Last year more devastating security breaches grabbed our attention! As an IT Professional, what is the most important step to prevent cyber-attacks?
#IamIntel
Intel Corporation
Brand Representative for Intel Corporation
Blocking all internet access 😊
Brand Representative for KnowBe4
There are two aspects to this.
The first is looking externally and seeing what has been the top root cause of attacks.
When we look at most reports / threat intel etc. It often comes down to social engineering (spearphishing), poor passwords, RDP, and unpatched software.
So those are the things I'd say are worth focussing on when looking at the externally available data.
However, from an internal perspective, I always say, let's go through the incident logs for the last 2 years. Let's see what has been the root cause of incidents and let's focus on those, because those are real issues for me.
The reality is pretty much not "if" you'll be breached but "when".
So, prevention, defenses are 100% crucial, so end user training, firewalls, patching, ids/ips, siem solutions, etc etc all absolute must haves.
But also, you need to plan your response for when you are breached - good backups (with regular restore tests), air-gapped, immutable storage etc. Plans and drills on how you can rebuild from scratch if necessary, DR, BCP, defined RTO and RPO's for each department in advance (cos at the time they will all argue they are most important and must be first in the queue). Add in the PR & compliance reporting side. Has any PII Been lost, who do you inform, how, how often, what are the legal reporting requirements. This is a bit of a minefield, so do you have a suitable relationship with a security partner organization who could be brought in to assist? Do you have cyber-insurance 'cos they will have a big say in how it's handled if you want a pay-out.
All sounds a bit much for IT - and it is, it should be a organization wide plan from top down.
Brand Representative for Lepide
I would like to add - continuous monitoring/auditing of changes made to the Active Directory environment, your data, permissions, etc. surely help in preventing cyber attacks. Here is a whitepaper that explains popular cyber attacks and methods to mitigate them.
According to my experience, end-user training is the most effective way to prevent security issues. Everything else is rather enforcing and strengthening that foundation but does not replace it in any way.
Planning, preparation, education
Brand Representative for Intel Corporation
Excellent points! Planning is always king of prevention.
Social engineering is a very effective hacking technique. You can do some incredible things with a smile, a clipboard, and acting like you belong or a persuasive phone call or email. Due to that end-user training is the extremely important, at least top 3 considerations.
I have been looking all over the internet and have found discussions about migrating from Essentials versions to Essentials versions, and from Standard to Standard, but not Standard to Essentials. My client is a small company. Their previous IT guy set t...
Because of the new licencing model from Oracle, we need to remove Java Runtime Environment from all of our laptops, but I'd like to be certain that doing so won't break anything...I have a reliable method of removal, so that part is fine, but I can't find...
Your daily dose of tech news, in brief. If you're into space, today is a good day for you as it is Asteroid Day although some also call it Meteor Watch Day. More on this is below. Back on June 30, 1945, the First Draft of a Report on the EDVAC (...
I'm wondering how others handle vendor accessibility into your systems, what are your policies and procedures?For accountability it's best to not share accounts, right? But, when the vendor seems to replace their employees or make changes and additions mo...
Several years ago someone at this company installed 2 Cisco sg200-26p switches. They were taking networking in college and locked the thing down like fort knox. each port is configured to only connect to the other cisco switch on a specific port. At le...
