Cybersecurity insights from industry experts.
Cyber Hygiene: A First Line of Defense Against Evolving CyberattacksCyber Hygiene: A First Line of Defense Against Evolving Cyberattacks
Back to basics is a good start, but too often security teams don't handle their deployment correctly. Here's how to avoid the common pitfalls.
September 25, 2023
Basic security hygiene is more impactful than you may realize. While industry headlines are often dominated by emerging tech and the latest software or hardware solutions, base-level security hygiene still protects against 98% of attacks. This includes measures such as applying zero-trust principles or keeping systems up to date with the latest security patches.
However, despite the promise of these basic security hygiene measures, many organizations still fail to use them properly. If we consider zero trust, for example, the "Microsoft Digital Defense Report 2022" found that 93% of ransomware recovery engagements revealed insufficient privilege access and lateral movement controls — contradicting the zero-trust principle of least-privilege access.
However, the good news is that it's never too late to implement basic security hygiene in your own organization. Keep reading for the top three elements of security hygiene you may be overlooking.
When enabled properly, multifactor authentication (MFA) is a significant deterrent for cybercriminals. Oftentimes, threat actors are focused on finding an easy target, so MFA helps to raise this barrier for entry by requiring criminals to know or crack more than one password or verification method. In fact, MFA has the ability to block 99.9% of account compromise attacks.
However, to be effective your MFA solution of choice must be as easy as possible for users. Possible frictionless MFA options include device biometrics or FIDO2-compliant factors, such as Feitan or Yubico security keys.
MFA should also be applied strategically to help protect sensitive data and critical systems. Rather than relying on MFA to secure every single interaction, organizations should opt for conditional access policies that trigger two-step verification based on risk detections, as well as pass-through authentication and single sign-on.
Extended detection and response (XDR) tools are critical for identifying and helping to automatically block threats, like malware attacks. It also helps provide timely insights to the security operations team so they can be more agile when responding to threats.
We recommend leaning into security automation by implementing sensors that automate, correlate, and connect findings before sending them to an analyst. The goal here is for the security operations analyst to have the relevant information needed to triage and respond to an alert quickly. Organizations can also focus on automating their alert prioritization systems, as well as any common administrative processes and security operations' workflows.
Defend against threats across all workloads by leveraging comprehensive prevention, detection, and response capabilities with integrated XDR and security information and event management (SIEM) capabilities. It's also important to be aware of any legacy systems you currently use, as they may lack security controls, such as antivirus and endpoint detection and response (EDR) solutions. Likewise, monitor your environment for adversaries disabling security. Threat groups have been known to clear security event logs and PowerShell operational logs as part of a larger attack chain.
Finally, you cannot implement sufficient protection for your organization unless you know where your important data is located and whether the right systems are implemented. This is especially critical in today's hybrid work environments, which require users to access data from multiple devices, apps, services, and geographic locations.
A defense-in-depth approach is one way to better fortify your data security to guard against data theft or leakage. When building this approach, make sure you have complete visibility of your entire data estate, including any on-premises, hybrid, or multicloud locations. You'll also need to label and classify your data correctly to understand how it's being accessed, stored, and shared.
Once that's done, focus on managing insider risk by examining the user context around data and how their activities may result in potential data security incidents. This should also include implementing proper access controls to help prevent the improper saving, storing, or printing of sensitive data.
Finally, data governance is shifting toward business teams becoming stewards of their own data. This means that organizations need a unified data governance approach across the entire enterprise. This kind of proactive life cycle management can help lead to better data security and democratization.
Cybersecurity may be a constant endeavor, but it doesn't always need to be complex. When implemented properly, simple security hygiene measures can go a long way toward hardening your overall security posture.
Read more about:Partner Perspectives
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023