Looking to enhance your organisation’s cyber security in 2022?
Here, security experts from across Redscan and Kroll share their top tips for boosting your cyber resilience in the year ahead.
Put information security first for every team
Every individual in an organisation plays a part in creating a mature security program. Even with the best security controls in place, a single click of a malicious link can lead to compromise.
Make sure every employee in your business understands information security, not just your security team.
Investing time and effort in educating staff in cyber security is so important, and should the worst happen, having the ability to detect and respond as quickly as possible will limit the impact.
Ashleigh Farrand, Head of Service Operations
Stay vigilant about phishing
Over 90% of ransomware attacks are delivered via malicious email. Phishing emails are becoming harder to spot, with some well written types making it past even the most observant users. This is where user awareness training is vital. Educating users on the obvious signs of a phish is a must and providing users with a mechanism to report these emails is a key element in the ongoing battle.
Simple issues to be wary of include:
- Obvious spelling and grammar mistakes
- Requests for your personal information
- Urgent deadlines
Joshua Packman, Technical Account Manager
Review patch management and security update policies
2021 saw a large number of high-profile incidents occur as a result of critical patches or updates not being implemented. It’s essential that organisations stay up-to-date with security disclosures, vulnerability bulletins and other updates from technology vendors.
Unpatched appliances represent a common attack vector for adversaries and organisations are often compromised months or years after a patch was made available because updates weren’t applied as part of a managed programme.
Keep your software up-to-date and make sure you stay informed about all the latest software patches, where possible. Sites such as CVE Details are a great source of data about security vulnerabilities.
James Harvey, SOC Team Lead
Assess your network perimeter and attack surface
Kroll have worked on a number of incidents where clients haven’t had a full and up-to-date inventory of public-facing assets. This, unfortunately, includes common occurrences of serious risks such as remote desktop or terminal services hosts being exposed directly to the internet. If you aren’t aware of your assets on the internet, how can you ensure they are updated?
Make sure someone is responsible for tracking all internet-facing assets and that scans are routinely performed to identify any such instances. Online tools like Shodan aren’t just there as an offensive capability. Organisations can leverage these types of services to better understand their own attack surface too.
William Rimington, Managing Director, Cyber Risk
Adopt the principle of least privilege
One of the first things an adversary will look to do when they get inside your networks is to elevate privileges so they can penetrate further into your domain. If you adopt the principle of least privilege, whereby users are only given the permissions needed to do their jobs, you reduce the potential risk significantly. This should also apply to removing access to facilities such as Local Administrator access as well as any default accounts for services, appliances or other technologies.
Review and restrict the use of highly privileged accounts such as Domain Administrator, Global Administrator or other similar accounts and track their usage. These types of accounts should rarely be used and access to them should be extremely limited.
Phil Veness, Offensive Security Consultant, Redscan
Prepare your defenses to maximise digital opportunities
For many, a lasting consequence of the pandemic has been digital transformation – working from home, accessing remote systems and utilising digital collaboration tools, to name just a few.
Businesses’ reliance on digital technologies has shifted fast, and probably permanently. This brings huge benefits, but also increases the organisational risk footprint.
As a result, those that are able to reduce their risks through mitigation planning and ongoing risk visibility & control will be in the best position to benefit from the opportunities that digital innovation provides.
Stuart Reed, Managing Director, Product Strategy
Strengthen focus on identity management
The last few years have seen a shift to identity management as the new front line of defence. With an exponential increase in remote working practices and heavier adoption of cloud or third party hosted services, the mechanism through which we access these services has been brought into sharper focus.
The ability to ensure the right person is accessing the right service from an appropriate device has allowed many companies to reduce risk whilst maintaining a level of agility and flexibility. Leveraging elements such as single sign-on for centralised identity sources, conditional access to ensure access is being granted from the right device or application, and the ability to implement multi-factor authentication (MFA) across a wide set of services can go a long way into ensuring the right resources are being used by the right people.
Rafe De Lima, Vice President, Cyber Risk
Review third-party providers’ security posture
Ensure that any agreements you have with third party providers include a right to audit, or similar, provision. This allows you to ensure that your providers are holding themselves to the same high security standards as you would expect internally.
You should also consider having breach or incident disclosure requirements included as part of contracts with third party suppliers. Kroll has worked on a number of incidents where the breach has occurred as a result of a supplier having been compromised. The delays in not having these types of arrangements in place can be critical to mission success in recovery.
James Thoburn – EMEA Incident Response Lead
Be smart about who you share information with
If you’re bringing a new technology on board, be sure to implement it effectively in order to optimise your company’s security. This should also ensure that you capture as many incidents as possible, if or when they arise.
Make sure that you create strong passwords – and that you’re also able to remember them! If possible, make sure you’re utilising two-factor authentication, for example, by using a phone app such as Authenticator.
Finally, be smart about who you share information with – and that includes colleagues!
Seraphina Anderson, Security Engineer
Don’t assume Azure environments are secure by default
Default guest and user settings could lead to an external threat actor being able to enumerate through multiple areas of the environment, potentially allowing them to create security groups in the Azure portal.
Users can register for third party applications by default. This could allow an attacker to develop an application that reads all the data that the user has access to. Ensure that your Azure environment has gone through proper hardening checks in order to identify insecure default settings.
Rebecca Kuzu, Offensive Security Consultant
Regularly review processes and procedures
Social engineering is one of the most common methods for advisories and threat actors to gain unauthorised access and a foothold within your organisation. Over the course of 2021, we saw many malware types being downloaded, installed and executed within the environment.
Organisations should review all of their processes and procedures to ensure their disaster recovery and back-up documentation is kept up-to-date and tested.
We recommend testing your disaster recovery, back-up or fail-over every six months at least to ensure that in the worst-case scenario, there is a back-up to minimise downtime and loss of business.
Mikesh Nagar, Threat Intelligence Analyst
As a leading provider of end-to-end cyber risk management services, Kroll is well placed to help your organisation significantly improve its cyber security posture. Whatever your security challenges, our global team of experts are here to help.