So, what should the foundation provide? The Verizon Data Breach Investigations Report (DBIR) offers a well-informed guide based on the analysis of thousands of information security incidents and data breaches.
- Unpatched vulnerabilities, malware and stolen or weak passwords. 88% 88%
- Hacking-related breaches involved stolen or weak passwords 81% 81%
- Externally initiated attacks 75% 75%
- Breaches that included malware 51% 51%
- Malware installed via malicious email attachments 66% 66%
It’s worth noting attackers don’t care if a network is compliant, has good privacy policies or lots of shiny new technologies. While those are important elements of a good security program, effective security programs need to be focused on mitigating actual attack methods in order to support compliance and privacy related initiatives, not the other way around.
With that said, here are six essential elements of a basic security foundation you can work on today:
- You can’t protect what you don’t know: Continually assess internet-facing networks, servers, applications, accounts, supplier/partner connections, cloud portals etc.
- Bad guys can’t exploit that which is not accessible: Reduce attack surface by eliminating as many ingress points as possible.
- Vulnerabilities are way more than operating system deep: Assess software and OS vulnerabilities, patch critical issues in days, not weeks.
- Credentials are king: Enforce multi-factor authentication for privileged accounts–domain, server, application, database and cloud admins.
- Cloud portal admin and access keys are the new domain admin: Protect them and think twice before integrating authentication because your Active Directory security is probably not as solid as you think.
- Endpoint security should be strengthened: Consider advanced endpoint protection with integrated cloud intelligence/learning across clients and servers.
This list is only a small subset of possible mitigation techniques that should be present in a successful security program. However, these steps will provide a strong foundation of defenses against the most common attack methods and help to greatly reduce the risk from the more advanced threats your network faces on a daily basis.