David Tyson, the CEO of CISO Insights, spoke to attendees of Cyber Security Summit 2018 about the top measures to take to protect security systems from cyber attacks. He began by visiting old challenges related to patches, viruses and denial of service attacks that persist as they have for the past 20 years.
Out of every 101 emails, one is malicious, he said. Data security continues to be an issue, as well as faulty program installations.
Cybersecurity is a weakest link disruption, he noted. You can spend $1 million, but if someone leaves their password taped to their monitor security will fail.
His list of 10 questions is designed to guide cybersecurity practitioners to safe practices.
- Cybersecurity teams need a set of rules before an event occurs to have a checklist of actions to take in an attack.
- Did a purchase start secure? What assurance level do you require?
- Was it installed with a secure design by an experienced architect?
- Will it be tested prior to going live? For security? For functionality? Companies should not impose massive scope limits on testing. “If you tell the IT team how you want to test, there’s less chance it will fail – you’re setting expectations.”
- Are the basics covered? Who has access? Who is the admin? Is insider threat limited? Are default passwords removed?
- Documentation is important. Is training included?
- How do you know if your system has been violated? Do we know what “good” looks like? What is the baseline? We must know what normal is for your system.
- Who will monitor the new system for variance? What are the escalation paths? What kind of reporting will happen. By whom? When? All need to be decided upfront.
- How will the system be maintained? By whom. How can you tell if a patch is not made? Are plans in place for end-of-life replacement and data removal before disposal?
- Does your plan include use of security intelligence to understand your adversary’s approach? Do you know who’s coming after you, and therefore, what they may want?
[ Photo Credit: Bruce Silcox Photography ]