How to minimize cybersecurity breaches in 2020

How to minimize cybersecurity breaches in 2020
Davitt Potter
Read More From Davitt Potter
April 8, 2020 | 9 Min Read

Seriously, don’t click back or close – I promise it’s not another one of those “buy all the newest stuff from X, Y, and Z!”  Give me a minute or ten to share my thoughts on minimizing cybersecurity breaches in 2020 – it will be worth it.

‘Cybersecurity Breach’ is probably the most overused scare tactic, massively searched term, and the entire reason that RSA Conference even exists today (OK, not quite, but … yeah.  It’s up there).

“You’ve been breached”, “you’re going to be breached”, “it’s not if, it’s when”, etc., etc., etc.  I know you’ve all heard it.  Heck, we’ve all SAID it.

The goal is simple:  Zero breaches/hacks/incidents.  And the reality is:  It’s not going to happen.

Spoiler alert:  There is no single pane of glass. There are no magic bullets.  There isn’t one product that will do all your systems management, updates, and alerting for you.  Contrary to what some would have you believe, no single vendor has all the products to do it, either.

That said, there are some tried-and-true methodologies, best practices, and tools that can reduce your online exposure and help minimize the likelihood of a cybersecurity breach (aka you having a Really Bad Day™).

The better news?  You already very likely have several tools at your disposal to mitigate a large amount of your pain.  Let’s get after it.

 

8 Ways to Minimize Cybersecurity Breaches

  1. Document All the Things
    Do you have a comprehensive picture of your organization’s network and systems?  Do you know what systems are exposed to the Internet?  Do you have current inventory, current systems management tools, and the results of your last audit or penetration test?Use internal tools, open source tools, Shodan, or whatever tools you have; get the right tools to get the information about your network – internal and external.  Map the branch offices.  Do you know what cloud services you’re currently using?  Do you know all your egress points?  Are you aware of all the “Shadow IT” services that are in use?  Even some of them?  Start there; it’s a good place to get a better picture and begin to prioritize your list of “to-dos”.  While my next point is still valid, getting a feel for how important/exposed systems are is a good place.  IT staff rotates through, and invariably, something is missed.Selfish plug: If you’re looking for help with visibility into your external exposure, check out our SearchLight solution.

 

  1. Patch All the Things
    Seriously, why is this even a conversation anymore?  We’ve got decades-old, totally ridiculous vulnerabilities that are still being exploited because people aren’t patching their systems.  Do it.  I know – it’s not sexy, it’s not the cool stuff, and it’s difficult, because you have to plan around change control, talk to software vendors, or potentially (gasp!) upgrade systems.  Sure, that sucks.  Buuuuut – how bad is it going to be when you tell the Powers That Be that a 10-year-old patch you didn’t apply is why the company is being asked for a ransom payment?  Probably more expensive, too.

 

  1. Isolate (Some) of the Things
    OK, now some of you just fired up your email to tell me why I’m wrong.  And I get it – in some cases, you cannot patch due to a valid issue.  The software developer is gone, no support from the OEM, and it runs a critical production system that absolutely cannot be replaced or updated anymore.  I do understand and know they’re out there.  So now is the time to treat them like the pariahs they are.  Isolate them.  Put them on their own little virtual island.  It may necessitate some networking magic, or some enhanced security functions.  Microsegmentation is now far easier to implement, as are virtual firewalls that can provide another layer of defense.  Best case?  Use them both.  Isolate network segments to only the comms that unpatchable/legacy systems use.  Consider a DMZ-type scenario if possible; isolate those machines to a VLAN/network with limited access, and only to the systems they need.

