The security industry has observed an increase in the frequency and severity of malicious activity targeting businesses across a wide variety of industries, and a recent study from Iomart showed that the number of breaches increased by 273 percent, compared to the same period last year.
More than ever, it’s less a matter of if than when your organization will suffer a breach.
Proactively evaluating and improving your existing cybersecurity strategy based on a comprehensive approach across pre-breach and post-breach risks can significantly reduce your likelihood of being affected by cybercrime.
Here are 8 data security best practices that can significantly reduce the likelihood of a successful attack and minimize the impact of those that are successful.
[Related Reading: How to Perform a Cybersecurity Risk Assessment]
Security best practices that reduce the likelihood of a successful attack
1. Identity & Access Management (IAM)
Effective IAM reduces security risk by limiting resource access to the right individuals, at the right time, for the right reasons. Core components of robust identity and access management include a strict password policy, multi-factor authentication, granting least privilege, and managing permissions within groups. The harm that can come from not performing effective IAM is the wrong people getting privileged access to assets and placing company data at serious risk.
One example is the Twitter hack that took place earlier this year. It appeared that some of the world’s most notable public figures tweeted out bitcoin scam links. While it looks as if somebody tricked an employee into supplying administrative tools, strict IAM processes might still have prevented the attack.
2. Vulnerability Scanning
It’s no secret that running regular vulnerability scans is vital to maintaining your security and compliance posture. Still, many organizations fail to realize that effective vulnerability scanning involves more than just installing vulnerability scanning software and running it. For vulnerability scanning to serve its purpose, the scan must effectively collect and distribute the information needed to improve your security posture.
When neglected, the resulting exposure puts an enterprise at risk of often-avoidable attacks. TechBeacon reports that per a 2019 Forrester Research survey, 42 percent of organizations that had experienced an external attack blamed the incident on a software security flaw, and 35 percent said it had resulted from bugs in a web application.
3. Patch Management
Since most attacks rely on known vulnerabilities, you can avoid security breaches if you regularly apply patches. The best way to handle this is with an automated patch management system, allowing you to quickly and easily apply emergency patches if you find a zero-day exploit.
Neglecting patch management for any length of time opens the door to attacks the longer it goes on. The worldwide WannaCry ransomware attack of May 2017 took advantage of companies that had not applied patches that had already been released—patches that would have prevented the attack.
Organizations must take a risk-based approach to patch management, focusing on those assets that present the most risk rather than the easiest to patch for availability or compatibility reasons.
4. Secure Coding
Vulnerable web applications are the #1 attack vector in the cloud. According to TechBeacon, in January and February 2020 alone, an average web application would be attacked 20,000 times.
Thorough adoption of secure coding best practices such as input validation, output encoding, and cryptography into your software development lifecycle (SDLC) is an effective way to mitigate the risk of a web application attack. Click here to view OWASP’s Secure Coding Practices Quick Reference Guide.
5. Endpoint Security
Some IT teams focus solely on network security solutions while neglecting their endpoints or leaving their protection to simple anti-virus solutions. As remote employees and bring-your-own-device (BYOD) policies continue to become increasingly common, endpoint security is more critical than ever. RiskIQ’s 2020 “Evil Internet Minute” security intelligence report revealed that every endpoint connected to the internet faces 1.5 attacks per minute.
IT teams should ensure that security monitoring detects end-user attacks and supplement traditional anti-virus with next-generation malware solutions and file integrity monitoring (FIM).
6. 24×7 Security Monitoring
Many organizations adopt a security monitoring solution without ensuring that the solution collects and analyzes the right data. This can vary depending on system-level auditing capabilities, network traffic monitoring tools, and logging capabilities, among other factors.
Effective security monitoring is also dependent on the continuous attention of a dedicated team of experienced SOC (Security Operations Center) analysts. A SOC correctly identifies, analyzes, investigates, communicates, and reports upon any IT security threat.
The rapidity of response to attacks can make or break that attack’s effect upon an organization. The teams within a SOC will provide a greater speed of attack identification and remediation, mitigating attacks before damage is caused. According to TechBeacon, only 20 percent of respondents to a 2019 survey of over 250 security operations practitioners described their organizations as having a mature security operations capability. The remaining 80 percent stated they were just getting started.
7. Incident Response
Proactively developing an organized approach to incident response can go a long way to limit damage and reduce recovery time when a breach occurs. Time is critical when disaster strikes, so running test drills using simulated attacks can help refine your incident response plan and determine how much time and manpower will be needed to address various scenarios.
TechBeacon reports that, according to a survey of security professionals at Black Hat USA 2019, 65 percent of security pros expect to be responding to a major breach in the next year. This is up from the previous year’s figure of 59 percent. It certainly pays to be ready.
8. Threat Intelligence
Keeping up with the latest threats can go a long way in helping your organization secure. Free online resources such as CVE, a dictionary of known vulnerabilities; Full Disclosure, a public vulnerability discussion forum; and BugTracker, an open-source issue-tracking application, can help your IT team stay ahead of the game.
Threat intelligence can be cost-effective when you realize that the average cost of a data breach, as of 2019, is $3.92 million.
Even when all these practices are in place, after responding to a security vulnerability or data breach, it’s essential to take a step back and reflect on lessons learned. What went right? What went wrong? Conducting a thorough postmortem and refining your incident response plan will help your team be better prepared for the next vulnerability or breach.
If you’d like to learn more about how Alert Logic can help you achieve a better security posture, you can watch our 6 minute introductory demo video here.