With football season at its pinnacle at both the college and professional levels, the best teams continually focus on the fundamentals that make them successful.
In security, we need to do the same. It is okay for us to have a few key plays, especially in certain industries where we have to focus on unique threats, but we must ensure we cover the basic controls that we have learned are required to be successful against today’s threats.
I know of a lot of companies that implement these controls and processes but also know of others that have failed to implement all or even most of them.
It is hard to come up with a short list and I have omitted some areas (such as education/awareness, governance, and vulnerability management) that are absolutely essential. Instead, I have focused more on technical issues that I see as being a challenge.
The first area that I will discuss is the need to remove admin privileges from user accounts on their end-point systems. This is clearly a challenge for many companies. I do not know if they do not understand or appreciate the level risk they are accepting or if it is just too difficult for the culture of their company.
I believe this is one of the top un-addressed risks in many companies because it enables an attacker to obtain privileged credentials for not only the end-point but for other systems in an enterprise. I also believe the solution and the on-going management is not that difficult. You just have to address it with the right solution that enables the business and users to easily use their systems and for IT to easily manage it. We will discuss both the risks and solution for this area.
The second area focuses on managing administrative or privileged credentials. Since most attacks seek to obtain privileged credentials to enable their access and mission, there are basic and key controls that companies should implement to make it much, much harder for both cyber attackers and insiders to obtain these credentials. We will discuss the best practices in this area.
The third area of discussion is the protection of your crown jewels and other sensitive information. It is extremely hard and expensive to try to protect everything so you need to focus on the top few percent of your information that really matters. Again, during my webinar we will discuss the best practices in identifying and protecting this information.
The fourth area that we will discuss is to control what leaves your environment. For years now, we have mostly focused on keeping the bad guys out. Unfortunately, we have lost those battles, not because the defenses we put up did not work but because the attackers approached changed and we have not kept up. Like the people living behind high walls of medieval castles, our walls or firewalls, moats or AV / IPS are not addressing the problem of attackers going directly after our citizens and using them or their systems to steal information. We even know that the attackers will wait until the citizens leave the walls of the castle / enterprise and exfiltrate the information when it is easier.
On this topic, we will discuss some of the best practices to help keep a company’s valuables from leaving as well as protecting them when they are carried out on mobile devices.
The fifth basic area of discussion will be on improving your ability to detect cyber attacks as early as possible. We know that most companies are doing a poor job at detecting cyber attacks and on average it takes more than 200 days. Unfortunately, by then, attackers could steal everything in a company. One of the many examples is the 12 TB of information stolen from Sony before they discovered it.
So, in this area, I will be discussing some the things you should be doing to improve you ability to detect an attack very early in the process so you can stop it before damage is done.
The sixth and last area is about “discovering and removing your weaknesses”. This is all about using the right processes and resources to find your weaknesses. You will need to think and act like an attackers. Often, this does require using external resources that have these skills. Your challenge will be to gain alignment in your company to fund and fix the identified areas.
Larry Brock, Principal at Brock Cyber Security Consulting
Mr. Brock is the principal at Brock Cyber Security Consulting, LLC. His primary focus is to help companies improve their capabilities to protect, detect and respond to attacks on their intellectual property from both insider and advanced cyber threats. Previously and for more than 11 years, he was the Global Chief Information Security Officer at DuPont. Prior to this role, he has work in other Information Technology Positions, Marketing, and Research & Development at DuPont and as a Security Officer within the USAF. Within DuPont IT, he was the CIO of the Nylon Flooring business unit. He has also led the development and implementation of several large systems including; manufacturing product control, materials management, engineering maintenance, quality management, and data warehouse systems. While working in the Corporate IT group, he led the migration to open-based systems for both networking and computing. In DuPont Research & Development, Mr. Brock led the development and deployment of imaging based systems, including a patented system to electronically move radiographs between hospitals and remote physicians. He served as an Information Security Officer within the U.S. Air Force and assigned to the National Security Agency (NSA). He served on active duty at the NSA for 4 years and then in a reserve capacity for 26 years. Mr. Brock has BS and MS degrees in Electrical Engineering and is a Certified Information Security Manager, CISM.