6 tips on how to detect the unknowing data breach accomplice

July 13, 2020
With the move to at-home workers, there has been a spike in teleworking attacks

According to the U.S. Department of Homeland Security, we are seeing a spike in attacks on teleworking infrastructures. At the same time, in the rush to enable WFH, organizations have drafted nearly half of their cybersecurity pros to work on non-security issues, according to a survey from (ISC)². This can lead to a neglect of basic security practices that dramatically reduce the effectiveness of data protection efforts and helps hackers achieve their goals.

Unfortunately, a recent survey from Netwrix shows that many organizations were neglecting security basics even before the pandemic. IT pros at 56% of organizations admitted that they don’t review access rights regularly, and 30% said they grant permissions based solely on user requests. These failures to follow best practices expand the organization’s attack surface and increases the chance of data breaches. According to the Ponemon report, the average cost of a breach is $3.92 million, a stunning amount during good economic times and disastrous in today’s economy.

Clear Processes are the Key to Success

To avoid financial damage that can jeopardize your business, you need to redouble your focus on security basics. Clearly, you need to ensure that your employees understand and follow basic security best practices. But you also need to implement processes that minimize the burden on your IT staff and enable them to respond to data security threats more effectively. The following steps will help you manage your IT staff more effectively:

1.   Provide clear rules for your IT teams.

You likely already have policies that outline what your IT pros need to do to minimize security risks to your data. However, there is a chance that your team will fail to follow these rules if you don’t provide detailed workflows for applying the policies to each system. Therefore, it is essential to document each workflow and include all required security controls and procedures. Use standards like NIST 800-53 to identify rules for your IT teams to follow. Here are examples of security best practices to include:

o   Enforce the least-privilege principle. To reduce your attack surface and mitigate the risk of improper data access, make sure that each user — including all IT team members — has the bare minimum permissions required to do their job. Review access rights at least every six months to make sure no one is assigned more privileges than they need. It’s prudent to have more frequent (quarterly or even monthly) reviews of access rights for locations with your most sensitive data.

o   Conduct an asset inventory. At least once a quarter, review your logical and physical assets (e.g., databases, software and computer equipment) and determine who is responsible for the security of each of these assets. 

o   Maintain an incident response plan. This plan should include procedures for handling and reporting incidents as well as guidelines for communicating with outside parties. Standards like NIST SP 800-61 r.2 and ISO/IEC 27035 offer good starting points for developing a new plan or revising your existing plan. Be sure to test and revise your plan on a regular schedule.

  1. Assign responsibility.

Decide who will be responsible for each area of your security processes, such as who will monitor data access and who will review permissions. Clearly articulate the goals and priorities for each staff member so everyone can be more effective and you can avoid overlap in responsibilities.

 3.    Keep track of critical changes.

You need to track all changes to your IT infrastructure that could jeopardize security or system availability and ensure that you can quickly investigate whether they were both authorized and performed properly. Since a single misconfiguration of a key system could lead to downtime or a data breach, quick detection and response is crucial.

4.    Empower your team to quickly detect and investigate security threats.

According to Ponemon, the average time to detect an incident is 279 days— over 9 months! That gives culprits plenty of time to compromise large volumes of your valuable and regulated data. With the threat landscape constantly changing and fines for data breaches growing, prompt detection and investigation of threats is more vital than ever. Automated tools like user behavior monitoring can help your team quickly spot suspicious activity, such as a spike in file downloads or failed logon attempts, so they can investigate and respond before it’s too late.

5.    Stay up to date on the threat landscape.

Hackers are constantly inventing new techniques to compromise your data. You need to monitor the threat landscape and inform your IT team about the newest security risks, like coronavirus-themed or layoff-related phishing scams. I suggest that you send regular emails about the latest attacks and arrange meetings to discuss how your team will address those threats.

6.    Assess your IT risks.

Thoroughly review your IT environment for security vulnerabilities, and determine which gaps you need to fix right now. Remember to repeat the IT risk assessment to assess the effectiveness of your mitigation actions. And since both your IT infrastructure and the threat landscape are constantly evolving, make IT risk assessment a recurring process.

About the Author

Ilia Sotnikov is an accomplished expert in cybersecurity and IT management. He is Vice President of Product Management at Netwrix, provider of a visibility platform for data security and risk mitigation in hybrid environments. Netwrix is based in Irvine, Calif.

Courtesy of Big Stock -- Copyright: MrMohock
Courtesy of BigStock.com -- Copyright: Bob Vector
Ransomware initiators are contracting with specialists of all kinds, opening up opportunities for talent from a variety of disciplines.