Optimal practices for dealing with the cyber threat landscape and protecting your business tend to evolve over time as threats morph, IT ecosystems grow more complex, economies boom and burn, and ways of working change. The timescale in which the essential security practices defenses change drastically is usually in the order of many months, perhaps even a couple of years. Reflecting the contemporary trends in cyber security, IT and the cybersecurity labor market, here are six essential security practices your company needs right now to stay protected.
1. Staff augmentation (MSSP support)
With the cybersecurity labor market still suffering from a huge shortfall in supply, businesses of all sizes struggle to fill important security positions. There is no sole cause of this shortage. A more menacing and high-volume threat landscape calls for more resources to defend their assets than organizations can keep up with; other contributing factors include a lack of workforce diversity, excessive requirements in job descriptions and the fact that an aura of mystery still surrounds cybersecurity careers.
Any widespread improvement in the cybersecurity talent shortage will probably mean a medium- to long-term wait. (ISC)²’s most recent Cybersecurity Workforce Study estimates a global cybersecurity workforce gap of 3.4 million people. Meanwhile, you still have systems and data constantly under attack from threat actors, many of whom are financially motivated. So, what are your options right now?
There’s a strong argument that the answer lies in staff augmentation via managed security service providers (MSSPs). These companies deliver specialist security functions as services, helping to reduce the burden on your in-house staff. Whether it’s outsourced monitoring of systems and endpoint devices, vulnerability management or firewall configuration, augmenting your resources this way is both cost-effective and time-efficient.
2. Vulnerability audits
Vulnerabilities make it easier for threat actors to gain access to your network and/or progress toward the objectives of their cyberattacks. And any hacker with a modicum of skill will likely find these paths of least resistance, exploiting them to their fullest extent.
Vulnerabilities are weaknesses in code, libraries, frameworks, systems and applications; they are usually addressable with a simple patch. Where a patch is not available, there are other mitigation options, such as segmenting the affected system away from the rest of your network or migrating from an unsupported legacy asset to a more modern option.
A persistent problem with vulnerabilities is that companies simply don’t know how much risk they pose. The average Fortune 500 company, for example, has 476 critical vulnerabilities. A recent binding directive from CISA instructed U.S. federal departments to identify and report on suspected vulnerabilities. It would be prudent for all companies to follow suit with regular vulnerability audits.
3. Multifactor authentication
Many security best practice lists and official documents from the likes of NIST recommend that companies strengthen authentication. Going beyond usernames and passwords for securing account access is a critical layer in the security defenses at companies of all sizes. The most robust option that effectively balances security with user experience is multifactor authentication (MFA), which requires users to provide two or more categories of evidence to secure accounts against unauthorized access.
Unfortunately, while larger companies have mostly migrated to mandatory multifactor authentication, adoption lags for smaller companies. Recent evidence suggests just 13 percent of employees at SMBs must use MFA when logging in to systems and apps. This figure must increase given the percentage of breaches that begin with threat actors taking over user accounts with weak or stolen passwords.
4. Least privilege access permissions
Staying in the security domain of identity and access management, it’s important not only to reduce the chances of user accounts being hacked, but also to limit the access permissions that users have to various resources. As roles change and employees take on new projects, they often accumulate unnecessary privileges and access rights to resources that they don’t need.
In the event of an intrusion, excessive access permissions facilitate lateral movement and privilege creep, both of which allow hackers to achieve their aims. These excessive permissions also increase the potential damage from malicious insider threats.
To combat this problem, base the foundation of your approach to access management on the least privilege principle. This principle aims to provide only the minimum permissions needed in a particular app or system for that user’s specific job role. Regular audits of account access are important in adhering to this privilege as your dynamic IT ecosystem undergoes regular change.
5. Managed detection and response
Threat hunting, monitoring and effective response are pivotal security capabilities that many companies lack. Preventative controls designed to keep out intruders don’t always work. Traditional EDR solutions help to provide some of these important detection and response capabilities by analyzing events from laptops, workstations, mobile devices and other endpoint devices.
But managed detection and response (MDR) goes more in-depth with a skilled team of outsourced security experts taking charge of detection and response. MDR provides round-the-clock monitoring for security issues and active threat hunting across your environment, whether that means on endpoints, within your network or in the cloud.
6. Digital footprint visibility
As more companies have migrated workloads to the cloud, they’ve exposed more IT assets to internet-facing threat actors. Leaky cloud storage buckets, expired SSL certificates, open ports, leaky Github repositories; these are just some of the risky traces of an organization’s digital footprint that can provide a path of entry to your network or data.
Full visibility over your digital footprint is imperative for managing and reducing your attack surface. Thankfully, as risks have increased alongside the growth in external-facing assets, security vendors have started to release solutions that automate the identification and cataloging of your digital footprint. Some vendors call their solutions digital footprint monitoring while others opt for attack surface management but the underlying premise of both is the same.
Get the help you need at Nuspire
All of these security practices are worth adopting right now if you want to bolster your cybersecurity defenses in the face of an onslaught of threats. Nuspire’s managed security services help you align with these practices by augmenting your staff with endpoint detection and response, vulnerability management and threat modeling. A dedicated MDR service gives you 24x7x365 monitoring to combat threats on your endpoints, within your network and in the cloud.