How do you improve cybersecurity without driving up costs?
Sort By:
Oldest
VP, Director of Cyber Incident Response in Finance (non-banking)2 years ago
That's one of the reasons why I can't stand the acronym, APT: An advanced persistent threat is only as advanced as it needs to be. And most of the time, it's not all that advanced. The adversary may have some good infrastructure behind them, but the mechanism that they use to get inside your network is not usually that advanced.
Independent Consultant & Industry/Market Reseacher in Finance (non-banking)2 years ago
Cyber Security risk is very much a reality for all types of organizations & individuals. This has become increasingly complex. This has also now become a very remunerative profession. In fact, the cyber security criminals/threat actors are now working in partnership mode. Cyberwarfare has become more powerful and damaging than physical warfare. State-sponsored cyber terrorism has been picking up. This is the most potent unconventional & digital weapon being used. This is the most dangerous reality in today’s world. We have to recognize the gravity of the situation and continuously strengthen our cyber security posture to prevent, detect, identify, contain, remedy & resolve all cyber security problems. The following cost-effective steps may be taken for the purpose. 1) We must deal with cyber security risks proactively, not just reactively. Know about the existing types of cyber security risks/attacks and the emerging cyber-attacks including the modus operandi of cybercriminals. Hands-on practice in simulated environments may prove very useful to prepare for prompt responses to cyber incidents.
2) One must adopt the best computerized practices. The physical & logical access to one’s systems & other computer assets has to be authorized only under the least privilege model. Computer logs have to be checked through SOC/SIEM solution as manual verification could be impossible. Access has to be based on the zero trust Network model only. Identity has to be verified at every point of access. End-point security, including perimeter security, should be duly ensured. Cloud security has to be ensured including prevention/mitigation of cyber risks arising out of incorrect configurations. Migration to the cloud including hybrid cloud has picked up significantly across the world.
3) Employees must act as the first layer of the firewall. All employees, including the members of the Board, have to be properly trained in various aspects of cyber security again & again. Continuous training/creation of awareness is a must. Everyone must understand that around 90% of the cyber security breaches happen due to insider support/involvement and hence, must take necessary precautions. Penetration testing at regular intervals and also more frequently (as required) has to cover both internal & external devices/IP addresses. Vulnerability assessment has to cover all the computer assets as frequently as required. Application Security testing under DevSecOps mode has to continue. Source code review, Configuration review, and Firewall policy review have to be conducted including IS Audit Review from time to time.
4) Last but not the least, a robust cyber security posture, based on a strong enterprise-wide cyber security culture, has to be created by every organization and continuously monitored & strengthened. If everyone is duly cybersecurity conscious it will reduce the growing cyber security concerns significantly.
Director ERP Management in Travel and Hospitality2 years ago
Review your intrusion detection system (IDS) notifications daily and make decisions based on the facts.
Another factor is defense. Some organizations have one control and they think that's all they need. But you have to layer these controls so that it becomes much more difficult for the bad actors to navigate through and get to the underlying access they want. When I do root cause analysis on these incidents, I often find that even though the organization had two-factor authentication (2FA), they also had one test VPN account that they forgot about, and that is how the attackers got in. It's always something like that.
You don't need to spend millions and millions of dollars to get a good cybersecurity posture. If you have the budget, go for it. But people are going to get you with some basic things. If you don't do the basic things well, all the money you're spending on advanced anomaly detection doesn't matter. Because if you leave the door open, or if you leave the key right outside the door, people are just going to walk in.