 

  1. Complete All The Projects!
    Fun (scary) facts(1,2,3):
  • 80% of all L7 firewalls are currently deployed in port/protocol mode. They are not deployed to take advantage of their fancy “Next Gen” features.
  • Very little egress filtering is done at the firewall
  • DLP installations are using factory rulesets (SSN, Credit Card #), and are not updated frequently.
    • DLP fingerprinting is outdated; companies are not updating DLP with latest templates/file hashes
  • 50% of enterprise SIEMs are collecting less than 30% of their organization’s logs
  • 47% of EDR/MDR endpoints are acting as glorified A/V agents
  • Many organizations do not collect network logs (SNMP, Netflow) from devices outside a core switch/location
  • Most organizations (>60%) are not collecting log data from their cloud instances, OR log collection is local to the cloud provider, and is not correlated with on-prem SIEM data.

OK, fine.  So what?  Where do I start, right?

If you’ve Documented All the Things and Patched All the Things, you should have an idea where to start.  In some cases, finishing the L7 deployment of your firewall will help immensely with understanding and controlling application traffic.  Consider implementing DLP policies that watch at first, without an explicit block/drop rule.  Look into transparent proxies or ICAP proxies – if a user can manually bypass a proxy, they will.

Consider “always-on” VPNs for remote users.  While less efficient, consider disabling split-tunneling on VPNs, to allow a central control policy/enforcement.  SDP is also becoming more user-friendly and feasible to deploy.

Enable log collection from more devices.  Servers – of course.  Network devices – yes.  Workstations?  It depends; I would say yes in most cases, but filter & collect the relevant logs, not just “Log All The Events”.

 

  1. Train All the People!
    We continue to talk about the ‘technical debt’ of our organizations, and the lack of cybersecurity skills in our industry.  We also expect our users to be security experts – or at the least, security savvy.What usually happens:  companies do a yearly internal phishing campaign, and then send a link to the people who fell for it.  We send a reminder out to the entire organization about ‘how to be secure online’, which is promptly opened, quickly scanned, and then deleted, to be forgotten.Our industry is interesting in that we insist on our users being responsible for something that should be inherent in their jobs.  Employees were hired to be accountants, paralegals, attorneys, and doctors – not to be IT security practitioners.What needs to change?  Training needs to be simpler.  Ongoing and easy-to-understand ‘best practices’ and ‘what to do if’ type modules.  End-users do NOT care about DFIR, Threat Hunting, or exploits and 0days.  They just want to do their job.  Don’t assume people are as keen on this as we are.

 

  1. Automate All The Things!
    Yeah, OK.  Super big buzzword bullet point.  But hold up – OK, maybe not automate all the things, but automation is definitely also here in a big way.  Simple tasks, repetitive tasks (opening a ticket, updating lists to firewalls, IDS, EDR, etc.), or even workflow that requires an input but is mostly click-driven – these should be looked at for both speed of completion as well as consistent response.  Removing the human error element can reduce exposure.  Automation also has the knock-on effect of freeing up human cycles for meaningful work (like all of the above bullet points…).However…  You must learn to let go.  Where automation breaks is the insistence on monitoring automated flows and never fully turning them loose.  This means lots of testing, and lots of process documentation and potential workflow changes.  Document it, record the flow, play it back.  Test it with several different use cases.  But do look at where you can eliminate the boring and repetitive items that lead to easily preventable errors.

 

  1. Watch All The Things!
    External threats have become much more prevalent with the near-ubiquitous use of cloud-based services.  Multiple cloud vendors, hybrid cloud models, branch offices that are connected via VPN, remote users that never see the inside of a corporate office:  all of them bear watching.  The simplicity of dropping a file into any number of paste/sharing sites, file sharing services, and the ease of “save everything” on the major email services means a LOT of data is “out there”.Those data sources are not always properly configured or secured, and they can be found, scanned, indexed, and used in ways you may not have intended.  This data – because it’s outside your control and your perimeter – should receive the attention and concern it’s due, and should be used to add context and relevance to internal threats and activity – how did that end up on that service?  Who has access?  How did it bypass our controls?

