Top 5 biggest cyber risks that you must address right now

From years of consulting businesses of all sizes, I came to realize that the threats that make the most damage remain fairly similar across industries. I stress the need to focus on the 20% causes that generate 80% of losses. This is the Pareto principle.??

Looking at both the data that I gathered from my experience as well as the statistics, here are the top five biggest cyber threats that all companies of all sizes must address right now to prevent 80% of security incidents:?

Ransomware?

The champion and the most deadly of all, ransomware is a nightmare. And once it happens, you are limited in what you can do. Ransomware accounted for around 20% of all cyber crimes in 2022, 93% targeting Windows. Once inside the network, It encrypts your data, making it inaccessible to you. At this point, every minute that passes means more money that is lost. The urge is often to find a quick solution, and many companies pay the ransom.??

Ransomware controls?

In my opinion, the security program must address the ransomware threat as early on as possible. It must be of atmost priority. To do this, the CISO can simply ask the following question: "What are the interfaces that may be used by an adversary to deliver ransomware?"??

Based on the answer to the above questions, you must implement one or many of the following controls:?

• Implement a backup strategy?
• Revisit antivirus protection?
• Revisit email protection??
• Revisit Active Directory configuration?
• Tighten up patch management?

Phishing?

Phishing is very easy to conduct. There are numerous social engineering tools that help construct the perfect email that is likely to be successful. I agree with the fact that "91% of all attacks begin with a phishing email to an unsuspecting victim".

Phishing controls?

There is no straight and easy way to prevent phishing, but a set of controls can be adopted to minimize the risk. I believe in frequent training and awareness campaigns, coupled with solid technology. Think about the following:?

• Create mandatory training for all employees?
• Conduct monthly phishing campaigns??
• Revisit your email protection solution?
• Incorporate newer AI technologies?
• Establish incident response process?

Malware?

Malware include Trojan, Virus, Worm, Adware, Spyware, and Crypto mining. The impact of these can go from simple nuisance all the way to complete disasters. The security team should focus on building the right antimalware controls.??

Antimalware controls?

Begin first by having visibility on your assets. They should be inventoried and baselined. From the baseline, deviations must be monitored.??

• Implement and maintain EDR ?
• Create a golden image against which compliance can be measured and tracked??
• Enable web filtering??
• Keep systems up to date?
• Implement a backup plan?

Obsolete security configuration?

This is where human error comes in. When consulting my clients, I have found many systems exposed to the internet with poor security controls, obsolete protocols, or unnecessary services. You may have web servers that were accidentally configured as FTP servers as well. The server then inherits the vulnerabilities of both web and FTP.? According to IBM Cyber Security Intelligence Index, 95% of breaches are caused by human error or negligence such as misconfigurations and outdated components.?

Controls against misconfiguration?

Since human error or misjudgment is the cause of this, I believe that working as a team is important for functions that handle system configuration. Coworkers could thus review each other's configurations. Besides, the following controls can help minimize the risk of security misconfiguration:?

• Regular product audits?
• Implement separation of duties and two-person rule?
• Domain-specific policies and procedures?
• Vulnerability assessment?
• System administrator training?

Web Attacks?

Your business may be more or less impacted by web attacks depending on the sector.?Adversaries can cause disruptions through the web. With web shells, they could establish foothold into the server and laterally move through the network.??

Web application controls??

Public-facing applications must be the main focus since they are the entry points. Begin listing your internet-facing applications and prioritize them based on criticality. Then, think about implementing one or more of the following controls:?

• Establish and maintain a patch management lifecycle?
• Implement a web application?firewall??
• Incorporate secure design principle into the development phase of your applications?
• Conduct regular audits and application testing?

?For me information security articles, visit my website: https://tznibae.com

?

?