brick-by-brick. You can schedule a demo of the platform here, or click here for more information on ContraOps, our full-service security offerings.