Effective end-to-end security framework
Companies should no longer be reactive towards a cyber-security breach. Instead, they should have all the relevant frameworks in place to protect what is critical for every company nowadays: its data.
Companies should no longer be reactive towards a cyber security breach. Instead, they should have all the relevant frameworks in place to protect what is critical for every company nowadays: its data.
Brett Skinner, Security Sales Manager for Micro Focus, told attendees at the recent ITWeb Security Summit 2019 about the importance of implementing an effective breach defence through cyber security frameworks.
Though there are numerous frameworks in the market, Skinner highlights the NIST framework as one that can be implemented in combatting cyber attacks.
One of the issues Skinner believes is problematic with companies in South Africa is that many continue to invest in point products as opposed to fixing the problems.
Why is this still an issue today? Says Skinner: “It’s because of the explosion of data, and with data being such a valuable commodity nowadays, cyber criminals are continually looking at how to breach companies, with many not even knowing they’ve been breached until after the fact.
“There are numerous examples of this, and in most cases the breach has occurred through an employee in a company having his login details compromised, enabling the breach.
“Once discovered, it can take time to then plug the hole and then assess the actual damage. And if you consider on average an employee accesses 10 apps across various platforms a day, it can become problematic in ascertaining where the breach came from.”
This is where solution frameworks like NIST come in the equation. “They are built to integrate and not complicate a company’s security portfolio,” says Skinner, “it becomes your roadmap in planning for the future and not just for today.”
Cyber security compliance should be as a result of good governance risk management practices, says Skinner.
“Success requires planning and you need to look at your framework and see if it fits in with the relevant government mandates regulating how data is protected and utilised. POPI is not applicable in South Africa just yet, but there is other countries’ legislation – such as the EU’s GDPR – to take into consideration, depending on with whom and where you conduct business, and where your customers are from.”
Within this cyber security framework there are five key elements: identity, protect, detect, respond and recover.
“You start by assessing where the risks are in the environment, then seeking out and eliminating vulnerabilities, at the same time keeping everything patched and updated. This doesn’t just apply to operating systems but also applications, databases and other systems. At the same time, don’t treat all systems the same with security measures being employed where they matter most as you prioritise which systems need stronger defence along with concentrating tighter security controls on these higher priority systems.”
In preventing and/or limiting the impact of a breach one needs to safeguard the appropriate use of critical infrastructure, apps and services.
Here, according to Skinner, you are faced with striving for a ‘least privilege’ authorisation model. This should employ access governance and automated provisioning in determining and enforcing the appropriate entitlement settings. “It is critical when using privileged access management to lock down and monitor administrative and service accounts, while leveraging multi-factor authentication in providing greater identity assurance along with leveraging encryption in ensuring data confidentiality, integrity and availability.”
Effective inspection and analysis aid in greater awareness and quicker response. “Scan for anomalous activity and examine the potential impacts of events and determine if this represents an increase in risk,” says Skinner, “Continuously monitor information systems and assets to identify potential attacks and verify the effectiveness of protective measures. At the same time, educate your employees and staff, and train them to watch out for social engineering tactics. Remember that no one is above being a target.”
Here you are taking appropriate action to contain the impact of a cyber security incident. “Response requires preparation, so devise and maintain processes and procedures to ensure there isn’t a delay in taking action,” says Skinner. “Communicate and coordinate with internal and external stakeholders, including law enforcement where applicable. Analyse the situation and determine the best course of action and how best to support recovery activities and then mitigate the effects of the breach, preventing the expansion of an event and eradicating the incident.”
The last step is restoring all capabilities affected by the incident. “It is critical,” says Skinner, “in the timely restoration of impacted systems and assets back to normal operations. Here you need to communicate and coordinate with internal and external parties, such as coordination centres, ISPs, Computer Security Incident Response Teams, and so forth. And then lastly leverage lessons learned from this event so you can improve preparations for the next potential incident.”
He concludes: “Siloed tools cannot address enterprise-level challenges and in order to protect themselves from cyber crime, companies require an end-to-end solution.”