Director of Technical Services
With 2018 officially here, one thing is certain: this year will be the most expensive to date in terms of cyber breaches and their impact. According to Gemalto, the first six months of 2017 saw nearly 2 billion records lost or stolen in cyber breaches—a 164% increase from the last six months of 2016. With the average data breach in the U.S. costing $7.35 million (IBM), who can afford to be among that crowd?
As the cyber threat landscape continues to evolve, so do the tools and processes designed to help protect you from attacks. Here are five tips to help enhance your IT security and protect your business.
Maintain a Mature Patch Management Process to Accelerate IT Security in 2018
According to Microsoft, 99% of all exploited vulnerabilities could have been prevented by an available patch or update. While most of us understand the importance of IT security and keeping our systems up to date, few organizations have a mature process for managing and deploying system and security updates and compliance checks. This was brought to the forefront in the spring of 2017 when the WannaCry ransomware attack took place, crippling over 200,000 systems worldwide. Much of this disturbance could have been avoided if organizations were diligent about applying the latest patches. What made matters worse is that many organizations experienced another hit up to three months later, facilitated by copycats that leveraged the same style of exploit—all because they still hadn’t updated their systems.
Leaving patch compliance in the hands of your users is not always the best idea. Much like dealing with a buzzing alarm clock, many us will continue to hit snooze until it’s too late. To achieve better IT security in 2018, organizations should ensure they have a complete patch management process in place—one that covers both critical core infrastructure, as well as user devices. A mature process deals not only with standard software and hardware updates, but also ensures emergency or critical updates are able to be pushed out quickly in order to protect you against zero-day attacks.
Nothing is perfect, and the Equifax breach is a great example of a situation where a mature process failed, missing the deployment of a critical patch. Unfortunately, by the time they caught it, it was much too late. To prevent a breach, organizations must also ensure they’re completing compliance checks on a regular basis to ensure top IT security.
Protecting Your Passwords is Essential to Better IT Security
By the end of 2018, 80% of all IT budgets will be committed to cloud solutions (Forbes). This is a smart move for organizations who want to drive productivity and enable more collaboration among their teams. However as companies move to the cloud to take advantage of its many benefits, the impact of a compromised account increases. When information can, essentially, be accessed by anyone with an internet connection, diligent password management and IT security are critical. When it comes to passwords, the conventional wisdom of “the more complex, the better” is not always the best advice if those hard to remember passwords are simply reused across multiple services.
Credential stuffing—a practice in which attackers use stolen account credentials to access user accounts through large-scale automated login requests—is successful due to widespread password recycling, enabling hackers to facilitate more effortless strikes than traditional brute force password attacks.
Most of us have registered for countless internet-based services over the years, leaving behind a trail of email accounts, usernames, and passwords. While the danger of an attacker using a person’s old MySpace credentials to break into their Uber account is very real, imagine the impact credential stuffing has on an organization when employees are using their corporate email addresses to sign up for sites such as Yahoo. With these email addresses linked to services such as ADP, Office 365, Salesforce, or even a corporate source code repository like GitHub, the danger grows. Luckily, through education and better IT security practices, you can protect yourself and reduce the likelihood of credential stuffing impacting your organization.
For organizations using corporate cloud services, two-factor authentication—which involves using one-time password generation—is worthwhile. When two-factor authentication options aren’t available, the traditional solution has often been password managers, which are systems that centrally store unique and complex user passwords for each web service. Unfortunately, due to portability issues and ultimately, a cumbersome user experience, the wide-scale adoption of password managers has been spotty at best.
To ensure top IT security, we recommend organizations take advantage of an enterprise grade single sign-on solution. These solutions can manage and maintain complex sets of credentials across many different cloud services on the user’s behalf. In the best case, they simply redirect cloud services to securely leverage existing corporate accounts, requiring a user to remember a single set of protected credentials. This practice makes things more simple for your staff, and provides you with more peace of mind with regard to IT security.
