We all know that cybersecurity is not a one and done type of exercise. It involves continuous due diligence on everyone’s part and October is an entire month focused on Cybersecurity that happens every year! Yes, an entire month of focus that we can take advantage of to further educate and reinforce messaging that helps everyone be a little bit safer today than yesterday.
In this blog, I am going to discuss a couple of items to consider that improves our overall security posture and helps elevate everyone’s defensive armour! Some of these you have heard many times before, but I am going to add a little dusting of defensive love to each one. Also, use the tooling you have at your disposal and take advantage of it. That said, I will give few examples of some of the things Cisco has available to simplify your security ambitions.
♦ Strong Passwords: How many times has this one come up! We as users must ensure we are not using the same password across personal platforms such as email, banking, and social media. Further to that we need to ensure we do not cross contaminate the use of passwords between our personal and professional needs. Layers really do matter when it comes to security, and this is a simple one. Finally, consider passwords of strength and leverage a secure password manager. Check out the following article.
Note: there is a shift towards passwordless based access which improves your overall security posture. Although there is a shift this will take time to implement, and strong passwords will be required for some time for certain applications. If interested check out the following article.
♦ Two-Factor Authentication (2FA): Although strong passwords are critical where passwords are still in use everyone should be enabling two-factor authentication whenever possible. This includes both personal accounts such as email, banking, and social media but also your professional accounts as well. If you have access to your employers VPN or SaaS based applications and two-factor authentication is not enabled, I encourage the community to push employers to advance their level of security – it protects both you and them. Ideally, the MFA platform would offer risk-based authentication methods that determines the level of risk based on multiple factors such as device health, location, and so on. This should help remove user friction and either step up or step down authentication requirements based on the risk determined. Check out the following article around 2FA.
♦ Phishing Awareness: Turn those Spidey senses on to help identify phishing emails, these are the threat actors attempts to fool you into giving up sensitive information. Scrutinize each email and when in doubt do not click about. This includes suspicious links, attachments, or personal data. The bad thing is that artificial intelligence is helping the threat actor and their ability to create emails that look legitimate. Employers should be deploying advanced email threat protection capabilities powered with artificial intelligence to minimize employee and organizational risk. Check out the following demo for email threat defense.
♦ Email and Web Safety: This one is broader than phishing alone as email is still the number one attack vector and treat actors leverage web links and attachments. Scrutinize all emails with links, attachments, be aware of pop ups, and if it looks odd it most likely is. If in doubt kick it out by deleting it or moving into junk or quarantine folders. Home users can leverage OpenDNS to protect against basic threats found here. Organizations should look into advanced email security and advanced web protection capabilities such as Email Threat Defense and Secure Access
♦ Advanced Endpoint Protection: One of the last resorts protecting against compromise. If all other protection methods fail the endpoint provides an additional layer and is a must have. Personal assets should have endpoint protection enabled and ensure it is updated regularly. Cisco provides open-source endpoint protection capabilies with clamav. When it comes the enterprise we need endpoint protection with multiple engines, endpoint detection and response with forensic capabilities that supports multiple operating systems and aligns to the MITRE ATT&CK Framework. The endpoint becomes messy with all these controls needed to secure it so there is an opportunity to simplify. Imagine having a endpoint security client that provides EPP, EDR, Forensics, Sandboxing, DNS, WEB, DLP, CASB, Network Visibility, Device Health, VPN, ZTNA, and more – well its now a reality with Cisco Secure Client.
♦ Software Updates: Vulnerabilities expose our systems and regularly updating your personal operating system, applications, and security software is critical. Simply schedule and keep things updated across the board. When it comes to corporate assets and patching there is increased risk involved so a risk-based vulnerability management program is key. We see roughly 2-5% of all vulnerabilities require patching. This builds confidence in the patch management program for all stakeholders involved while reducing the services risk associated with blindly patching systems. Applications teams will love you once you deploy a risk-based vulnerability management platform – we all need a little more love as defenders. Check it out here.
♦ Data Backup: When bad happens backups may be the only way back. Regularly back up critical files and personal data to an external source such as cloud storage and or external drive. Most operating systems provide users with built in options, but you need to move the backups off the local device as the threat actor will try and erase them or make them impossible to recover. Enterprises should have strong disaster recovery processes that include data backups but point of time recovery may not be in place. Organizations should consider snapshot technology based on risk seen elsewhere in the environment as a real time precautionary measure in case of compromise. An example of this is with Cisco XDR and Cohesity – the ability to snapshot the assets prior to compromise based on upstream indicators. This provides a current point in time recovery option in case controls fails. I know superhero stuff available for the superheroes defending.
♦ Social media privacy: review your privacy settings as we have seen the threat actor take advantage of this information and use it to it to impose as you to get more information for nefarious reasons. Everyone should consider what is being shared publicly. When it comes to the enterprise ensure you build in processes to ensure rigor when someone calls in asking for information or resetting access. We have seen this with some larger breaches of late where the threat actor just called the help desk portraying as someone with elevated privileges. Access granted and the threat actor hits the jackpot!
♦ Cybersecurity Training: Everyone should take cybersecurity awareness training whether through online free training offerings if you have never taken it with an employer. Organizations should have a program in place that encourages not disciplines employees advancing their knowledge on a regular basis when it comes to potential risks and best practices for keeping company data and systems secure.
We as users must ensure we are not using the same password across personal platforms such as email, banking, and social media.
This is just an example of some of the items to consider not just during Cybersecurity month but everyday moving forward. The above are absolute basics and are non-negotiable in today’s digital world. In my next blog we will talk about commodity-based controls and how defenders need to elevate their capabilities to even the playing field.