As we’ve blogged about previously, the security response to phishing attacks and other cybersecurity breaches is critical. More often than not, it comes much too late – after the damage has been done. We recently sponsored a whitepaper by Osterman Research – New Methods for Solving Phishing, Business Email Compromise, Account Takeovers and Other Security Threats. In it, they shared their thoughts on incident response:
Osterman Research has found that security teams spend the largest single share of time on identifying potential security threats, but less time gathering information about incidents and resolving them. As a result, many IT and security decision makers would prefer to adopt automated capabilities into the incident response process to shorten the resolution and escalation time necessary to manage security incidents, and to handle automatically the more mundane and routine alarms they encounter.
Osterman also found that, while automating incident response, detailed security policies should be part of any holistic approach to threat prevention. They identified 8 must-have security policies to establish that are worth sharing.
- Acceptable use policies for every platform that is or will be used in the organization. It’s important to note that they also cover Shadow IT – personally managed/owned devices, applications and services to include non-business tools and personal social media accounts.
- The frequency with which every endpoint is backed up, where it is backed up, and the procedures for testing these backups.
- The manner in which employees should handle and share sensitive and confidential data. They mentioned the importance of classifying and encrypting data as well as having a policy regarding which tools should be used to send and store sensitive data.
- Consideration of passphrases instead of passwords. They give a great example using Kaspersky’s Password Check Tool, where the password “SallyMobius56” can be brute forced using a home computer in seven months, whereas “Sally has a fish named Mobius” would take 10,000 or more centuries to crack. Interesting!
- Employ best practices for password management. This would include minimum requirements for length, upper- and lower-case inclusion, use of punctuation, etc. They also note that passwords should be changed frequently and stored carefully.
- Which systems and data assets should require dual-control procedures so that a single employee cannot steal or delete sensitive data assets?
- Determination of which sensitive data assets are made available via the internal corporate network or the public network, and which should be air gapped.
- Detailed requirements for the use of at-rest and in-use encryption for every platform or device. They go on to make note that in particular, mobile devices and laptops should be part of these requirements along with the ability to wipe them remotely if stolen, along with personal devices that touch corporate data or financial assets.
These 8 must-haves are a great compliment to recommendations Osterman Research made in a previous SlashNext sponsored whitepaper. Read our blog 10 Steps Every Organization Should Take to Improve Cybersecurity to review those.
As part of a holistic threat prevention solution, organizations need strong policies. They also need to get out in front of phishing threats and bad actors. SlashNext definitively detects phishing sites with virtual browsers and state-of-the-art machine learning algorithms, producing a dynamic threat intelligence feed for automated blocking by your URL filtration / blocking defenses in real-time. It’s a whole new level of protection from the growing number of sophisticated zero-hour phishing threats on the web.
For more information about SlashNext SEERTM threat detection technology, visit our website.