Cyber Security in the Modern Age: Understanding and Preventing Online threats

Cyber security has become increasingly important as more and more services move online, especially with the rise of ransomware attacks, malicious insiders and other online threats.

Organisations need to be on top of their security posture and provide budget to ensure threat actors are thwarted.

An attacker will only need to be right once to compromise an organisation, a security team needs to be right all of the time to ensure that an attacker is not successful. What does this mean to you? Cyber Security has always been a multi-front approach of continuously adding layers of defense so any possible attack is mitigated before vulnerabilities can be exploited.

Where do you start?

Answer: Start by identifying business-critical information assets, map their potential attack surface and current mitigations implemented. Software can easily be purchased and/or downloaded from the internet which the security or IT department is unaware of.

This software / application or SaaS solutions are called Shadow IT and not having visibility of them may cause a security incident later if controls are not implemented to manage any threat the software may pose.

Understanding Vulnerability Management and how to implement vulnerability detection

Forming a partnership with an organisation that provides managed vulnerability scanning services can assist in identifying and prioritising high-impact areas, as well as offering remediation for critical business applications. Bad actors often target the most accessible vulnerabilities—referred to as ‘low-hanging fruit’—which, if exploited, could lead to a successful attack and potential financial gain or other rewards for the attacker. These attackers frequently employ automated vulnerability scanning during their reconnaissance of an organisation.

So, you did the vulnerability scan, what next?

Addressing many vulnerabilities may necessitate deploying specific patches across the IT estate or applying particular registry key changes to devices. However, some vulnerabilities might require changes or updates to applications, which could disrupt existing automation or sever connections with other business applications.

It is crucial to deploy patches or updates in a test environment before broader implementation. Adhering to a change management process, where such changes are treated as standard, is considered best practice.

What else can you do to safeguard information assets?

An organisation must adopt an approach that goes beyond technology and encompasses people, processes, and policies. Here are some additional insights you should consider.

User Awareness Training and Education:

Phishing Awareness: Educate employees about phishing attacks and social engineering techniques. Regular training sessions can help them recognise suspicious emails and avoid falling victim. Also, they will learn about security best practices such as using MFA where possible.

Secure Coding Practices (where applicable): Developers should receive training on secure coding practices to prevent implementation of vulnerabilities in the creation of software or web applications such as Incorrect Default Permissions or Improper Privilege Management.

Legal and Regulatory Compliance:

GDPR, DPA 2018, ISO27001 and Beyond: Organisations must comply with data protection regulations, non-compliance to these regulations can result in hefty fines.

However, these are minimum requirements in some cases and organisations should aim for other standards that put their security to the test, for example Cyber Essentials and Cyber Essentials Plus as a minimum baseline for organisations to get started on their security journey.

Privacy by Design (where applicable): Embed privacy considerations into product design and development whenever designing software or applications or implementing new business applications.

Continuous Improvement and Adaptation:

Threat Landscape Evolution: Cyber threats evolve rapidly organisations must continuously adapt and stay informed about emerging threats and understand the risk they may present.

Red Teaming and Penetration Testing: Because of the forever changing threat landscape, regularly assess your defences through red team exercises and penetration tests, at least annually or whenever a major system change is implemented. This will provide confidence you have visibility of your threat landscape.

Emerging Technologies:

Artificial Intelligence (AI) and Machine Learning (ML): Organisations should consider leveraging AI and ML for anomaly detection, behavioral analysis, and predictive threat modelling. Tools such as Microsoft Security Copilot exist to aid network defenders in protecting the network from potential threats.

Incident Response and Recovery:

Incident Response Plan: Organisations should have a well-defined incident response plan. This includes roles, responsibilities, communication channels, and predefined steps to follow during a security incident such as a ransomware attack or virus infection.

Backup and Recovery: Make sure to regularly back up data and test the restoration process. Ransomware attacks can be devastating, but having multiple reliable backups can mitigate the impact and consider using some form of immutable backup to provide additional protection against ransomware.

Zero Trust Architecture:

Beyond Perimeter Defense: The traditional perimeter-based security model is no longer sufficient. Zero Trust Architecture assumes that threats exist both inside and outside the network. It requires continuous verification of users, devices, and applications.

Least Privilege: Implement the principle of least privilege, granting users and systems only the minimum access necessary to perform their tasks.