Harnessing the Power of AI
A single sign-on solution is not only beneficial for single users, it’s also advantageous for your overall business. A single sign-on solution provides businesses with a single point of control for granting and revoking access to corporate services hosted both internally and in the cloud. However, there is a downside; if exploited, that single set of credentials provides an attacker a one-stop shop for accessing your systems. With this in mind, it’s critical to ensure you have added layers of protection in place. Beyond two factor authentication, modern organizations who are committed to better IT security should explore intelligent protection services such as risk-based conditional access.
In short, conditional access means only allowing authentication to occur under safe conditions. For example, organizations can allow access to their cloud-hosted email service only from a known corporate device, which is up-to-date and connected to a trusted network. Beyond a set of restrictive conditions, organizations should also strive to leverage AI-assisted risk indicators that call out anomalies. This could include an indicator such as “impossible travel,” which is when a user logs in from a device in one time zone, then logs in an hour later from another time zone that’s impossible to reach in that time.
Adopting an “Assume Breach” Mindset for Maximum IT Security
Although protection is always our first line of defense, no matter how many controls we put in place, credentials can still be compromised. For maximum IT security and protection, organizations should adopt an “Assume Breach” mindset, which means focusing on protecting access, but also on quickly identifying when accounts or systems have been compromised using advanced behavioural analytics. These systems can track non-standard user behavior and raise errors traditionally buried deep within system log files. For example, Joe from accounting can barely turn his PC on in the morning and has done nothing but log into email for the past year—but all of a sudden, he starts launching remote PowerShell command and is attempting to log into several different corporate servers. In a traditional, secure environment, none of these actions would raise any alarms, considering Joe isn’t doing anything outside of what his account allows, but a good analysis engine will investigate and help identify both compromised accounts and systems as well as bad actors operating within your environment. With an “Assume Breach” mindset, the focus now shifts to quick identification, mitigation, and remediation of breaches before damage can occur.
Secure Your Supply Chain
It’s not uncommon for organizations to work with multiple supply chain partners, and in some situations, it makes sense to grant partners access to your systems or data. New cloud-based tools make it simple to collaborate with users—both internal and external.
It’s critical to remember that every time you open up systems or share data, you’re exposing yourself to any risk that exists within the other party’s environment. While some organizations require their partners to sign agreements stating specific controls and systems are in place to protect accounts and data, these types of agreements are difficult to maintain and even more difficult to effectively enforce. Alternately, we recommend organizations enforce industry standard compliance certifications. IT security-specific certification, such as Cyber Essentials, ensures organizations have implemented a common set of controls and are performing basic due diligence to protect your information while removing the burden (on your end) to validate compliance.
Focus on IT Security in 2018 to Protect Your Workforce
We’ve all heard the saying, “a chain is only as strong as its weakest link,” and when it comes to IT security, the weakest link is often attributed to users and their behavior. We believe all employees want to do a good job, and that users who engage in insecure or risky behaviors (whether it be reusing passwords, attaching copy on their keyboards, or using non-corporate approved applications) are not being malicious—they’re likely trying to find a way to work more efficiently. Employees without proper IT security knowledge and training simply don’t understand the potential risks or consequences of their actions.
Organizations need to educate and empower their employees to be part of the solution. They should also take advantage of valuable software and tools that help track risky user behavior (such as clicking on links in a phishing email). A good system will identify high-risk users through real-world simulations. The key is to empower your users to identify risk and reward them when they do it correctly. These systems can help turn your biggest target into your most important security asset.
Bulletproof’s IT security experts help organizations drive efficiency by migrating their data to Microsoft’s new all-encompassing cloud solution, Microsoft 365. We also help organizations who are already operating cloud-based systems get more out of their investment. Bulletproof 365 is a proactive, turnkey solution that provides business leaders with reassurance that their technology is completely secure and able to deliver maximum value. The Bulletproof 365 package is comprised of unrivaled cybersecurity education and training, a Microsoft 365 subscription, a 24/7 support desk solution for your customers, and IT security services that encompass everything from network protection to breach detection and response.
Are you ready to take on 2018 with an IT security and productivity solution you can rely on? Download the Bulletproof 365 data sheet now.