Page 72 - Cyber Defense eMagazine for September 2020
P. 72
“Second, we need the Secure Internet – automated collective defence must be built into the network, so
that the Internet ecosystem can react as the body does, recognizing infections and fighting them off. We
must build Internet Immunity.”
Back to basics
Of course, while the industry calls for standards to be developed and the security of devices to be
improved, businesses who want to use connected devices without compromising cyber security shouldn’t
be alarmed. Like the approach some of the larger tech and telcos companies are taking, businesses of
all sizes can put in place simple, organisation-wide preventative measures to minimise risk to their
businesses as well as solutions to help them identify and respond quickly to threats.
Rather than neglecting your core network and putting the focus just on to connected devices, you should
seek to improve the security of your network holistically as a weakness in one part can of course impact
the rest. To minimise your attack surface and prevent adversarial intrusion by hardening your network,
businesses should not underestimate the power of good cyber hygiene. A study by the Online Trust
Alliance (OTA) estimated that 93% of cyber security incidents – large and small – could have been
avoided if the business in question had basic cyber hygiene practices in place.
In short, cyber hygiene is the continuous cycle of carrying out routine checks on an organisation’s
network, endpoints and applications to identify and fix any network vulnerabilities, protect against cyber
threats and maintain online security. Best practice such as deleting old user accounts, firm-wide policies
on access and passwords, back up of data, securing physical and cloud databases, checking routers and
networks, might seem obvious, but keeping on top of the basics really is the key to cyber hygiene and
minimising the risks associated with security breaches.
Time for change?
Many organisations let basic cyber hygiene practices slip through lack of time and resource, not due to
absence of expertise. Indeed, over the last decade many new risk management frameworks have been
introduced to combat this; for example, in 2014 in the US, the Federal Government introduced its best
practice DHS CDM, or ‘Continuous Diagnostics & Mitigation’ program.
To comply with this framework, agencies are expected to audit their entire enterprise every three days.
In practical terms, if you had 500 devices connected to your network, you’d be carrying out nearly 61,000
audits every year. For a bigger organisation with 25,000 devices, that’d be over 3 million vulnerability
audits every year. Even if you’re not aiming for CDM levels of network security, with the number of core
network devices increasing across organisations, it’s not a problem that can be fixed by simply solving
the shortage of skilled cyber security professionals in the industry.
Then add to this the need for resources dedicated resources to analyse the threat intelligence needed
for effective threat detection and response – and the scale of the cyber security challenge is laid bare.
Cyber Defense eMagazine – September 2020 Edition 72
Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.
