Six Steps to Prepare for a Cyber Attack or When Hackers Hack, Fight Back.
Craig Reeds, CISSP, CRISC
Senior Controls Surveillance & Compliance Analyst - Posts do not reflect the views of my employer.
This is the second in a two article series, the first article, "Seven Phases of a Cyber Attack" can be found here: https://www.dhirubhai.net/pulse/seven-phases-cyber-attack-craig-reeds-cissp-crisc/
Let’s face the facts, sooner or later the hackers WILL come for you. Don’t let yourself think that you don’t have anything that they want. Trust me, you do.
In a previous article, I presented the seven steps of a cyber-attack, which can lead to dire consequences. So what can you do to protect your network, your company, even your reputation? Here are the six steps to prepare yourself and reduce the attack vector.
Step One – Enhance IT security
Train your users, make them aware of what they can do to help protect the network. Tell them the evils that are out there and what to look for. But put a positive spin on it. Don’t make the mistake of saying that 80% of people click on this evil link. Then the message is that the majority of people do it, and people tend to follow the majority. Instead say, “Good users don’t click on links like this.†Also, you need to know who your users are, when they normally log in and from where. Monitor the network for small anomalies.
Step Two – Revisit architecture
Look at your network from a different point of view, like a hacker would. If you were going to attack your network, what weak points would you look for? Be brutally honest with yourself. Don’t be afraid to bring in a third-party penetration tester to test your network security. When it comes to your network configuration, consider micro-segmentation of your network, with each department or group on their own subnet. This will make it more difficult for a hacker to move around your network, should they get past your firewall.
Step Three – Know what is on your network
Map your networks, discover all the devices connected to your network and know where the networks touch each other and the internet. Know the configuration of every router, switch, wireless access point, computer, printer, etc. that is connected to your network. Implement alerts when the configuration of one of those devices changes.
Step Four – Create and enforce cyber security policies and procedures
If your company created cyber security policies and procedures two years ago, and have not updated them since, the procedures are most likely out of date. Review and update your cyber security policies and procedures and then share and explain them to your employees. If no one knows they exist or if they don’t understand them, they will be impossible to enforce.
Step Five – Patch and update
Microsoft and other vendors release security updates for a reason, and it is not just so they can send you an e-mail on Patch Tuesday. As soon as you become aware of a security related patch or update, you need to be making plans on when and how that patch will be implemented and how to mitigate the risk while you wait to install the patch.
Step Six – Detect unknown threats
This echoes Steps One and Three, know your users and know your network. Look for anomalies, new devices or new hosts on the network. If anything changes on your network, due to your change management process and procedures, you should be aware of the change before it happens. Any change in a user’s sign-on activities should be questioned. Don’t be afraid of upsetting the users, they will be more upset if you get hacked.
A proven cyber security partner
EPS Engineering & Design’s Cybersecurity Team combines traditional IT best practices with a deep understanding of the sixteen critical infrastructure sectors and the employed operational technologies. These sixteen critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof. Our team of experts draw on extensive knowledge and experience in several relevant areas, including risk management, operations and human factors. This helps ensure all testing and the suggested mitigation measures are tailored to the specific needs of your industry as well as your own needs. If you would like to talk about cybersecurity, please contact the EPS Engineering & Design Cybersecurity Team leader Craig Reeds at c.reeds@eps-ed.com or (314) 706-6820