How Your Organization Can Be More Proactive About Security
Recently, AMS.NET hosted a webinar led by Scott Augenbaum, retired FBI Supervisory Special Agent of the Cyber Division, and Sam McLane from Arctic Wolf. During the webinar, Augenbaum recommended that organizations take a proactive approach to cybersecurity instead of contacting law enforcement after it’s too late.
He warned that, while companies are required to notify law enforcement, once your information has been stolen through business email compromise (BEC) or a ransomware attack, the FBI can’t get it back.
While needing to contact the FBI about a breach is a bad experience, what’s worse is when the FBI contacts you first to let you know your resources have been used in a breach. Augenbaum pointed out that only 1 out of 49 companies that experience a breach reach out to the FBI.
Here’s an overview of some of the tools and services that Augenbaum recommends government and educational organizations use to prevent today’s threats.
Security Information and Event Management (SIEM)
SIEM combines information management with event management to provide real-time incident monitoring, analysis of event data, and the tracking and logging of threat data for auditing and compliance purposes.
With SIEM, organizations use analytics to identify suspicious traffic patterns that signal potential threats so they can stop them before the threat can cause damage. AI can be used as part of SIEM to automate the manual processes traditionally used for threat detection.
Managed Intrusion Detection and Response
Unless your organization can detect and respond to intrusions, hackers can lurk undetected in your organization’s systems, stealing and compromising information. Augenbaum and McLane estimate that organizations take an average of 200 days to realize they have been breached.
Monitoring the network is a full-time job, so outsourcing intrusion detection and response to a managed service provider (MSP) makes a lot of sense. Enlisting an MSP to detect and identify threats enables your company to intercept them before they can do damage and to prevent future attacks.
Security assessments help your organization uncover vulnerabilities and gaps in your security strategy that make you prone to targeted attacks. Penetration (PEN) Testing enlists the help of white hat hackers who simulate data breaches.
Based on the results of an internal or external PEN Test conducted by ethical hackers, your company can receive recommendations for strengthening your security posture. An MSP can provide regular PEN Testing services so your company can adapt to and prevent emerging threats.
Multifactor Authentication/Access Control
Multifactor authentication (MFA) is the current standard for identity and access management. MFA can be used as part of a multilayered approach to network access management that would support the Zero Trust security tenets of “never trust; always verify.”
With MFA, more than one method of verification is used to determine the authority of an access attempt, taking access control beyond passwords. Augenbaum identifies MFA as one of the core critical controls that organizations need to have in place to prevent attacks.
Another way to prevent cyberattacks through network access control is network segmentation. Network segmentation allows organizations to divide the network into smaller, isolated sections.
In a segmented network, each section of the network has different controls that govern who can access the applications and data within that segment. Augenbaum emphasizes that understanding how your network is segmented is a crucial part of knowing your environment.
Keeping Ahead of Emerging Threats
As one of the first FBI Agents in the Cybercrime Fraud Division, Augenbaum has witnessed the evolution of cybercrime and cybersecurity. He urges organizations to take cyber threats seriously and not to assume that they are too small to be a target.
AMS.NET helps organizations in education and government develop layered approaches to network security using the tools and processes Augenbaum and McLane recommend. We provide managed services for network security that include Pen Testing, managed SIEM, Network Access Control, and more.
Find out what your organization needs to prevent targeted attacks. Request a free security assessment from AMS.NET.