6. Keep the configurations consistent
The most secure organisations have consistent configurations with
little deviation between computers performing the same role. Most
hackers are more persistent than smart. They simply probe systems
and applications, looking for that single vulnerability in thousands of
servers that you forgot to fix. By implementing consistent change
management, you can establish configuration baselines and rigorous change and configuration control. Admins and users should
be taught that nothing gets installed or reconfigured without prior
documented appr oval. Find the right mix of control and flexibility
to avoid committee paralysis. At the end of the day, make sure any
change, once ratified, is consistent across computers.
7. Use least-privilege access control
“Least privilege” is a security maxim which means giving the bare
minimum permissions to those who need them to do an essential
task. Most security domains and access control lists are full of overly
open permissions and very little auditing. The most secure companies have automated processes that ask the resource’s owner to
re-verify permissions and access rights on a periodic basis.
8. Institute smart monitoring practices and timely response
The vast majority of hacking is actually captured on event logs that
no one looks at until after the fact, if ever. The most secure companies monitor aggressively and pervasively for specific anomalies,
setting up alerts and responding to them. Good monitoring environments don’t generate too many alerts. In most environments,
event logging, when enabled, generates hundreds of thousands to
billions of events a day. Certainly not every event is an alert, but
an improperly defined environment with rules that are not optimised will generate thousands of potential alerts – so many that
they end up becoming noise that everyone ignores. Some of the
biggest hacks of the past few years involved ignored alerts, the sign
of a poorly designed monitoring environment. The most secure
companies create a comparison matrix of all the logging sources
they have and what they alert on, then compare this matrix to their
threat list. Then they tweak their event logging to close as many
gaps as possible. More important, when an alert is generated, they
know it is significant and they respond.
1 Computer Science and Telecommunications Board, National Research
Council. “Computers at Risk: Safe Computing in the Information Age”
(National Academy Press, 1991)
2 Ponemon Institute (2016) “2016 Cost of Data Breach Study: Global
Analysis”
3 ibid.
4 ibid.
9. Create an Incident Response Plan
No organisation is immune to data breaches, and financial institutions especially will remain targets for cybercriminals. When a
breach happens, what are you going to do? Do you have a strategy
in place to deal with the impact of a breach? What will be your priorities and next steps? And how will you communicate the news to
your staff and customers? An incident response plan is the most important measure of today’s data security best practices but is sadly
overlooked by most organisations. Get all relevant departments
involved to agree on what to do following a data breach, and an
incident response plan will help you get through the aftermath of
a data breach without panicking or making aggravating mistakes.
Once created, the plan needs to be rehearsed and an incident
needs to be simulated to cover all possible scenarios, gain habits
and establish mechanisms for emergencies.
10. Seek help from a trusted and reputable security provider
No one performs heart surgery on themselves or attempts to remove an aneurysm at the dining table. This is something that is left
up to the experts. In the same manner, companies should recognise their core competencies and leverage trusted and reputable
partner experts to assist them with their security issues. This is an
area where almost all companies are the weakest!
In conclusion, the decision to buy, implement and maintain solutions
against cybercrime can be quite challenging and those responsible
are often overwhelmed with the sheer variety of security solutions.
Although there are hundreds of ways to become marginally more
secure, there are no quick fixes, no magical solutions to prevent cyberattacks – not even in the Caribbean, a region known to be ‘secure’.
Regardless of the size of your organisation, any best practices you follow or technology you have in place, your data will always be exposed
to some level of risk. However, if you adopt security best practices to
secure your data, meet compliance requirements and get advice from
a trusted security service provider when needed, you are already on
the way to protect your brand, decrease your exposure to risk and improve your security posture.
Katharina Gerberding is the Corporate Marketing Manager
of Above Security, +1 (450) 434 8062, www.abovesecurity.com
6 US Department of the Treasury (2016) “Resource Center – Foreign
Account Tax Compliance Act (FATCA)”. Available at: https://www.treasury.
gov/resource-center/tax-policy/treaties/Pages/FATCA.aspx [Accessed:
September 18, 2016]
7 St. Lucia Times (2016) The CAB Encourages Caribbean Governments to
Comply with FATCA”. Available at: http://stluciatimes.com/2016/09/02/cabencourages-caribbean-governments-comply-fatca [Accessed: September
18, 2016]
5 Reuters Investigates (2016) “Caribbean countries caught in crossfire of U.S.
crackdown on illicit money flow.” Available at: http://www.reuters.com/
investigates/special-report/usa-banking-caribbean/ [Accessed: September
22, 2016]
23