Building up a robust security department and having a strong security posture doesn’t happen overnight. Between ever-evolving threats, new vulnerabilities, increasing attack surfaces, and resource management, a cybersecurity leader has quite the hill to climb to ensure their organization is properly protected.
Among their many responsibilities, a cybersecurity leader needs to:
- Assessing their companies risk exposure, attack surface, and likelihood of compromise
- Identify which threats are critical to defense and plan against.
- Create a roadmap and comprehensive cybersecurity strategy
- Prioritize and balance budgets, staffing, and productivity with security and risk management
The key priority here is to ensure you’re reducing the risk of a compromise and protecting your organization from common attacks. We’ve put together a list of must-have fundamentals that provide the most impact to your cybersecurity as you’re building out your cybersecurity department.
Two-factor authentication (2FA, also known as MFA)
Why: Passwords simply don’t work as well anymore for a number of reasons. Due to the hundreds of data breaches that have exposed a combined XXX of email and password combinations, STAT hackers have two very important data points.
- A huge trove of passwords, which let them know which are the most common passwords used.
- Email and password combinations that they can use across a number of different services.
This wouldn’t necessarily be a problem but unfortunately, password reuse is quite high, meaning using email/password combinations across different accounts is likely to work. Most people also don’t use complicated passwords. For too many years in a row, passwords like “123456” and “qwerty” have been reported to be among the most common. With this knowledge, hackers can brute force their way into accounts by uploading a list of most-used passwords alongside email and password combinations.
Two-factor authentication adds another layer of security in addition to a password. This is best exemplified by an account sending a code or prompt to the account holder’s email or phone number to complete the authentication process. Other forms could include biometric authentication, an authenticator app, or a hardware key.
2FA is one of the most effective tools available to your organization. A study from Google found that SMS 2FA (the easiest to implement) blocked 100% of automated bot attacks and 96% of bulk phishing attacks. More secure forms of 2FA can block even more advanced attacks.
Your move: Implement 2FA as widely as possible and consider making it mandatory for critical account types.
Antivirus (AV), firewall, and spam filter solutions
Why: Depending on your network and infrastructure, you may have some AV or firewall solutions available to you. Windows Defender and Office 365 (check) are often your best bet and do a basic job of filtering out attackers who are trying to get into your network via known methods or unsophisticated ways, deploying known malware, adware, or ransomware pop ups, or trying to compromise your company via phishing.
These tools are easy to set up and provide a minimum layer of security that also minimizes your chance of being infected in case an absent-minded employee clicks on a malicious email or downloads a malicious attachment. By eliminating the emails or preventing the software from running, you’re drastically reducing your chances or getting hit.
Your move: See which tools you can readily use and identify gaps or areas where more advanced tools are needed.
Asset visibility and monitoring tools
Why: You can’t protect what you can’t see and with organizations expanding their attack surface, footprint, and third party ecosystem, it’s never been more important to account for all your endpoints, devices, access points, vendors, tools, and software.
Asset visibility and monitoring tools help you see your company’s attack surface while monitoring behavior and activity. This can alert you to any compromise on a device or network, flag sketchy or irregular behavior that could be an indicator of an attacker or insider threat, and prevent shadow IT from increasing your risk exposure without your knowledge.
Your move: Look for asset visibility/network monitoring tools tailored to your type of company and environment and set-up a process so you’re aware of anything that interacts with your network or environment, whether they’re new devices, vendors, software, or tools.
Endpoint Detection and Response (EDR) tool
Why: A cybersecurity leader’s job isn’t to prevent a breach, it’s to minimize the damage in case of a breach while working to reduce the likelihood the company does suffer a compromise. It’s a subtle distinction but it means you’re not just focused purely on prevention. You’re also focused on:
- Detection: this alerts you to any compromise, allowing you to react and respond appropriately.
- Identification: Knowing what threat is affecting your organization and which vulnerability was exploited can help you prevent the next attack.
- Response: Your capability to respond quickly and effectively can reduce the amount of damage an attack can do.
- Recovery: If a compromise impacts your ability to serve your customers, it’s your responsibility to get back to business as usual as soon as possible.
Your move: A tool like an endpoint detection and response (EDR) tool covers a variety of these various parameters, allowing you to know if you’ve been compromised and how it happened so you can respond and recover quickly. As you continue to build out your security department, you can consider more advanced tools like an XDR (extended detection and response) which goes beyond just endpoints. XDR extends the endpoint-based threat detection capabilities of a traditional EDR by incorporating network incidents (XDR) to successfully counter advanced threats no matter where they emerge in the infrastructure.
A strong cybersecurity posture includes tools and processes
These tools will help provide foundational security that will defend against many of the common attacks most organizations face on a constant basis. But tools only go so far and you may not be able to secure the budget you need, especially if you’re just building out a security department and program.
Your best for a secure, proactive security posture is to combine effective tools and solutions, leverage key cybersecurity partners if needed, create and stick to a roadmap that outlines additional advanced tools and protections, and ensure you have the right policies and processes in place so your own employees or environments aren’t exposing you to unnecessary risk. It’ll take some time, but thinking ahead and planning out goals six, twelve, and eighteen months from now will pay off.
See if XDR solutions are the right fit for you.