In a recent blog post – 9 Reasons Cyberattacks are So Successful – we shared some Osterman Research insights from a recent SlashNext sponsored whitepaper that highlights what makes cybercrime such an effective business venture. The phishing and malware attacks today are growing in sophistication and magnitude, making them more difficult than ever to stop before their damage is done.
That said, Osterman shared a number of ways that organizations and CISOs today can improve their cybersecurity and they are certainly worth sharing.
- Start at the top. As with any corporate imperative, getting senior executive buy-in should be a top priority. With C-level awareness of the need for cybersecurity it will become more easily enforceable throughout the organization. It’s also important to start at the top, as more and more executives have become the target of spearphishing attacks.
- Appreciate the risks. Decisionmakers throughout the organization need to be made aware of the inherent risks associated with phishing attacks, as well as malware, ransomware, and other threats. As we’ve blogged about, and as our threat intelligence reports have indicated, cyberattacks are becoming more sophisticated and larger in scope. A better understanding of the risks from these attacks can help spur greater action at preventing them.
- Conduct a thorough audit. What is the organization’s current security infrastructure? What are the security awareness training programs in place? How is the organization positioned to deal with a breach? It’s important to conduct and audit to better understand where there are gaps in security. SlashNext can provide a complementary gap analysis, which is a great start to understanding your cybersecurity needs.
- View security in a holistic way. Osterman states that cybersecurity needs to be viewed from top to bottom and not as a set of point solutions. Security should not be a one-vendor-fits-all approach but rather a set of solutions that provide an integrated view of what’s happening across the enterprise.
- Establish thorough and detailed policies. While most companies today have some sort of policy in place to protect data and assets, be sure that it covers the following:
- Passwords – requirements, how often they should be changed, how they are stored, etc.
- Use policies for personal devices, collaboration tools and apps
- Backup procedures and policies
- Sharing sensitive data – encrypting, classifying, and the tools used to send and store
- Dual-control procedures so one employee cannot compromise sensitive data
- Network access to data – who is granted access and who is not
- Requirements for encryption of data on devices
- Implement and revise corporate procedures. Policies should never be static. Rather they should evolve over time as new threats arise. As Osterman states: There needs to be an effective set of backup, restoration and testing procedures for all critical data assets so that the organization can recover quickly from ransomware or other malware infections. Moreover, dual-control procedures should be implemented for access to critical data assets, especially those that are focused on financial transactions, so that a single, disgruntled employee cannot cause a breach.
- Work on improving user behavior. Those employees deemed to be targets of cyberattacks should be briefed as to the inherent risks associated with their role or job function. Those that deal with sensitive data should have a unique set of requirements – the CFO as an example. Software patches and updates should be made when possible, and all endpoints need to be secured, including personal devices approved for business purposes.
- Train everyone adequately and frequently. While we strongly advocate for employee security training as part of a comprehensive cybersecurity initiative, employees – by human nature – will always be the weakest link in the battle against cybercrime. We’ve made mention of this before and we will continue to state it – the blind spot in network security is the employee.
- Deploy good alternatives. The Bring Your Own Device (BYOD) era is here and there’s no looking back. Employees will be using their personal devices to conduct business, so it’s imperative to provide IT security solutions that are approved by the organization. An IT-approved solution will provide more control than otherwise.
- Start to think about real-time detection. This is our own addition to this list. The speed in which phishing websites are spun-up and then taken down leave almost no time for traditional blocklist-based security solutions to even notice. By the time a phishing attack has been identified it’s more than likely the attack vector won’t even exist anymore. The only way to stop today’s sophisticated phishing attacks is with real-time, zero-hour detection of threats.
SlashNext definitively detects phishing sites with virtual browsers and state-of-the-art machine learning algorithms, producing a dynamic threat intelligence feed for automated blocking by your URL filtration / blocking defenses in real-time. It’s a whole new level of protection from the growing number of sophisticated zero-hour phishing threats on the web.
For more information about SlashNext SEERTM technology, visit our website.