FINAL WORD
threat profile. He clarifies, “In this regard,
you need to understand the likelihood
of exploitation at all of your network’s
entry points – users, applications, data
centres, and network infrastructure – and
the resulting impact if these entry points
get hacked. Your threat profile is a key
element in determining that likelihood.
Could your business be a target because
of such factors, for example, as its
geographic profile, industry, systems,
software, or data?”
McCullough offers the following 10
useful focus areas to consider in
order to help businesses strengthen
their security programmes and risk
mitigation strategies.
1
Understand the enemy
Although hackers today
include less-skilled novices
who are out to cause
malicious chaos, as well as those
who are driven by social and political
agendas, the majority of today’s
hackers are cybercriminals who are
motivated by money. Although they
have a reputation for sophisticated
methodology, in fact, many of their
methods are actually relatively
unsophisticated, and they tend to take
the path of least resistance, going after
easy targets.
80
INTELLIGENTCIO
2
Sort out your
cybersecurity budget
properly, including
cyber insurance
As outlined previously, applications
and user identities form around
72% of today’s IT attacks, yet this is
not generally reflected in IT budget
allocations. Spend your security budget in
the right way, and ensure that you have
cyber insurance as part of your budget.
Data breaches will cost you money,
and insurance here is as necessary as
household insurance for a homeowner
facing the aftermath of theft.
3
Train all employees
to understand that
security is everyone’s
responsibility
Awareness training makes everyone
more alert. Train your users to
“An astounding
72% of today’s
attacks target
identities and
applications, not
the network.”
recognise and curtail factors such as
spear phishing attempts and social
engineering. Help them understand
the importance of proper password
management. Train developers in secure
coding so that your web applications
don’t have coding vulnerabilities.
4
Properly control access
•
Remember that access
is a privilege. Strictly manage
what your user identities are
authorised to access, so that when
an identity is compromised, a threat
actor doesn’t have unlimited access
within the network.
• Manage your volume of user
identities. Enable single sign on to
reduce the number of passwords that
are stored insecurely or repeated
across multiple critical systems.
• Implement multifactor
authentication (MFA) for accessing
your network and applications,
because identities get compromised
and MFA will help to protect data
from being breached in the event of
user credentials being compromised.
• Tighten up on username and password
combinations. Don’t use weak/default
combinations, and implement account
lockouts after six failed login attempts.
Also, implement stronger encryption
methods on password databases.
www.intelligentcio.com