Closing Cybersecurity Gaps

Quite a few articles over the past week talk specifically about Russia & Ukraine and cyberterrorism, but instead I will focus more on what should be done to handle many of the security gaps US companies face.  Here's some areas of concern to focus on if you're feeling a bit overwhelmed by all of the cyberterrorism news.

Schedule Patching Today

If you haven't patched recently, spend the time going through your critical software and verify the latest patches are installed.  If they aren't, schedule it.  Start the process by deploying to your test group, but push forward the notion that it needs to happen ASAP.  There are a multitude of vulnerabilities from all kinds of vendors to consider, here's a few compilation sites:

Just to name a few.  Consider checking for zero day vulnerabilities frequently over the next several weeks, add a daily check to make sure there aren't any large vulnerabilities that may impact your organization, as these will be the first points of attack against your organization.

Additionally, make sure that any known vulnerabilities in your security technologies are also patched, as they may cover vulnerabilities vendors are slow to patch.

Closely Watch Remote Monitoring & Management (RMM) Solutions

Everyone knows RMM Technologies can be critical in guaranteeing patches are updated, and that IT issues handled, but after the events of the Kaseya Hack & SolarWinds Hack it is ever more important to realize that Cyberterrorists know to target these tools to hit a large variety of organizations.

The best way to keep an eye on these tools is twofold:

  • Verify that they are only doing what you have allowed them to do, monitor when they take actions and keep a close review over the activities they take.
  • Only give the credentials they need to do the tasks, and control access to the tools to only those who absolutely need it.

The best way to handle this kind of "keeping an eye on things" mentality would be to use an MDR solution... which leads to the next point...

Not all MDR / EDR Solutions are the Same!

In today's world you need 24/7 security coverage of some kind.  Be it a staffed employee, a service, or a fully staffed 24/7 security operations center (SOC),  companies are investing in log aggregation tools or services to track security events and look for outliers that could be indicators of compromise.

Consider this situation: If you have a security threat, do you want a pager or a cell phone?

Many MDR or EDR solutions offer you knowledge that an event happened, and that you can find out more by "logging in" or accessing the platform.  Sometimes, that alert simply is telling you that you're going to have a bad time in the next few minutes when that breach turns into an outage.  It is like a pager telling you someone wants your attention.

Compare this to having an MDR solution that gives you more actionable capabilities.  London Security offers a solution that allows for actions to be taken on events that are categorized a certain way, by human beings rather than fully automated solutions that find tons of false positives.  It is has the capability to not just get a call, but also be able to answer it immediately in real time.

This is  a game changer for handling security events, and I recommend reaching out to us regarding it today, especially if you want to verify your current security set up.

Verify your current Cybersecurity's Effectiveness

I am constantly told by companies that they don't have to worry about any specific security threat because they have X or Y Solutions, and those specifically protect them from those events.  Further, I am unsurprised when I hear a call back from them telling me that those security solutions did NOT prevent a specific security threat or risk because they did not deploy them properly, or test out the efficacy of the technology in the face of an audit or real security risk.

If you haven't had an audit, or done London Security's Ransomware Risk Assessment (Where we work with you to test out what a ransomware outbreak would look like within your company), I recommend reaching out to us today.  Our timeslots are filling quickly for this month, and I recommend contacting us today if you are interested.

You simply don't know how your security precautions will work unless you've tested them against a credible threat, and that is something our Ransomware Risk Assessment has helped businesses realize their risks and cover them prior to an actual infection.

Finally you should...

Review / Build out a Security Response Plan

What happens if your systems are compromised? What do you do next?  Do you have a quick response plan that has been tested and can be implemented quickly in case of a crisis?  These are incredibly important to build out and have in case of a Ransomware Attack, or any kind of security related outage.

Verifying what needs to be done in order to get back to operational as quickly as possible before the outage occurs is going to be immensely helpful, especially knowing that current cyberterrorism activities mean it is all the more likely to have need of such a plan.

A basic plan should include:

  • What constitutes an outage, and what actions should be taken immediately.
  • Who to contact / what resources to utilize in case of an outage or security breach?
  • What data is integral to the course of your business, and how can you verify the data has not been compromised ASAP.
  • What are the required steps to verify that the breach has been resolved?
  • Key players / stakeholders that need to be contacted, and in what order in the case of a breach - and preparing what emails get sent prior to the event can save critical minutes & seconds when a security event has occurred.