Turning security unknowns into your strongest defence

For business executives with many post-pandemic priorities, it is almost impossible to run anything if their IT systems go down. Some may ask why companies do not just patch their systems and render these problems over. However, things are seldom that simple.

Unless businesses have put in place a way to find and track their assets, this issue can quickly become a problem.

How many businesses know the number of routers, servers, or assets they have? If this answer is not obvious, it is more difficult to convey an accurate level of vulnerability to justify the required investment. 

Hence, it is important to set a base level of standards that guide the board and senior executives to be minimally conversant about cybersecurity risks and analysis of those metrics. This is fundamental to having the right conversations.

Taking a continuous process of asset discovery and deciphering the "known unknowns" and "known knowns" help to define a problem and fix it. 

WHAT WE KNOW HAS BEEN CAPTURED

Most of this type of security incidents are:

  • Denial of Service Attacks, in which a malicious entity targets a host server or network to render it unusable by the host's customer base
  • Malware that are designed to facilitate illegal online activities including viruses, works, or Trojans
  • Point of Sale intrusion attacks that target systems where payment-related information is stored, collected, and transmitted

WHAT WE REALISE WE DON'T KNOW

These "known unknowns" are frequently categorised as:

  • The "Privileged Few" that are known only to a small, private group - including governments, IT industry leaders, and cyber criminals - while the privileged few may be able to counter these attacks, most businesses may not be privy to these threats until it is too late
  • Cybersecurity and human behaviour, which are hard to predict with 100% accuracy, but arming the business with cybersecurity best practices and educating staff could offset many threats

INDICATORS OF COMPROMISE

The best defence against any security threats lies beyond any IT systems. Ensuring everyone in the business is familiar with the compromise indicators could help mitigation and remediation effort in the event of a cyberattack. Some main indicators look like:

  • Unfamiliar outbound network traffic - suspicious network connections may signal attackers are attempting to exfiltrate data from the business' systems
  • Geographic oddities - outbound traffic to regions where the business generally does not conduct formal transactions could indicate a system breach
  • Login anomalies - repeated login failures, unusual sign-in times, failed passwords or new privileged account creation and access could point to a system compromise
  • Database exfiltration - creation of compressed or encrypted files, data reads and HTTP response size spikes, abnormal file system, registry changes or any unfamiliar outbound network traffic could suggest attackers may have compromised the network
  • DDoS blitz play - could be a symptom of a larger attack to come, which is used to distract monitoring and alerting systems to go under the detection radar with malware

HOW DOES A CYBER RISK ASSESSMENT COME INTO PLAY?

Although many could have commonly interchanged the definition of "risks" and "vulnerabilities", differentiating the nuance is part of managing, controlling, and mitigating your security priorities. Vulnerabilities are resulting weaknesses from an unauthorised network exploitation. Cyber risks tie to the probability of a vulnerability being exploited.

Cyber risk assessments are used to identify, estimate, and prioritise risks according to business operations, assets, and individuals, resulting from the use of information systems. Its main purpose is to keep stakeholders informed and support proper responses to identified risks.

  • What are the critical information technology assets, which the data loss or exposure would have a major impact on business operations?
  • What are the key business processes that use or require this information?
  • Which threats could affect the ability of those functions to operate?

By working through this process, businesses will get a clearer idea of how operations and infrastructure could work better. A risk assessment policy is typically created to define what are the key steps to be performed periodically, how risk is addressed and mitigated, and how often the business must carry subsequent risk assessments.

Businesses approach assessments differently depending on their size and complexity. Some may have a dedicated IT team to assign and develop a thorough understanding of their data infrastructure and work in tandem with other teams to manage how information flow throughout the organisation. Smaller enterprises with limited bandwidth may need to employ additional resources to carry out a dedicated schedule of risk assessment.

For many businesses, cybersecurity is a full-time priority. We work with customers to help them adopt the best ICT practices into everything they do as well as ensuring compliance with industry security regulations. You can contact us or call 1300 HUON IT (486 648) to schedule a chat today.

Security & Networking