  1. Evaluate, Prioritize, Act
    Let’s bring it all together.  You’ve done an inventory, you found where you have critical gaps, and you’ve identified outstanding systems that need patching and projects that need completion.  Maybe you’re down the path on a 5-year program, which is perfect.  Our landscape changes on a day to day basis, it seems; new threats and exploits pop up that scream at us to respond and react.  Vendors come at us daily with new tools, shiny new UIs, and new widgets.What should we do as the defenders and shepherds of our organizations?  In my experience, the basics will always be necessary.  No, they’re not flashy.  They’re not what grabs attention.  But ensuring a solid baseline sets you up for success, and will provide you the ability to filter quickly the sizzle from the steak, as it were.  Ensure your foundation is solid, and the organization can move ahead with new projects and new technology, rather than apply every new analytics and security “platform” that comes along.

 

There are no quick fixes.  And while some of the advice here may seem rote or too simplistic, the reality is that as an industry, the core tenets are not being handled properly.  Before you entertain any new technology or vendor, do an internal inventory first.

When you’ve done that, you’ll have an excellent idea of what you need moving forward.  We’d love to be part of that conversation when the time is right!

(You can learn more about SearchLight, the Leader in Digital Risk Protection, here.)

 

A Practical Guide to Reducing Digital Risk

 

 

Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

Connect with us

Related Posts

Cybersecurity Awareness Month: Week 2 – Security Devices at Home and Work

Cybersecurity Awareness Month: Week 2 – Security Devices at Home and Work

October 14, 2020 | 7 Min Read

This week, National Cyber Security Awareness...
Clickbait to Checkmate: SMS-based scam targets US smartphones and accesses victim locations

Clickbait to Checkmate: SMS-based scam targets US smartphones and accesses victim locations

October 13, 2020 | 11 Min Read

Since the start of the COVID-19 pandemic,...
Help your development teams keep their keys safe

Help your development teams keep their keys safe

October 7, 2020 | 3 Min Read

Modern development practices are a blessing...
Four Ways to Validate Credentials in SearchLight

Four Ways to Validate Credentials in SearchLight

September 29, 2020 | 3 Min Read

Amid the billions of credentials that are...
Access Keys Exposed: More Than 40% Are For Database Stores

Access Keys Exposed: More Than 40% Are For Database Stores

September 14, 2020 | 6 Min Read

By now, we’ve all heard news about AWS...
Validate Exposed Credentials with Okta to Save Even More Time

Validate Exposed Credentials with Okta to Save Even More Time

August 24, 2020 | 3 Min Read

SearchLight customers can now automatically...
Account takeover: Expanding on impact

Account takeover: Expanding on impact

July 27, 2020 | 7 Min Read

Digital Shadows has collected over 15 billion...
SearchLight’s Credential Validation: Only Focus on What Matters

SearchLight’s Credential Validation: Only Focus on What Matters

July 14, 2020 | 4 Min Read

Of the many use cases associated with threat...
Reducing technical leakage: Detecting software exposure from the outside-in

Reducing technical leakage: Detecting software exposure from the outside-in

June 16, 2020 | 6 Min Read

Modern Development Practices Leads to...
The 2020 Verizon Data Breach Investigations Report: One CISO’s View

The 2020 Verizon Data Breach Investigations Report: One CISO’s View

May 19, 2020 | 6 Min Read

Sadly, Marvel’s Black Widow release date was...
A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

A NEW DECADE OF CYBER THREATS: LOOKING BACK AT THE TRENDING CYBER TOPICS OF Q1 2020

May 14, 2020 | 10 Min Read

Q1 2020 was packed full of significant...
COVID-19: Third-party risks to businesses

COVID-19: Third-party risks to businesses

March 31, 2020 | 5 Min Read

As social distancing becomes more prevalent...
Threat Model of a Remote Worker

Threat Model of a Remote Worker

March 25, 2020 | 7 Min Read

Threat models are an often discussed but...
Want to Control Your Ever-Changing Perimeter? Focus on Integrations.

