Cybersecurity has finally been elevated to a "standard" in the business world. A business of ANY size needs to have a cybersecurity as part of their basic business planning checklist. This is especially important for businesses that are in the 50-500 employee size range, as these groups often are utilizing processes, and tools that have not been reviewed since they were much smaller.
First, let's start with what MUST be in place for a business of any size. The list below should be considered basic business functionality, much like having Internet and email connectivity. If these aren't in place, stop reading right now, go address it, and then come back to finish the article!
- A Firewall
Firewalls are required for any business that is connected to the Internet. They provide a much needed layer of defense against network-based attacks. The issue is that firewalls are only stopping the most basic attacks and are in need of constant updating (by the vendors) to keep up with the threat landscape. The attackers today are all expecting their to be a firewall, so cannot be your key cybersecurity defense
- Anti-virus software
Similar to firewalls, everyone needs this, but the bad guys are expecting it. This is usually the last line of defense against attacks, so if this is in play several other areas have already be defeated.
Passwords are no longer a secure method to protect access to your technology. It does not matter that you have complexity, 90 day rotation, and length requirements enforced, they will be hacked at some point. This is especially true for web and application based services where the password travels over the Internet.
Here are three cybersecurity standards that most businesses are missing today
1. Multi-factor authentication
This cannot be stressed enough. Anytime you are utilizing a password you should enable MFA as part of securing access to the resource. Not all services or applications implement this yet, but they will! Make this part of your new vendor/application selection process as well, no MFA, then be skeptical of using the technology.
2. Single Sign On (SSO)
This allows applications to utilize a third party to provide authentication services. This approach reduces the passwords users are required to manage and enables the ability to quickly turn off access in the event of a breach. Whatever SSO provider you utilize MUST also be using MFA, otherwise you are opening the door for an easy password attack that will compromise more than just one system.
Using Microsoft Azure Active Directory for SSO is a Standard that we have been deploying for several years. The number of applications able to connect to this is increasing daily, and it really does improve both the user experience and security of your technology.
3. Threat Detection and ALERTING
More than once the firewall logs clearly showed when the attacker obtained access to the system, but it was weeks before the breach was discovered. The issue is reviewing and process the volume of log data in today's environments is not scalable. There needs to be an INTELLIGENT threat detection and ALERTING layer over all your firewall and application logs. Once this is in place you can stay ahead of potential breaches and also focus your efforts on those areas you know have an issue. Looking for a needle in the hay stack won't work!
Cybersecurity standards will be key as we transition to a cloud and app first world. A data breach is now far worse than a physical office break-in, and more costly. Make sure that your business has the right partner in place to ensure cybersecurity standards are in place BEFORE an event occurs.
The advent of AI and machine learning will increase the capabilities in this area rapidly over the next several years. The same technologies are employed by the bad guys, so stay vigilante!