Tech Journal IT Executive Corner: Doug Martin

CXO Corner: Doug Martin, Sr. Architect & Former CISO –Basic Cybersecurity Blocking and Tackling

EDITOR’S NOTE: IT Executive Corner is a new feature from the Tech Journal. It is meant to give Insight executives and subject-matter experts the chance to voice opinions and offer insider tips on important IT issues.

After spending more than 20 years in IT security, including many years working with threat intelligence, I’ve seen security practices at enterprises and SMBs evolve a great deal. Unfortunately, the innovation and resolve of cybercriminals has evolved just as fast, or perhaps even faster.

Many in IT security realize now that those on the “dark side” of cyber security are neither penniless nor unprofessional. They have skills and understand business. According to a study by McAfee in 2017, cybercrime cost the global economy as much as $600 billion, much of which is reinvested into new technologies, products and initiatives.

One thing I’ve seen malicious hackers and other cybercriminals continue to do well is stay with what is working. Repetition and automation are key aspects of their business strategy, just as they are fundamentals of our own.

That is why I am not surprised after reading Verizon’s 2018 Data Breach Investigations Report.

Consistent with what I have seen over the past decade, two themes consistently emerge in this report:

1. Email is the vector in the vast majority (80 percent or more) of attacks.
2. Most attacks take advantage of a known vulnerability six months or more after their discovery.

So, without getting too much on a soapbox, let me stress a couple of things:

• Email security is critical. This means protecting and managing your email on multiple levels, including adding an email security platform that will detect malicious links and malware. This platform should also identity fraud-driven email directed at executives that has no malware per say. Deploying DomainKeys Identified Mail (DKIM) and regular warnings, as well as training employees about phishing emails, are some of the most important things you can do to protect your business.
• Patch management must be prioritized and expedited for vulnerabilities that cybercriminals are leveraging. But with the sea of vulnerabilities what should you patch first? That’s where your prioritization comes in. Prioritization and threat intelligence are keys to any successful vulnerability management program.

This is basic blocking and tackling.

We must get back to doing basic security tasks in an era when digital transformation and cloud migration strategies are placing ever greater demands on IT resources, and when IT staffs and budgets are shrinking. While things like patching and email security may not be sexy, they are absolutely essential.

1. My advice is threefold: Put your IT security money behind the most critical things. The “peanut butter” method of spreading your budget across the bread doesn’t seem to be working. Organizations can’t keep everything as secure as they would like. Identify your most mission-critical data and the most likely attack paths and fund those security countermeasures.

2. Use Multi-Factor Authentication (MFA) across all systems. MFA is slowly being adopted, but is still largely used only for remote and offsite employees and contractors. Very few use it for in-house corporate networks. Start using more widely in-house to give teeth to your password-protected systems. With malicious hackers’ sophisticated tools of today, passwords alone just don’t protect much of anything. More than 80 percent of hacking-related breaches are caused by stolen or weak passwords, according to the Verizon report. MFA can significantly reduce the risk related to these types of events.

3. Prioritize system patching. I’m simply repeating this for emphasis. Patching systems may not be sexy or exciting, but it does remove much of your attack surface.

Need help? A security partner such as Insight will not only extend your internal resources, but will provide current, practical advice in developing, implementing and optimizing your security posture. 

Security operations center
We’ll expand your protection to detect malicious activity and cyberthreats within your IT infrastructure, to keep your environment safe.
Learn more