Click for more special coverage
The 20th anniversary of Cybersecurity Awareness Month (CSAM) marks a major milestone in the initiative’s running and offers organizations the perfect moment to reflect on their cybersecurity practices. In today’s threat landscape, where cyberattacks can feel like a never-ending game of hide-and-seek, it’s a good time to refresh on the basics. And that’s what this year’s CSAM theme focuses on: foundational cybersecurity practices.
But in addition to foundational security, innovative security leaders will also look for ways to go above and beyond, and so with CSAM, we’re at an ideal moment to think about how to go that extra mile.
Back to basics
CSAM 2023 spotlights four core security behaviors:
- Use strong passwords and a password manager. Strong passwords are a first line of defense, and using a dedicated password manager, preferably a premium security service rather than a free, browser-based option, can help employees securely and efficiently keep track of them. It also helps prevent the reuse of passwords—a standard but often ignored piece of advice.
- Enable multi-factor authentication. MFA offers an extra layer of security, so that when a hacker obtains a user’s login credentials, they are blocked by a second factor of authentication. Security teams should enable MFA across all user accounts and access points. But keep user experience in mind when considering authentication factors. MFA products that integrate directly with the IT infrastructure, for example, are ideal for balancing security and convenience.
- Update software. Outdated software can expose vulnerabilities that create open doors for attackers to access the corporate network. Take advantage of automatic software updates, or else periodically check your vendors’ websites for update schedules, and make sure updates are downloaded directly from the vendor.
- Recognize and report phishing. Security awareness training ensures that employees can recognize the telltale signs of a phishing attack. Incorporate training into the onboarding process for all new employees, revisit it regularly for current employees every four to six months, and automate it with security training tools.
These four behaviors aren’t anything new, but they are absolutely critical — the bare minimum — that organizations should adopt to ensure basic cybersecurity hygiene.
Go the extra mile
Most organizations with an experienced IT team are familiar with executing these behaviors. So what’s next? For modern security teams that have checked the boxes on these practices but continue to grapple with sophisticated threats, there are opportunities to develop more advanced cybersecurity practices, including:
- Tap AI to enhance security. Security awareness training programs are intended to help employees spot the key characteristics of a phishing attack, like spelling and grammar mistakes, or common tropes like the classic CEO gift card scam. But what about an email that appears sent from HR about employee benefit updates, requesting personal information? Or an email impersonating an attorney, requesting an overdue invoice, from a legitimate law firm that the organization works with? Email attacks are becoming increasingly difficult to detect, especially as more cybercriminals begin to weaponize generative AI to craft unique and personalized messages that no longer include the telltale grammar and syntax mistakes of the past. Security awareness training is no longer enough and now should get supplemented with advanced technology. Instead of relying on looking for known indicators of compromise, products that leverage behavioral data science and AI can profile and baseline good behavior to detect anomalies—even among socially-engineered emails that appear highly legitimate.
- Limit the attack surface. To prepare for instances where a threat actor successfully infiltrates the network, organizations should implement measures that can limit their ability to move laterally, access data, or launch additional attacks once inside. MFA and password management can help with this by preventing credential stuffing, but security teams should can also:
- Implement least privilege management, granting employees access to only the specific data, software and resources required to do their job.
- Lock down side doors created by third-party applications. With endless email plug-ins for third-party apps, having visibility into the permissions, privileges, and configurations those apps have will be key. This will prevent a situation where, for instance, a compromised Slack account becomes a stepping stone to an Microsoft 365 account takeover.
- Understand the full risk level by using a solution that highlights when user accounts have gained new admin privileges, when a user has bypassed MFA, or when new applications are installed with high-risk permissions.
- Create an incident response plan. In case the business does become the target of an attack, companies need a good incident response plan to minimize the effects. Important components should include the following:
- Designate an incident response planning team. These are usually composed of IT and security professionals, with a communication plan that keeps all members informed and allows them to easily collaborate.
- Classify the type and extent of the incident. Having a comprehensive understanding of an attack allows for rapid response according to your pre-planned incident response plan.
- Inform affected individuals and vendors. This should include detailed instructions on how to respond to the attack, as well as assistance in recovering data or credentials.
- Conduct a thorough investigation and collect evidence for future examination. This includes system logs and audit trails, as well as screenshots of suspicious emails or webpages.
- Mitigate future risks. Do this by blocking the attack’s origins (IP addresses, email addresses, server geographies, and domains), and executing recovery measures that prompt reviews and updates to current policies and assess the need for additional tools.
Security organizations need to make cybersecurity awareness an ongoing initiative. Think of this October as a special opportunity to draw particular attention to behaviors, tools and resources that secure the digital environment. Review and improve foundational security practices, but don’t stop there. Cybersecurity strategy needs to evolve in kind with the threat landscape, and there’s no better time than now to get started.
Mike Britton, chief information security officer, Abnormal Security