Building Cyber Resilience
It is no wonder that companies list cyber resilience high on their list of initiatives and look for action steps to become more prepared. According to Forbes.com, “the average cost of a cybercrime incident throughout the world is $7.7 million.(Hardekopf)” Another study by the Ponemon Institute and Hewlett-Packard Enterprise Security, mentioned, “Average annual losses to companies worldwide now exceed $9.5 million.(Phonemon) “
Instead of contemplating the odds of a cyber-incident, cyber-resilient organizations assume they will be attacked. It’s not a question of “if” but “when”.
Unlike cyber security, cyber-resilience is a holistic approach. It involves all levels of an organization and becomes part of the company culture. Being resilient doesn’t mean being immune. Your company’s ability to weather a storm, recover quickly and continue production is at the heart of resilience. It is important for enterprises to:
- Establish confidentiality, integrity, and availability of data.
- Administer mission critical infrastructures.
- Meet shareholders’ expectations.
- Responding to the global threat of cyber terrorism.
- Ensuring secure information sharing.
If the goal is cyber resilience here are some points that might be worth considering.
Incident Preparation and Awareness
- Regular password expiration, and login renewal (Secure Hash Algorithm 512 (SHA512) and shadow passwords).
- Applying threat analysis.
- Clout security and best practices.
Implementing firewalls, intrusion detection and other security tools are important but educating everyone on the correct use of the enterprise’s systems is just as paramount.
Implementing a user control policy
Control the number of privileged accounts for cloud storage or DBAs. Ensure these accounts are not used for high risk or daily user activities.
- Remove or disable all unneeded functionality from systems.
- Make use of data encryption software (Linux, Windows and Mac OS all have this capability).
- Automate software updates with Red Hat Ansible Automation.
Policies addressing removable media should be enforced to control the import and export of information (business travel, luncheons…etc). Where this is unavoidable, limit the types of media that can be used and information that can be transferred.
Protect the networks against attacks
Untrusted networks can expose systems to cyber-attacks. Protect data-at-rest using encryption. Guard your network addressing unused services and open ports. Other steps could be:
- Filter traffic by region and protocol to combat DDoS/DoS cyber-attacks.
- Use iptables firewall rules along with TCP Wrappers.
- Apply SSH connections and utilize sha256sum integrity checks on data transfers.
Detail your disaster recovery plan.
You want to go through your recovery plan with a fine tooth comb. Create a methodology that attacks every aspect of the incident. From mitigating the damage to putting a few Open Source tools in place to limit future attacks. Have a detailed approach for handling the incident in a plan that is usually separated into these phases:
- Immediate action to contain or stop the incident.
- Restoration of affected resources.
- Threat intelligence with a standards-compliant sharing platform.
Persistent strides for improvement
Since the threat landscape continues to increase, your enterprise should focus on strategic security tools that can specifically enhance risk protection. Additionally, several agencies still lack a comprehensive incident response plan that is enterprise-wide and addresses all cyber security risks.
In establishing a dependable Incident Response Plan, you might find the National Institute of Standards and Technology (NIST)’s Computer Security Incident Handling Guide helpful. It offers NIST recommendations on the correct procedure for identification, detection, response and remediation of threats.
Building a cyber resilience should be at the forefront of most organizations. It’s not an issue of will a cyber-attack happen, but when it will happen. Managing threats and protecting your data while remaining productive and meeting stakeholder expectations should be the highest priority. This article only highlights a few areas. I would recommend skimming over Red Hat’s security guide and the abstract by OpenStack on securing OpenStack cloud. The advice is pretty sound regardless of what platforms businesses may currently have in place.