Want to Control Your Ever-Changing Perimeter? Focus on Integrations.

March 4, 2020 | 5 Min Read

An ever changing perimeter? Over the past few...
How Digital Shadows Helped Find and Remediate an Exposed Admin Password on Github

How Digital Shadows Helped Find and Remediate an Exposed Admin Password on Github

January 23, 2020 | 5 Min Read

  I often get asked to share examples of...
Third Party Risk: 4 ways to manage your security ecosystem

Third Party Risk: 4 ways to manage your security ecosystem

January 16, 2020 | 5 Min Read

  The digital economy has multiplied the...
2020 Cybersecurity Forecasts: 5 trends and predictions for the new year

2020 Cybersecurity Forecasts: 5 trends and predictions for the new year

December 18, 2019 | 10 Min Read

  If all the holiday fuss isn’t...
2.3 billion files exposed across online file storage technologies

2.3 billion files exposed across online file storage technologies

December 3, 2019 | 17 Min Read

Originally published May 2019 2.3 billion is a...
Understanding the Consequences of Data Leakage through History

Understanding the Consequences of Data Leakage through History

October 24, 2019 | 4 Min Read

One of the most interesting aspects of...
Honeypots: Tracking Attacks Against Misconfigured or Exposed Services

Honeypots: Tracking Attacks Against Misconfigured or Exposed Services

October 17, 2019 | 9 Min Read

Honeypots can be useful tools for gathering...
ANU Breach Report: Mapping to Mitre ATT&CK Framework

ANU Breach Report: Mapping to Mitre ATT&CK Framework

October 11, 2019 | 14 Min Read

Introduction This week, the Australian National...
DevSecOps: Continued Database Exposures Point to Growing Challenges

DevSecOps: Continued Database Exposures Point to Growing Challenges

September 24, 2019 | 5 Min Read

Last week, we learned that millions of...
Your Data at Risk: FBI Cyber Division Shares Top Emerging Cyber Threats to Your Enterprise

Your Data at Risk: FBI Cyber Division Shares Top Emerging Cyber Threats to Your Enterprise

September 17, 2019 | 8 Min Read

Data breaches are not slowing down. Nobody...
Capital One Breach: What we know and what you can do

Capital One Breach: What we know and what you can do

July 31, 2019 | 5 Min Read

Monday blues. It’s a thing. It’s when you...
Harnessing Exposed Data to Enhance Cyber Intelligence

Harnessing Exposed Data to Enhance Cyber Intelligence

July 11, 2019 | 7 Min Read

  An illicit and lucrative trade has...
Leaky SMB File Shares – So Many Bytes!

Leaky SMB File Shares – So Many Bytes!

June 19, 2019 | 5 Min Read

Everyone loves a sequel. If you’re an avid...
Managing Digital Risk: 4 Steps to Take

Managing Digital Risk: 4 Steps to Take

June 18, 2019 | 9 Min Read

Organizations are finding it increasingly...
Enabling Soi Dog’s Digital Transformation: A Case Study

Enabling Soi Dog’s Digital Transformation: A Case Study

May 8, 2019 | 3 Min Read

At the beginning of this year I was introduced to...
Reducing your attack surface

Reducing your attack surface

April 9, 2019 | 4 Min Read

What is an attack surface According to OWASP, an...
Detecting Exposed Company Data: The What, Why, and How

Detecting Exposed Company Data: The What, Why, and How

March 12, 2019 | 3 Min Read

What is data loss detection? A fundamental...
Introducing Our Practical Guide to Reducing Digital Risk

Introducing Our Practical Guide to Reducing Digital Risk

February 12, 2019 | 5 Min Read

Download a copy of A Practical Guide to Reducing...
Understanding Digital Risk Protection

Understanding Digital Risk Protection

February 8, 2019 | 3 Min Read

There has been a lot of talk recently about...
SingHealth Breach Post-mortem: Key Findings

