If your agency hasn’t experienced some troubling
cybersecurity incidents in the past year, you’re one of the few. In 2019 alone,
federal agencies reported nearly 29,000 cybersecurity incidents. An increasing
number of those are ransomware, a form of malware that encrypts an
organization’s files while hackers demand a ransom for the decryption key.
There’s good reason why ransomware and other types of
malware continue to plague organizations. Cybercriminals keep devising new ways
to get what they want, and their attacks can result in lucrative payoffs.
The best way to deal with cybercriminals is by meeting them
head-on through proactive defenses and countermeasures. Let’s put it this way.
Your mission, should you choose to accept it: to
detect and eliminate threats across all your assets. You’ll be going up against
the best and brightest, but with the right approach, the right tools and the
right attitude, you can get the job done.
Step 1: Preparing for the mission
Standalone tools such as encryption and response automation
are important weapons in your arsenal, but they aren’t enough. There are a few
reasons why:
1. Tools can interfere with each other. If your
agency is using two antivirus tools and both detect a threat in a recently
downloaded file, the programs may fight to quarantine it. As a result, they
might rule each other out. That’s true of other types of tools as well. For
example, one security tool could identify an agent associated with another
product as malicious.
2. Sometimes, the more tools, the more complex the
response. The sheer number of tools can cause interoperability problems,
capability redundancies, or, worse yet, reduced effectiveness. Having too many
tools gives the illusion of better security, when the opposite could be true.
One study found that organizations using 50 or more security tools ranked
themselves 8% lower in their ability to detect an attack, and 7% lower in their
ability to respond, as compared to respondents with fewer tools.
3. Some older cybersecurity tools aren’t compatible with
newer technologies or the cloud, rendering them useless. Say that your
agency began using a specific network firewall 10 years ago, around the time it
was revamping its network. While that tool may have been effective back then,
it probably doesn’t work well in today’s distributed, cloud-based environment.
That means you’re not getting the protection you need.
Step 2: Readying your troops
In this case, your troops are your capabilities. The best way
to defeat the enemy is by having the right specialists in your squadron working
as a unit.
The first specialist is security testing. Penetration
testing is one of the best ways to understand your agency’s vulnerabilities and
how hackers could exploit them. With this information, you can better prevent,
detect and respond to security incidents. The most effective testing requires
the right focus — one that thinks like the bad guys. That’s why many agencies
use testing experts — often, independent, trusted third parties. They
understand the landscape and can achieve results.
Second is threat detection and response. When it
comes to stopping cyberattackers in their tracks, speed is the key. The quicker
you know what you’re dealing with, the quicker you can stop it.
Specialist first class threat-hunting is up next.
Looking for threats before they become bigger problems is the best way to
protect an organization. This comprehensive method requires proactively
searching through agency resources and pathways to detect and isolate threats.
The most effective threat-hunting combines advanced processes, security tools
and human intervention. To get the best results, use experts in digital
forensics who know how to find and take out the bad guys.
Next up is commander incident response. When a breach
happens, coordination and timing are everything. It’s hard to learn to fight an
incident when you’re in the middle of one! So, you need a well-rehearsed
response plan that’s regularly tested. To ensure success, some agencies choose
to have an outside expert standing by.
Bringing up the rear is staff sergeant vigilance:
When it comes to cybersecurity, you can’t miss a beat. The cybercriminals never
take shortcuts, but they’re always on the lookout for missteps they can exploit.
Click
here for the original article.