Page 72 - Cyber Warnings
P. 72

1. Make sure you have the in-house skills and capacity to properly implement security. If
not, train and or hire. You cannot fight a war without trained soldiers.
2. Once you decide to make your business secure, you must commit to producing and
executing a clear and effective security strategy. A security strategy is not what you
think you should do that is tactics, strategy is a comprehensive plan to become better
than you are.
3. Identify all the holes in your defenses and rate how well your current infrastructure can
handle them based on current and future threats.
4. Replace, or re-architect everything that is weak. Do not put vulnerabilities on the back
burner for a future budget. Explain to executive leadership, if they want to use
technology they need to do it securely. They really do not have a choice. Be frugal but
smart, cover all credible threats. and mitigate all risks.
5. Ensure processes and governance are in place to make sure management of the
security infrastructure is robust, tested regularly and has management controls to ensure
every element is carried out.

Will this be 100% secure? Absolutely not… but it will be drastically better than before and you
will be demonstrating your due diligence to the board, that you have made every effort to protect
the company brand, intellectual property and assets. Not to mention the company’s reputation.


Hire an expert to bring in methodology, teach your staff how to create and most importantly how
to successfully execute a security strategy. This is not just paper, but a process, organization,
budget, management, governance, auditing, continuous improvement and a lot of hard work.
1. Make sure all the basics are solid, tested and have no holes.
2. Deploy zero trust endpoint management for every endpoint on every device and for
every stakeholder. One approach is to make the edge ‘invisible’ to the rest of the
internet. To all illegitimate entities, protected applications and devices appear to be
disconnected. There is no way to fingerprint or breach a perimeter that is not visible.
Invisibility creates immunity against DoS attacks. Even high-end state sponsored
assaults are thwarted.
3. Deploy management of every stakeholder and enforce two-factor authentication for all
users, apps and servers. Using stakeholder management provides simple, instant, local
control and access to only secure connections, drastically improving the effectiveness of
the security infrastructure.
4. Deploy data protection for all data. Make sure all sensitive data is encrypted and that
tools are in place to control what can and cannot be exported from your company.
5. Make sure your anti malware has heuristics. Heuristics look for malware that has not yet
been identified and categorized. Make sure every device (including BYOD), inbound
email, all impoted data, USB, bluethooth, WiFi, nearfield, and Internet connection is
screened for malware. Screen all data that is imported into your company from

72 Cyber Warnings E-Magazine – March 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide

   67   68   69   70   71   72   73   74   75   76   77