In today’s digital, data-driven economy, cyber security is the foundation of any strategy, because cyber threats are increasing in volume and in sophistication. There are a multitude of cyber security controls that businesses can implement and leverage to protect against cyber threats.
SMEs don’t always have the budget and resources at hand to defend themselves. Information is invaluable to the business leader, especially details that can end up saving thousands if not millions of rands. It is important to keep perspective, and many tech vendors paint a very bleak picture to trigger a response from the market and a rush to purchase solutions. “With these controls in place, businesses are generally considered to have done the best they can to protect themselves,” says Dillon Gray, COO of IPT.
The first cyber security control is user access control
In South Africa, the average length of time to identify a data breach is 177 days, while globally it is 207 days. One could argue that South Africa is more security conscious than other regions, but why does it take 177 days? There is a misconception around hackers that being masked figures, acting alone somewhere unknown. This is simply not the case. Today’s hackers are sophisticated, work in syndicates and use the latest technology, like AI, to target a broad base simultaneously.
Gray says that once hackers have access to your environment, they won’t initiate attacks straight away. “No, they are going to do their homework, they are going to study their target and find out if its viable, and whether or not they will get a return on their investment of time and skills.”
It is vital to authenticate users routinely before granting access to applications or devices, using unique credentials, and companies should have an off-boarding process in place to deactivate accounts of employees who leave.
Gray advises organisations to implement two-factor authentication, and ensure that user admin accounts are used to perform admin activities only, and to remove or disable special access privileges when not required. “The key thing here is to make sure you know who is logging into your environment and whether you can identify them,” he continues.
Control number two is secure configuration
It’s very easy to rely on the purchase of new software, and believe you are now fully protected. “The problem is you haven’t changed the default settings. Everyone knows what these default settings are – so you’re not safe at all. You must remove unnecessary user accounts on any device able to access the network. If it’s unnecessary, then remove it,” he adds. It’s important that businesses do not allow employees to install software that is not critical to fulfilling their function in the business. The more software components, the more patching is required, and the higher the security risk. Disable auto-run features, especially those without user authorisation. Every single person must be authenticated before they are granted access, especially in terms of financial information.
Control number three is patch management
Many businesses struggle with this one, because of the assumption that ‘the IT guy’ will take care of this. “In the IT world, that guy is fighting fires 99% of the time, so something like patch management will slip through the cracks. You need to automate patch management as much as possible. There are third-party tools available. We have a whole workflow that automates this for our customers, from the servers to the switches to the firewalls down to the physical laptops and end user devices. Whatever software you are running in your environment must be licensed and supported,” Gray continues.
The fourth control is firewalls
The firewall is critical because it is your access point into your network. “It protects you from the outside, but it also protects people on the inside from accidentally accessing malicious content,” says Gray.
Key aspects to bear in mind are changing any default administrative password to an alternative using best practices or disabling remote administrative access entirely; blocking unauthenticated inbound connections by default; ensuring inbound firewall rules are approved and documented by an authorised individual; and using a host-based firewall on devices that are used on untrusted networks, including public Wi-Fi hotspots.
Control number five − malware
To simplify this control area – a minefield of acronyms − there are some points to keep in mind, including keeping software up to date with signature files updated at least daily. Antivirus is a well-known term, but that is only one component – there are many enhancements on antivirus, like EDR, MDR and XDR.
“Traditionally an antivirus downloads a signature file to your device, and then any file coming into your device will be compared to the signature file. If it is listed in the signature file, it is deemed to be malicious. So the signature file is really a list of all the bad stuff,” Gray says.
It is critical to configure software to scan files automatically upon access, ensure software scans web pages automatically when they are accessed through a web browser, and ensure software prevents connections to malicious websites. The last line of defence – if all else fails – is to consider data protection and backup. Factor in automation, incremental and differential backups, encryption and multiple backup destinations.
© Technews Publishing (Pty) Ltd | All Rights Reserved
printer friendly version