SingHealth Breach Post-mortem: Key Findings

January 29, 2019 | 5 Min Read

On 10 January 2019, Singaporean authorities...
Law Firm Uncovers Exposed Sensitive Details About Top Attorney Online

Law Firm Uncovers Exposed Sensitive Details About Top Attorney Online

November 15, 2018 | 2 Min Read

VIPs and executives who are critical to your...
81,000 Hacked Facebook Accounts for Sale: 5 Things to Know

81,000 Hacked Facebook Accounts for Sale: 5 Things to Know

November 2, 2018 | 5 Min Read

This morning, the British Broadcasting...
Cyber Security Awareness Month: Week 1 – Credential Hygiene

Cyber Security Awareness Month: Week 1 – Credential Hygiene

October 3, 2018 | 5 Min Read

It’s the opening week of the annual National...
GAO’s Equifax Post-mortem Report

GAO’s Equifax Post-mortem Report

September 11, 2018 | 5 Min Read

It’s common for the exciting and novel issues...
Digital Shadows Contributes to Insider Threat Research

Digital Shadows Contributes to Insider Threat Research

August 9, 2018 | 5 Min Read

On July 30, Forrester published its latest...
Reducing Your Attack Surface: From a Firehose to a Straw

Reducing Your Attack Surface: From a Firehose to a Straw

July 5, 2018 | 6 Min Read

What is Attack Surface Reduction? Attack Surface...
Keys to the Kingdom: Exposed Security Assessments

Keys to the Kingdom: Exposed Security Assessments

April 24, 2018 | 4 Min Read

Organizations employ external consultants and...
Out In The Open: Corporate Secrets Exposed Through Misconfigured Services

Out In The Open: Corporate Secrets Exposed Through Misconfigured Services

April 18, 2018 | 4 Min Read

For organizations dealing with proprietary...
When There’s No Need to Hack: Exposed Personal Information

When There’s No Need to Hack: Exposed Personal Information

April 17, 2018 | 4 Min Read

With Equifax‘s breach of 145 million records...
Leveraging the 2018 Verizon Data Breach Investigations Report

Leveraging the 2018 Verizon Data Breach Investigations Report

April 10, 2018 | 5 Min Read

Today, the 11th edition of the Verizon Data...
When Sharing Is Not Caring: Over 1.5 Billion Files Exposed Through Misconfigured Services

When Sharing Is Not Caring: Over 1.5 Billion Files Exposed Through Misconfigured Services

April 5, 2018 | 4 Min Read

Our recent report “Too Much Information”,...
Ransomware in 2018: 4 Things to Look Out For

Ransomware in 2018: 4 Things to Look Out For

March 8, 2018 | 4 Min Read

Ransomware remains an active threat for...
Data Privacy Day: 8 Key Recommendations for GDPR Readiness

Data Privacy Day: 8 Key Recommendations for GDPR Readiness

January 26, 2018 | 4 Min Read

This Sunday is Data Privacy Day, “an...
Don’t Rely on One Star to Manage Digital Risk, The Key is Total Coverage

Don’t Rely on One Star to Manage Digital Risk, The Key is Total Coverage

January 16, 2018 | 5 Min Read

This post originally appeared on...
GDPR: Why You Need to Consider the Personal Data That Lies Outside of Your Organization

GDPR: Why You Need to Consider the Personal Data That Lies Outside of Your Organization

January 4, 2018 | 3 Min Read

In 2010, reports emerged that the Information...
GDPR – Not Just a European Concern

GDPR – Not Just a European Concern

November 20, 2017 | 6 Min Read

This post originally appeared...
Why “Have a Safe Trip” Is Taking On Greater Meaning

