Home
Join

8 Replies

  • Blocking all internet access 😊

    Spice (3) flagReport
    Was this post helpful? thumb_up thumb_down
  • There are two aspects to this. 

    The first is looking externally and seeing what has been the top root cause of attacks.

    When we look at most reports / threat intel etc. It often comes down to social engineering (spearphishing), poor passwords, RDP, and unpatched software. 

    So those are the things I'd say are worth focussing on when looking at the externally available data.

    However, from an internal perspective, I always say, let's go through the incident logs for the last 2 years. Let's see what has been the root cause of incidents and let's focus on those, because those are real issues for me. 

    Spice (1) flagReport
    1 found this helpful thumb_up thumb_down
  • The reality is pretty much not "if" you'll be breached but "when".

    So, prevention, defenses are 100% crucial, so end user training, firewalls, patching, ids/ips, siem solutions, etc etc all absolute must haves.

    But also, you need to plan your response for when you are breached - good backups (with regular restore tests), air-gapped, immutable storage etc.  Plans and drills on how you can rebuild from scratch if necessary, DR, BCP, defined RTO and RPO's for each department in advance (cos at the time they will all argue they are most important and must be first in the queue).  Add in the PR & compliance reporting side.  Has any PII Been lost, who do you inform, how, how often, what are the legal reporting requirements.  This is a bit of a minefield, so do you have a suitable relationship with a security partner organization who could be brought in to assist?  Do you have cyber-insurance 'cos they will have a big say in how it's handled if you want a pay-out.

    All sounds a bit much for IT - and it is, it should be a organization wide plan from top down.

    Spice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • I would like to add - continuous monitoring/auditing of changes made to the Active Directory environment, your data, permissions, etc. surely help in preventing cyber attacks. Here is a whitepaper that explains popular cyber attacks and methods to mitigate them

    Spice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • According to my experience, end-user training is the most effective way to prevent security issues. Everything else is rather enforcing and strengthening that foundation but does not replace it in any way.

    Spice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • Planning, preparation, education

    Spice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • Excellent points! Planning is always king of prevention.

    Was this post helpful? thumb_up thumb_down
  • Social engineering is a very effective hacking technique. You can do some incredible things with a smile, a clipboard, and acting like you belong or a persuasive phone call or email. Due to that end-user training is the extremely important, at least top 3 considerations.

    Spice (2) flagReport
    Was this post helpful? thumb_up thumb_down

Read these next...