Check #CYBERSECURITY : 5 Step Cyber Security Process for Business

In the recent times incidents of cyber crimes have significantly increased and it seems like that it is going to follow the same pattern in the near future as Cyber security Ventures predicted that cyber crime will cost the world $6 trillion annually by 2021. As I can understand and would like to convey that more dependent your business is on Information Technology more exposed it is towards cyber crime. In my Cyber Security Consulting at SPaul Complete IT Solution Private Limited, I have seen businesses in which their business mail was the only touch point for Information Technology and when that got hacked it cost them millions since the criminal discreetly changed the bank details that were sent to buyers to one of his untraceable off-shore bank account leading to huge loss. In another business case that I came across which was just using whatsapp account for his business was hacked and the criminal was able to access and use his account for malafide interests.

In cyber security there can not be a one size that fits all however NIST (National Institute of Standards & Technology) has given 5 step framework which has already helped various business across the globe to enhance security of their business, you can further refer to their framework on the official link as under

https://www.nist.gov/cyberframework/framework

From a business perspective, 5 steps framework can be approached as

1. Identify key assets

This is the first step to secure your business for which you need to identify the key physical & digital assets that are important for your business and it's continuity.

If you don't know what you have then what would you protect ? You need to ask yourself that what data or technology is critical for your business ?

You should consider adding any devices, accounts, software, source codes, contacts, database, records, storage, hard disk, disk drives, email address, messenger accounts, financial accounts, bank details and any other detail that might be important for your business.

Once you have identified the key assets of your business then you should make a list of them what can be termed as key assets inventory list.

Prepare the Inventory List for Key Assets in a spreadsheet & Keep updating it every time you add any other data, digital account or technology to your business.

Once you have prepared a list you might want to add a column updating how critical that asset is for your business low, medium or high. This additional step will simplify our process to easily put up a filter and to look into the critical assets first.

2. Protect data & accounts

Once your list is prepared, you need to protect each digital asset in a best possible way that you business can afford to ensure smooth functioning of your business although there is no way we can put up a same protection for all assets however varying from asset to asset we need to address them accordingly. Further, it has to be strictly managed and controlled that who is accessing those key assets and what is getting accessed on them. Following are the common key digital assets that need to protected and their common protection methodology

i. Email Accounts

• Enable 2 Step Authentication.
• Beware of phishing attacks.
• Keep a strong password.

ii. Wi-Fi Network

• Keep strong password on your wifi network.
• Keep atleast WPA2 security on your network.

iii. Custom Software & Website

• Security Audit your custom software periodically by pen testers & fix the patches as necessary.

iv. Licensed Software

• Don't use pirated versions of software as those don't receive upgrade and leave your business vulnerable to cyber threat.
• Upgrade all stable releases of your business software as of when released by licensing companies.

v. Employee Accounts

• Train your employees over cyber threats to avoid them to fall in the trap of cyber crime specially social engineering or phishing attacks.

vi. Business Data

• Backup your important business data periodically & store it securely in a isolated drive.

vii. Employee Off Boarding

• Revoke access to any shared or privileged accounts the moment an employee has left.
• Change the passwords for all privileged, shared, or critical passwords that the ex-employee had access to.
• Do not leave disabled accounts hanging around in your systems, it’s an invitation for abuse. Delete and purge.

viii. Vendors

• Make sure to review your vendor's cyber policy to understand that how and in what format are they going to keep your business information and data.

ix. Mobile Phones

• Make sure that it's running a latest operating system and is fully upgraded.
• There are no installation of non-business applications like social media, music or games app installed.
• Further, it has to be monitored and ensured that it is not being used for non-business purpose.

x. Laptops

• Make sure that it's running a latest operating system and is fully upgraded.
• There are no installation of non-business applications like social media, music or games app installed.
• Further, it has to be monitored and ensured that it is not being used for non-business purpose.

3. Detect a breach

One of the most important principles of enterprise security is the rapid detection of a data breach. Unfortunately, many organizations who experience a breach won’t learn about it for months, or even years. In the meantime, today’s fast-paced cyber attacks can cause significant damage to a company and its customers.

Sometimes our protection might get breach and then it's very important to detect the breach as early as possible to minimize the data theft and reduce the impact. Following scenario will further elaborate the detection of the breach and it's importance

If you are running a custom software in your company then you might want to validate IP address , Browser or Operating System even if the employee has entered correct user name and password. So in such a scenario even if the password of the employee was hacked and criminal used those credentials in your company software but it might still deny access to that criminal.

In another scenario mostly on the hosting accounts wherein hosting account gets rooted generally cyber criminal tries to upload shell to hack into the hosting account and for that they upload the malicious script to gain and maintain access on the account which can be detected periodically checking any new files uploaded on the account and flagging an alert on finding any suspicious file.

These scenarios for detecting a breach will vary for each key asset however it's important to ensure that breach detection process is in place for all critical key assets.

We must focus on internal and external behaviors and apply advanced analytics, artificial intelligence and machine learning to discover and act against threats in real time so that when the inevitable breach occurs, rapid detection, isolation and remediation without disruption of ongoing business operations becomes the norm.

4. Respond to a cyber breach

Given the increasing risk of cyber attacks, you need a comprehensive plan in place to help you respond to a breach quickly, limit its damage, and prevent identity theft. Following are few steps that are mostly required in most of the data breaches that might help you get started in outlining your response plan

i. Investigate the breach : Your first step should be investigate the breach. Depending on your level of technical expertise, you might need outside help as you investigate the breach. Your IT consultant should be able to help you figure out how much data was compromised, how many customers were affected, and how it occurred. If a security flaw is in your network or software caused the breach, fix it immediately and isolate the infected software or machine to avoid spreading of the virus.

ii. Report the breach : Depending on your state laws and the size of the breach, you might have to report it to a consumer protection agency, the office of the state attorney general, or other law enforcement agencies.

iii. Contact your customers : In few countries it's mandatory to inform the customer about the breach and they have outlined in their rules and regulations specific number of days in which business must contact customers in case of breach. Therefore it's important to plan in advance and act accordingly at the time of breach.

5. How to recover from a cyber attack incident

Let's accept it that businesses do face cyber attack and do get compromised however that is not the end of the world as they do recover from a security breach and return to business as usual though it takes time and planning. Therefore it's important that once you have been compromised and recovered then it’s important to prepare for the next attack. If you’ve been hit once, there’s a good chance you’ll get attacked again by the same group—or by others using the same attack strategy. This is where your investigation into the attack can prove invaluable. By studying the attack method and finding out how the attacker(s) got in, you can identify the gaps in your security that allowed the attack to occur and close them. Doing so can help prevent future breaches.

This is what cyber security is all about. There is no way to guarantee 100 percent safety and security, but as discussed there are many measures companies of all sizes can take. Cyber threats are constantly looming and infiltrate even the securest of systems. Thus, proactively putting in place a flexible cyber security protection and implementing breach detection mechanism that monitors security breaches will be effective and sustainable in securing your infrastructure and information.