Why “Have a Safe Trip” Is Taking On Greater Meaning

November 14, 2017 | 5 Min Read

This post originally appeared...
equifax research report

2017 Equifax Breach: Impact and Lessons Learned

September 28, 2017 | 3 Min Read

Equifax experienced a data breach that occurred...
equifax breach update

An Update on the Equifax Data Breach

September 13, 2017 | 8 Min Read

The credit reporting agency Equifax...
Equifax Breach Assessment

Equifax Breach: The Impact For Enterprises and Consumers

September 8, 2017 | 9 Min Read

What we know about the Equifax breach On...
Credential Exposure Data Loss Blog

Bitglass: Compromised Credentials are Just One Way Your Corporate Data is Being Exposed

August 18, 2017 | 2 Min Read

A guest blog from Bitglass, read the original...
NIST Authentication

Authentication Nation: 5 Ways NIST is Changing How We Think About Passwords

May 9, 2017 | 4 Min Read

Passwords have taken a beating over the past...
Brand Reputation Digital Risk

The 3 Pillars of Digital Risk Management: Part 3 – The Top 5 Main Risks of Reputational Damage

April 27, 2017 | 2 Min Read

In this 3-part blog series, we discuss how each...
Cyber Threats

The 3 Pillars of Digital Risk Management: Part 1 Understanding Cyber Threats

April 13, 2017 | 3 Min Read

What is Digital Risk Management? The National...
Five Tips To Make Your Passwords Better

Five Tips To Make Your Passwords Better

September 26, 2016 | 4 Min Read

While security is everyone’s responsibility,...
breached data

The Industrialized Uses of Breached Data

September 21, 2016 | 4 Min Read

In our first blog, we outlined a number of...
credential compromise

Beauty and the Breach: Leaked Credentials in Context

September 21, 2016 | 4 Min Read

Our analysts recently researched credential...
New report: 97 percent of the top 1,000 companies suffer from credential compromise

New report: 97 percent of the top 1,000 companies suffer from credential compromise

September 20, 2016 | 2 Min Read

Data breaches and credential compromise are not...
Shadow Brokers

Four Things We’ve Learned From the Alleged Equation Group Code Leak

August 22, 2016 | 4 Min Read

The wake of the deeply bizarre auction of...
Wall of Sheep

Gambling with Security in Vegas: Not Your Best Bet

July 27, 2016 | 4 Min Read

With BSides Las Vegas, Black Hat, and DEF CON...
thedarkoverlord

Thedarkoverlord – losing his patients?

July 26, 2016 | 4 Min Read

In late June 2016, we observed a spate of attacks...
breach disclosure

5 Key Lessons From The FDIC’s Breach Disclosure Debacle

July 18, 2016 | 4 Min Read

Last week, the United States House Science, Space...
thedarkoverlord

10 ways to prepare for credential leak incidents

June 30, 2016 | 2 Min Read

From LinkedIn to MySpace, threat actors like...
OpAfrica

Data breaches targeting financial services: 2016 so far

May 26, 2016 | 3 Min Read

It’s been a busy year for data breaches...
Bozkurt Hackers

Bozkurt Hackers continue to leak bank data

May 13, 2016 | 4 Min Read

A threat actor calling itself “Bozkurt...
DBIR

Analyzing the 2016 Verizon Data Breach Investigations Report

May 2, 2016 | 4 Min Read

Last week Verizon released the 2016 Data Breach...
Hacking Team

The Hacking Team breach – an attacker’s point of view

April 22, 2016 | 3 Min Read

On 17 April 2016, two posts were added to...
ransomware

Emerging Markets: Online Extortion Matures via DDoS Attacks

November 9, 2015 | 5 Min Read

Unlike scenes from books or movies where shadowy...
TalkTalk

TalkTalk: Avoiding The Hype

October 28, 2015 | 4 Min Read

There has been no shortage of media coverage on...
Adult Friend Finder

The Adult Friend Finder Breach: A Recap

September 7, 2015 | 5 Min Read

27th May 2015: Last week, news quickly...
Al Hayat

Saudi Arabia MOFA Breach

September 7, 2015 | 5 Min Read

Introduction As of April 2015 there were more...