How to boost the effectiveness of your cybersecurity operations

Data breaches occur despite tight security. Arctic Wolf explains how to increase your security effectiveness.

cybersecurity

Image: iStockphoto/Metamorworks

If your organization follows the usual cybersecurity guidelines, you probably have a range of security products designed to protect your data, network, and other assets. Yet as we hear about one high-profile cyberattack after another, you may still feel vulnerable or susceptible to malware and ransomware and other types of attacks.

SEE: Security Awareness and Training policy (TechRepublic Premium) 

Beyond just having the right security solutions, you need to know how to use and manage them all effectively and efficiently. A new report from cybersecurity firm Arctic Wolf offers recommendations on how to do just that.

In its "2020 Security Operations Report," Arctic Wolf described several cyber threats and vulnerabilities that have challenged security defenses. Ransomware and phishing attacks jumped by 64% in the second quarter from the first quarter of 2020. Such attacks hit the banking industry especially hard with a 520% increase between March and June.

Since March, the number of cleartext usernames and passwords found up for sale on the Dark Web shot up by 429%. Over the same time, the number of connections to open Wi-Fi networks increased by 243%. In such cases, organizations spread out around the world have faced higher risks of network attacks. Further, the shift to remote workforces has increased business email compromises.

In the face of all these threats, IT and security professionals can suffer from "alert fatigue," according to Arctic Wolf. As they struggle to contend with the constant flow of alerts from all their security tools and technologies, security staffers often either increase the alert thresholds or turn off certain alerts entirely. But this move can leaves holes in security defenses and increase the duration of many threats.

How can security teams better use the tools and operations designed to protect their organizations? Arctic Wolf offers a variety of recommendations.

Look for ways to augment your IT team

To properly staff and resource a security operations center on a 24x7 basis requires a minimum of 10-12 people. These are minimum requirements as it doesn't account for management, system administrators, and other support functions. For many organizations, this is an impossibility. As such, staffing their security operations becomes a balance of how much work their existing IT personnel can absorb during the day versus how much risk the organization is willing to endure. If adding resources to support around-the-clock coverage feels like too tall of a task, look for partners who can augment your team or provide off-hours coverage.

Secure against public Wi-Fi networks

If your remote workers can't always connect from Wi-Fi networks that are secure and password protected, consider other options. A split-tunnel VPN can help users isolate business applications from consumer applications and connections to the corporate network. Connecting to a password-enabled personal hotspot on supported iOS or Android smartphones can also increase the likelihood of a secure connection.

Endpoint monitoring through an endpoint agent should be implemented to detect and alert you to connections to unsecured networks. Keeping software up to date adds another layer of protection. Finally, in terms of IT policies, browsers and associated tasks should be configured to periodically delete persistent cookies to push for re-authentication more regularly.

Prioritize your patching

Patch prioritization can be difficult, but establishing the proper workflows can help assign specific tasks to the right people. Don't be derailed by vulnerabilities that can't be patched for business reasons. Keep tracking and reporting those while maintaining focus on vulnerabilities that can be rapidly addressed. If you struggle with what patches to prioritize, seek security operations assistance to close the gaps on the average time to patch.

Protect against ransomware and phishing attacks

Use automated tools in your email client to identify threats and forward them to your IT team for analysis. Your security operations or IT teams should be equipped with workflows to know how to correlate indicators of compromise (malicious attachments, suspicious links, foreign domains, etc.), so you can spot critical threats and address them.

Reinforce to employees that if they receive a suspicious email, don't click on anything (attachments or links). When users understand how a phishing attack may attempt to target them, they're better prepared to handle phishing situations. That's why building phishing simulation campaigns into your security awareness training program is a good defense tactic.

Combat potential account takeovers

Acquire visibility into dark and grey web exposures. Billions of passwords and user credentials are bought and sold on the Dark Web every day. Brute-force and credential stuffing attacks are often executed through botnets using this information. Look for solutions that can help you shine a light on these Dark Web exposures so you can take proper action to change passwords or disable accounts as necessary.

Leverage password managers. Password management software auto-generates and securely stores strong passwords, requiring that the users only needs to recall a passphrase. Password managers also reduce the likelihood that passwords will be reused across third-party sites, because dictionary words and common phrases are not used.

Leverage multifactor authentication. Enable multifactor authentication (MFA), especially on your organization's most critical systems. MFA provides additional authentication beyond the user's credentials, making credential stuffing and brute-force attacks more difficult.

Disable or delete expired user accounts. Deploy IT policies that delete, disable, or expire user credentials for employees or contractors that leave the organization and no longer require access to your systems.

Training and awareness. Simply telling users not to reuse passwords often falls down in practice. In addition to implementing password managers, training and awareness programs should regularly look at password practices and educate users on proper password hygiene.

Also see

By Lance Whitney

Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.