Cyber Security Planning

In today’s digital business climate, it’s critical to stay up to date with cyber security. In 2012, FEMA released a presentation “designed to increase understanding of cyber threat alerts, warning, and information sharing across sectors, and to test and evaluate government-private sector coordinating structures, processes, and capabilities regarding cyber event response and recovery.” Emerging technologies from the past five years call for an update of these recommendations, specifically:

1. There are an increasing number of differences in potential cyber attacks. Possible attacks include hacker, hacktivist, ransomware, malware, or phishing attacks. Ransomware has become more frequent. Culprits insert ransomware in environments through malware.
2. Your actions may be different depending on the situation. An attack that targets sensitive information or other data used by identity thieves may require a different response than an attack that is designed to disrupt business activities.
3. Be aware of increased sharing of information, both internally and externally. With social media, it is now almost impossible to limit how much information gets out. This is particularly the case about data or sensitive information.
4. Your plan should include triggers to contact law enforcement, regulators, or any security experts who can provide support and consultation.
5. Ensure third parties who have access to your environment have appropriate security controls. Don’t forget about devices that “phone home” for support or errors.
6. Review your internet use policy and ensure that there are appropriate filters and restrictions. There are still many organizations that use little to no filtering.
7. Ensure that all individuals in the organization understand and follow your policies. What may seem an innocent lapse could be an entry point. Phishing and malware issues often occur not because of a lack of protections, but due to individuals not following policy and best practices in the use of the internet, email, or file sharing.
8.  Consider log monitoring or system monitoring tools should as well. While these are reactive, they can help limit exposure if an event occurs and make reaction time faster.
9. Proactive monitoring tools may be necessary depending on the level of sensitive and personal data within your organization.
10. Does your process to remove access to both physical locations and network/data need to be updated? In most cases, you should disable access as soon as possible (same day) after an individual has left the organization. Is the timing followed?
11. Have you segregated your networks based on function? Public access should be through devices in a DMZ. Be sure to isolate application-based access and data. There is typically no need for end users to have data level access. Development and Test environments should be separate from Production.
12. Keep in mind that many of today’s attacks are automated. While humans may still be sitting in front of a terminal in some cases, those are the small minority.
13. Do you have any known gaps in your data security? Remember, ignoring an issue does not make it go away.
14. Even a short lapse in your security measures can result in a cyber attack. I spoke to a network security administrator who told me that they took some of their protections down to allow maintenance and within 30 minutes they had identified unauthorized access requests.

Cyber Security Is Always Evolving

It may feel daunting to think about, but it’s more important than ever to stay vigilant. To limit risk, constant review and updates to your environment, assessment of potential hazards, and training on policies and procedures will make a difference. Advance preparations allow organizations to limit impact, identify an issue faster, and prevent many attacks, but even the best plans and preparations will not prevent all events. Every organization will have an event of some type. Create plans and training designed to respond to an actual event when it occurs.