Sunday, March 17, 2024

How To Conduct A Quick Cyber Assessment - 4 Golden Tips

 


Whenever a business is hit by a Cyberattack, the first priority of course is restore mission critical applications as quickly as possible.  Then from there it is all about dealing with the fallout from it, especially when it comes to facing customers and possibly law enforcement.  Then the last thing on your mind would be to conduct a detailed forensics investigation to examine what led to the breach, and how it can be avoided again.

But there is still a question that will linger in your mind”  “Who was the Cyberattacker that launched this variant against my business?”  While it is easier now to determine this when compared to the past, it is still a 50-50 proposition.  And in the end, you may even not think it’s worth it, because after all, if the Cyberattacker is in a foreign country, how will you bring them to justice?

In fact, this entire process that I have just portrayed is technically called “Attribution”.  More information about this can be seen at the link below:

https://www.darkreading.com/cyberattacks-data-breaches/how-to-identify-cyber-adversary-standards-of-proof

But maybe its time to take a step back now, and assess the chances of you becoming a victim.  I don’t mean that you have to follow a NIST or CISA based framework to the letter, but take a simple, real-world  approach to it.  Here are some tips to do this:

1)     Examine your own business:

Take a very close stock of your business model.  Take a close look at all of the digital and physical assets that you have, and then ask yourself this very basic question:  “What is it a potential Cyberattacker will go after?”  Of course, this will primarily depend upon what you have, but also keep in mind that a Cyberattacker will try to get access to something low on the totem pole in order to get to something much higher and valuable, like the database that holds the passwords of your employees and customers.  In other words, follow this quote:

               “Know your enemy and you will win a hundred battles; know yourself and you will win a     thousand."

               (SOURCE:  https://www.darkreading.com/cyberattacks-data-breaches/how-to-identify-cyber-   adversary-what-to-look-for)

2)     Your security tools:

This is a subject that I have written about before, on many occasions.  But in this instance, ask your IT Security team took a quick look at what you really have, then ask yourself these questions:

*How many brands come from just one vendor?

*How many come from multiple vendors?

*Is it possible to cut down on what I have and strategize?

*How much time does it take to make sure that each device is always optimized?

If your business still has the traditional Perimeter Defense model, then going after these security devices will be amongst the first choices for the Cyberattacker to go after.  After all, once they break through this, they can get access to just about anything.  But if you have the Zero Trust Security model, then this is entirely different.  But the bottom line here is that you want to consolidate all of your security tools, and deploy them in the most strategic areas.  And if possible, try to stick to just one or two vendors for all of this.  It will make it a lot easier for the IT Security team to manage, and will not have to parse through so many varying log output files.  The moral of the story here:  With too many tools, your attack surface is greatly increased!!!

3)     Timing:

Examine how long it takes you to actually detect and respond to a security breach.  Believe it or not, it takes a business an average of seven months to do this.  The metrics that reflect this are known as the “Mean Time To Detect” and the “Mean Time To Respond”, also known as “MTTD” and “MTTR”, respectively.  You will want to of course respond to a breach and contain as soon as possible.  But try also to set specific goals for yourself as well.  For example, it should take no longer that three hours to detect and contain a breach, should it ever happen.

4)     Examination:

Finally, take a look at your own IT and Network Infrastructure.  For instance, or are you still 100% On Prem, or in the Cloud, using something like the AWS or Microsoft Azure?  Or are you still using a Hybrid based approach?  If you are still On Prem, you are putting your business at grave risk, IMHO.  You are far better off going to a total, 100% Cloud based infrastructure.  At least with this, you will get, for the most part, all of the tools readily available to protect your infrastructure.

My Thoughts On This:

Finally, make some time to study the various methods that Cyberattackers have used in the past in order to launch their malicious payloads.  Most of this should be available online, especially from either NIST or CISA.  Finally, remember to take the above-mentioned steps from a holistic approach, and above all, be honest to yourself when you do this kind of informal assessment.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...