The Base Formula for Preventing Cyber Security Incidents
The Australian Cyber Security Centre (ACSC) is an Australian Government intelligence and security agency who provides advice and assistance on information and cyber security. They outlined the Essential Strategies to alleviate potential security incidents, applicable to businesses large and small. We propose the following four as a baseline for your security architecture.
1. Application whitelisting
Application whitelisting is the first of the essential strategies recommended by the ACSC, it is important and necessary. This ensures that only approved applications needed by your business, based on user roles, are able to run. DriveLock provides Application Control with predictive whitelisting to protect your organisation against zero-day vulnerabilities, ransomware and to ensure that no malicious or unapproved applications will be executed.
With application whitelisting, you create a list of trusted entities (applications, software libraries, scripts) that are allowed to access a system or network and block everything else.
It is based on a zero trust principle, which essentially denies everything and only allows what is necessary. From a security point of view it makes more sense, first of all to forbid everything and then to allow specific applications and scripts. If only authorised software may be executed, the chances of malware entering the system takes over, minimises.
2. Multi-factor authentication (MFA)
Microsoft reports that 99.9% of attacks can be prevented with MFA. MFA is essential for organisations to protect themselves from unauthorised access to company data. Cybercriminals often aim to steal administrative credentials in order to have easy access to your network and further exploit sensitive information without necessarily being caught. When MFA is effectively implemented, it becomes much more difficult for hackers to abstract your credentials, as they will need the added physical access to a token or smartcard. DriveLock SmartCards offers a secure, cost-efficient approach to MFA without the need to rely on a manufacturer. The extra layers of security, such as a password or pin, a smart card and biometry, mean it will be highly unlikely for unauthorised users to access critical data.
3. Restrict administrative privileges
The U.K. reports that a significant 90% of data breaches are due to human error (CybSafe analysis of data from the UK Information Commissioner's Office). PurpleSec, a data security company, reports 48% of data breaches in the U.S. are due to malicious attacks, whilst human error or system failure account for the rest. The Office of Australian Information Commissioner (OAIC) also released a Notifiable Data Breaches Report which indicates 32% of breaches are due to human error. In total, the number of cases reported increased by 15% from previous months.
The health sector is the biggest victim of data breaches, with 43% caused by human error. The finance sector reports the second-highest number of breaches, with education, legal, accounting and management services closely following.
Whilst the percentage of human error varies in different countries, they account for a significant number of breaches and there is never a better time than now to tackle this issue. Social engineering continues to prey on negligent employees, this is especially troubling for employees with administrative privileges. With DriveLock, access to systems will require validation and security controls are run to prevent users from accessing applications that are not required for the employee to perform their duties.
DriveLock also provides Security Education training for employees with easy-access and engaging modules to develop security awareness in your workplace.
4. Daily backups
Backups are one of the most important security controls recommended by officials in order to be prepared in the event of ransomware. 93% of companies that lost their data for 10 days or more, filed for bankruptcy within a year of the incident (National Archives & Records Administration in Washington). Backing up of important data, software and configuration settings is crucial in the event of an incident. The best strategies for backups are: keeping the data on-premise and the cloud, encrypting any data in transit and performing these backups daily. By having your information stored in multiple locations, you can safeguard against human error, protect against hackers, foster strong security practices in your organisation and ultimately prevent the loss of data.