Looking to enhance your organisation’s cyber security in 2021?
Here, security experts from across the Redscan team offer advice on how to improve cyber resilience during the year ahead.
1. Enable multi-factor authentication
Jed Kafetz, Head of Penetration Testing
“As a penetration tester, a major issue that I see regularly is a failure by organisations to enforce multi-factor authentication (MFA) across systems and applications.
“MFA provides an important secondary layer of defence in the event of a password being stolen and is especially important given people’s tendency to reuse passwords across accounts. If adopted more widely, I can confidently say that there would be far fewer security breaches.”
2. Protect legacy systems with Conditional Access Policies
Josh Packman, Technical Account Manager
“While MFA is highly advisable, it’s not always possible to enforce. Exchange Online, for example, supports protocols such as POP3, IMAP and SMTP that don’t support it.
“To harden legacy systems, use Azure AD Conditional Access Policies. Access Policies can be used to limit the number of users allowed to authenticate via potentially insecure channels, such an unknown external IP addresses or a non-company issued devices, and are a good step towards implementing a model of Zero Trust.”
3. Identify users with elevated privileges
Sam Waylen, Senior SOC Analyst
“By adhering to the principle of least privilege, businesses can significantly reduce the potential damage an attacker can inflict should a user’s password and credentials be compromised.
“To identify users that have unnecessary permissions, I’d recommend installing Bloodhound – a tool to visually map an organisation’s Active Directory (AD).
“Bloodhound will help you to spot any users that have unnecessary access to assets on a network and may be targeted by hackers.”
4. Follow cyber security practices at home
Juliette Hudson, Senior SOC Analyst
“With remote working the new norm, it’s easy to slip into bad habits. However, with cyber security risks being greater than ever and remote workers lacking office protections, it’s important to maintain a high, if not higher standard, of security awareness.
“If you’re a home worker, security protocols should include locking your workstation whilst away from your desk (such as when making a cuppa!), preventing other household members from sharing your work devices, exercising vigilance before clicking and opening unknown links and attachments, and shutting down your machine at the end of the each working day (so that the latest available security patches can be installed).
“If you print work documents at home, it’s also worth investing in a paper shredder, which will help to prevent sensitive business data being seen by prying eyes.”
5. Upgrade your antivirus solution
George Glass, Head of Threat Intelligence
“The huge rise in ransomware attacks is a trend only likely to continue and means that investment in Next-gen Antivirus (NGAV) and Endpoint Detection and Response (EDR) tools should be a high priority for security teams in 2021.
“Commodity malware variants such as Emotet and Trickbot are adept at evading signature-based AV, so there is a huge risk that organisations relying on traditional AV may not detect the latest advanced threats. These infections are typically linked with ransomware attacks soon after initial infection.
“NGAV and EDR software helps uncover malicious activity in its infancy by monitoring endpoints such as servers and workstations for evidence of suspicious behaviour – rather than solely analysing file signatures. EDR tools also help to enhance the speed of incident response by enabling SOC teams to terminate processes as well as isolate and contain threats.
6. Disable internet macros
Seraphina Anderson, Cyber Security Engineer
“A common tactic used by attackers is to trick unsuspecting employees into running malicious macros within Office documents. These macros load commodity malware such as Emotet, which then, via command and control (c2), may be instructed to download and execute ransomware.
“Enabling Microsoft’s Disable Internet Macros Group Policy Object can go some way to mitigating the risk of malware being installed via malicious files. This protection stops macros delivered from outside your organisation from running, and prevents users from clicking ‘Enable content’ in a document.
7. Don’t forget about mobile security
Michael Cowley, Head of Presales
“Mobile security often gets forgotten about. However, with more of us working remotely and using our own personal devices to access corporate information, its importance in 2021 shouldn’t be overlooked.
“If your business doesn’t have one already, consider creating a formal mobile device management policy that mandates employees to protect personal devices with numeric or alphanumeric passwords (ideally not a pattern as these can be easily guessed!), use antivirus software and configure automatic software updates to stay on top of vendor security patches.
“Raising awareness of mobile-specific threats such as malicious mobile applications (which can be found lurking in app stores) and smishing should also be included as part of employee cyber awareness training.”
8. Regularly review publicly accessible appliances
Charlie Cranefield, Cyber Security Engineer
“Over the last 12 months, we’ve seen a significant increase in threat actors actively scanning organisations for known vulnerabilities in edge network appliances such as Pulse VPN, BIG-IP and Citrix.
“Ensuring that these appliances are kept routinely patched is paramount and can help your organisation avoid being identified as a soft target.
“Vulnerability management tools can detect out-of-date software and open ports by scanning for vulnerabilities across your organisation’s public IP address ranges. For an extra layer of protection, it’s a good idea to ensure that MFA is enforced on VPNs and other networking tools.”
9. Review use of Adobe Flash
Simon Monahan, Director of Product Marketing
“After years of security concerns, Flash Player has finally been laid to rest and, as of 2021, is no longer supported by its developer Adobe or popular web browsers.
“However, there remains a distinct possibility that many organisations may be still be unknowingly using applications reliant on Flash. If you think your organisation is one of them, I’d urge you to identify where any dependencies lie and draw up a plan to use alternative solutions as soon as possible.
“If moving away from Flash isn’t possible in the short term, mitigating actions could include segregating at risk devices and increasing network and endpoint security monitoring.”
10. Challenge your detection and response capabilities
Nima Zafari, Security Consultant
“Regular vulnerability scanning and penetration testing assessments are vital for improving your organisation’s security, but to help elevate cyber maturity to the next level in 2021 I’d recommend scenario-based testing.
“Scenario-based testing is a type of ethical security assessment designed to replicate common adversarial tactics such as spear phishing or supply chain compromise.
“Testing can help to enhance the effectiveness of security controls and processes by identifying improvements to threat visibility and incident response procedures.
If you’d like to speak to one of our experts about improving your organisation’s cyber security in 2021, please don’t hesitate to get in touch.