Today there are many, many ways for an attacker to get into your network. It seems that every day I read about a new attack vector, exploit, targeted phishing attack or some other new method for someone to break into your network or otherwise steal your data. Everyone wants to be secure, but how secure do you really have to be?
There are many things you can do to protect yourself, and the best thing to do is go for the "low hanging fruit" (easiest things to fix). So before we think about what to do, first we have to know where you are now. Because knowing how secure you should be first depends on what you want to protect and how secure you want to be.
How secure are you now?
More often than not, companies are amazed when I tell them that they aren't really very secure to begin with. Some companies presume that by just having a fancy firewall they are protected, and they are ignoring a big red flag on how someone can get their data. Many companies have the "gooey center" approach, a hardened firewall but no internal layers to limit the scope of damage that an attacker could obtain. The first step is to identify your network and everything on it.
Part of this first step is identifying how secure you want to be, what you have decided are acceptable risks vs costs, and what you are going to do in the event of a breach. So before you decide to invest in a SIEM or IPS or other security infrastructure, you need to identify risks that you have now.
Have you done a 3rd party audit?
A very important step is to get an outsider's opinion of your network. Having an outsider's view on your systems can help you identify gaps that you might not otherwise have considered. Part of this audit should ideally involve a non-destructive security scan of your network, from the inside and outside. After the audit you need to review and perform any critical mitigation on items that are identified.
Attacks mostly come from the inside
These days, most attacks come from the inside. Most compromised systems that I have seen were accidentally infected by malware run by a user that was unintentional. A good number of these were from users that didn't know what they were doing or didn't think they would be an inadvertent accomplice to the attack.
An important step that almost all companies don't do is user education. Make sure you have at least a bi-annual review with your staff about common attack vectors!
What do you want to protect?
As part of your investigation, you need to rank your assets and data access and decide what you are going to protect. This might even turn into the basis for your backup retention policy, but it is important to identify the baseline of minimal protection you need to meet.
Plan of action
Now that you know what you have, what to protect, and "low hanging fruit", you can decide what plan of action you will take. It might start of with something as simple as changing passwords, disabling accounts, or improving documentation. Don't forget to add improving security again to the end of your list!
Yes, you DO need help!
Whether you realize it or not, having someone else have a good look at your systems or network or even business practices can be very beneficial. You are constantly under attack, whether or not you think you have anything of value, so be sure to get some help!
If you'd like to see how RDA could help your business, please give us a call or use the contact form on the right.