Basic Common-Sense Security Tips are Fashionable Again

8120562100?profile=RESIZE_400xThey say, “Common Sense is Instinct; Enough of it - Genius.”  Let us prove a path toward cyber brilliance.  Cybersecurity hygiene has never been as important as it is today.  At home workers are now doing business remotely, putting in more hours and dealing with new situations they have never experienced.  For many, this change is both stressful and distracting.  These changes have upended the traditional workday and, in many cases, our concentration, which introduces risk.  Even the most security-conscious engineers and employees might miss something important or overlook a task that would previously be a routine security activity.   School age children attending classes at home via Zoom have ‘not’ made protecting your computer and network any easier.

Cyber threat investigators have seen a sharp uptick in cyberattacks in recent months with disruption caused by phishing campaigns, DDoS and data theft.  These have always been the three most common attack vectors, but the pandemic has allowed malicious actors to take advantage of what they view as an opportunity.  According to a report by Interpol, during the period of January to April 2020, more than 48,000 malicious URLs were created, which would have been used for phishing attacks and malware delivery.

Simultaneously, technologies are being introduced, enhanced and expanded almost daily to support new ways of working with investments to support home offices and proximity tracing, with 5G leading the charge.  With this acceleration level, now seems like a good time to step back, take a breath, and reconsider the basics of cybersecurity.  This does not mean slowing down, but rather taking stock of the situation to ensure that all the right boxes are ticked and innovation is not getting ahead of protection.  One misstep could cost millions in revenue, brand /reputational damage and private data to be exposed or ransomed.  Any exposed personal, financial or private data leaked on the Internet can lead to fines and expensive litigation.

Adequate endpoint security should be the first area of focus, ensuring that every device has protection in place.  This is foundational to keeping threats at bay and sometimes gets overlooked with the assumption that ‘it is working.’  With so many remote workers, enterprises must ensure their employees are using suitably secured and centrally managed devices, whether personal or corporate owned.  At a minimum, each device should have anti-virus and intrusion detection with data-loss prevention capabilities installed to protect local data, with cloud-based email security for phishing and malware detection.

Check that there are policies to automatically update anti-virus and endpoint protection signatures, as this helps protect users against direct phishing attacks that can contain a ransomware payload. Also, review the cloud email policies.  Ensure that these are up to date and can spot untrusted content being sent as attachments to users.[1]

The next place to review is the network firewalls.  These are essential for controlling access, ensuring that only good traffic gets in and anything suspicious is rejected or reported. At the least, today’s enterprise will have next-generation firewalls on the network.  These devices can look inside network traffic, identify threats at an application level, perform anti-malware actions or reject packets from untrusted sources.  Take time to review the firewall policies; these are not always updated regularly and may be outdated or need replacing.

Going one step beyond the traditional firewall and into an area where we see investment due to the increase in threats targeting home workers is the addition of Advanced Threat Protection.  This solution uses a combination of machine learning and signature testing to identify unknown traffic before it enters the network.  If this detection is not successful, then the traffic is loaded into a sandboxed operating system, which causes it to activate and self-identify.  This provides an additional security layer over the traditional next-generation firewall and can even detect malware that may not have been visible in any signature database.

According to a recent report commissioned by Juniper Networks, more than 80 percent of security teams need better visibility.  One of the biggest challenges is not missing an alert amongst vast amounts of traffic.  This is where the SIEM (Security Information and Event Management) is vital and many enterprises will have one in place, but how well is the monitoring tool managed?  Being able to analyze data for visibility can provide indicators of a potential threat.  Still, if the SIEM policies have not been reviewed or updated since it was deployed, it is too easy to miss something or become overloaded in false positives.  Offices with reduced staff, many remote workers, over-worked VPN concentrators and employees using personal devices increase the possibility of a breach or attack.  Take time to look at what the SIEM is collecting and reporting and ensure that it has been updated to consider changes in the threat and working landscape.

The final piece of the cybersecurity puzzle to review is the users.  For many workers, the workday has changed significantly.  We are no longer spending time with colleagues in an office or on the road to events and meetings, but instead working at home with a greater reliance on technology for contact and content.  Remote workers must take additional responsibility for keeping data safe from attacks, but it is the role of the company to provide training, awareness and tools to make this happen.  This does not need to be complicated or time-consuming, but should cover the following areas:

  • Ensure that home WiFi passwords are secure and anti-virus is installed on all computers at home not just the work laptop.
  • Remind employees that a suspicious email still needs to be deleted. Requests to forward confidential information or make non routine payments or bank transfers should be confirmed verbally (immediately) with company officer(s) before any actions are made.
  • Emphasize that just because you are the only person in the house, it does not make locking the laptop screen any less critical.

Security specialists often forget that other employees do not have the tuned sense of awareness that comes with that role.  Putting the foundations in place for reliable security will prevent many threats from getting in.  Still, going back to basics and promoting security awareness and hygiene are the key components in keeping things safe in confusing and challenging times.

Is that it?  Actually, no.  Having tools and services looking in the deep/dark web is essential to a well rounded cyber protection plan.  The installation, updating and monitoring of firewalls, cyber security and proper employee training are keys to blocking attacks, but utilizing the RedXray and CTAC collection and analysis tools by Red Sky Alliance, will ensure a proactive approach to cyber security.  Please feel free to contact our analyst team for research assistance and Cyber Threat Analysis on your organization.

Red Sky Alliance is   a   Cyber   Threat   Analysis   and   Intelligence Service organization.  For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com  

Weekly Cyber Intelligence Briefings: 

https://attendee.gotowebinar.com/register/8782169210544615949

 

 TR-20-308-002_back to basics.pdf

 

[1] https://www.securityweek.com/old-school-security-tips-are-more-relevant-ever

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!