Keep Security Simple
The cybersecurity threat landscape continues to grow in complexity. Cybersecurity is changing and with it a lot of noise has been created. The shiny “nice – to- have” solutions get all the advertising and talk at conferences, for most organizations, this is noise that keeps them from focusing on the “need – to – have” solutions like antivirus and spam filtering. We know these aren’t enough, but they are a start. It’s kind of like not checking your tires on a motorcycle to see if they are aired properly and not worn out. On a motorcycle your tires are the first line of defense for keeping you safe on the road.
It is the same thing with cybersecurity. Passwords are both the first line of defense and often the weakest link. Passwords without multi-factor authentication (MFA) are by far the most glaring threat to your organization’s security, not some complicated back door exploit.
Passwords are difficult to manage properly and are prone to user error. Even complex passwords can be easily bypassed today. If they were part of a breach over the years, even easier. The point is this, if a bad actor wants to get into your network, they will target users and their passwords first, with a high rate of success.
MFA is a simple solution with great benefit
MFA increases your security exponentially. Instead of a simple string of text, MFA requires a secondary proof of identity to gain access to an account. Examples include a PIN sent to your phone, a fingerprint scan, or a mobile authentication app. According to Microsoft, adding MFA to your identity strategy provides a 99 percent improvement to your security.
There is no reason to ignore MFA. Identity access control is so critical that MFA is a must-have. MFA is now a requirement of both cyber-insurance policies and multiple standards for government, medical and manufacturing. If it is not already required by your insurance, it will be part of your renewal. If MFA is not employed, obtaining a renewal and or new coverage is next to impossible.
Other Simple Solutions That Will Benefit Any Organization
In addition to implementing MFA, there are some other simple things that we encourage every business to implement and be resilient:
Perform A Business Impact Analysis (BIA). A BIA identifies the critical processes of your business and the assets that support them. It shows where there are interdependencies and the order in which your assets should be recovered in the event of ransomware or other adverse event. The BIA is the foundation of building a resilient organization.
Engage in a Critical Controls Assessment to identify, estimate and prioritize risk to your organizations infrastructure, policies, and operations. Understanding control gaps and the risk they pose allow appropriate conversation and decision on making the company more resilient
Perform Perimeter Cyber Defense Monitoring by scanning your external environment monthly to identify vulnerabilities and understand what you look like to attackers.
Invest in cyber-liability insurance. The cost of a ransomware attack is staggering. Between the ransom, the cost of recovery, and the downtime required to restore you network, it’s enough to close some businesses for good. Cyber-liability insurance can help with costs insuring you are resilient and continue operating.
OCTELLIENT - Our mission: Keep information security simple. With a Business First approach, we want to help you and your organization get to your core priorities and make the most of your infosec investments. Our goal is to be your side-by-side partner, working together to navigate a tailored infosec strategy and bring expert advice to your toughest challenges.
Ask us about Propulsion- CISO as a Service and Deepwater - Project Engagement