Keeping pace with cyber risks

We’re often asked how does Mainstream and other cybersecurity firms keep up with cyber-attacks and evolving cybersecurity risks? And how do we coordinate our defenses so that our clients are protected from these risks?    

How do cybersecurity professionals keep up?

Cybersecurity firms such as ours utilize a variety of security tools that are updated daily by our vendors with vulnerability data.  They scan network devices (laptops, desktops, etc.) on a daily basis. If there is a risk, they will let us know about it within 24 hours. We will then take the necessary steps to remediate these risks.

We also read daily press releases, news articles, and threat intelligence feeds looking for topics that are relevant to our customers. We also subscribe to email newsletters and blasts from trusted sources that specialize in security. Talos, SANS, and Rapid 7  are three examples of these.

Mainstream Technologies is a member of various groups such as InfraGard and the Multi-State Information Sharing and Analysis Center (MS-ISAC).  InfraGard is a partnership between the FBI and organizations in the private sector. The InfraGard mission is to protect the U.S. critical infrastructure by connecting owners and operators within critical infrastructure to the FBI. InfraGard provides education, information sharing, networking, and workshops on emerging technologies and threats.

MS-ISAC is the trusted resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial government entities and is dedicated to keeping our government secure at the local, county and state levels.

Another resource we use and recommend highly is the Cybersecurity & Infrastructure Security Agency (CISA). CISA’s mission is to connect stakeholders in industry and government to resources, analyses, and tools to help build cyber, communications, physical security and resilience. CISA regularly publishes and distributes security notifications to the public with the goal of raising awareness and reducing risk.

Coordinated defense and protections

At Mainstream, we use a layered defense approach to protect ourselves and our clients. We look at the different attack vectors or avenues and then find tools or processes that protect from these different attack vectors. Some of the tools we use automatically address a risk, while others require us to play a role in responding to the risk.

A layered strategy

To protect our clients, no single tool or solution is completely effective by itself. This is why we subscribe to the layered defense approach. For example, if a tool (layer) is 80% effective in itself and we place it alongside other tools (layers) that are similarly effective, then together these layers reduce the risk beyond what a single layer can provide.

An extremely important layer of defense is user awareness training (UAT). UAT is designed to educate users about what to look for in their daily work life so they’re not duped into clicking on an email that could possibly release a malware payload that gives access to their system to bad actors. The goal is to get people or employees to think about security more often in their daily work and actions.

Firewalls are another layer all businesses should have. A firewall not only provides an ‘exterior wall’ preventing attacks, the next generation firewalls of today can include many security features and layers within itself. An example of one of these features worth mentioning is geoblocking where the firewall can prevent Internet traffic from specified countries around the globe. If you do not do business with Lithuania, then allow the firewall to block that internet traffic. A modem from your ISP does not have these enhanced features.

Another layer to consider is a managed detection response (MDR) or extended detection response (XDR) tool. These tools are the next evolution of antivirus since antivirus alone is insufficient to deal with today’s threats. These tools can automatically address issues much more quickly than a human can, and use artificial intelligence to recognize threats faster than we can, and take action against them.

Responding to attacks

One of the most important things in an organization that has embraced a cybersecurity culture is having policies and plans in place. Policies are important because they provide a road map for the organization so that everyone knows what is expected. 

There should be an incident response plan in place that scripts out how an issue or incident should be handled. Part of the plan should include scheduled tabletop exercises to run through the plan periodically. If an incident occurs, you don’t want to be in position of trying to determine what to do and who to involve on the fly.  

SUMMARY

Security risks are here to stay and are changing daily, requiring organizations to evolve with them and meet the challenge. Cybersecurity has developed into an essential component for reducing business risk. The take-aways are three-fold: (1) create and foster a security culture (2) be vigilant, and (3) invest into your security culture.  

Editor’s note: Daniel Weatherly is Director of Security Services for Mainstream Technologies, Inc. The opinions expressed are those of the author.