Cybersecurity Monthly: Tips Roundup for April 2021
Welcome back to our series, Cybersecurity Monthly, where we’ll be presenting you a round-up of updates from one of Impact’s security experts, vCISO Humberto Gauna.
You’ll learn about trends and strategies for SMB security and how you can improve your organization’s approach to ensuring the best cybersecurity practices.
Take a look!
Cybersecurity Monthly: April 2021
Hi there! I’m Humberto and I’ll be walking you through my tips over the last month, so get your cup of joe on the go and let’s dive right in once again.
Be Wary of Social Engineering
LinkedIn profiles are a way to “sell” or “advertise” our ability to help others, be it as a service or employee.
Some of us have been wary about sharing details about our current roles. Even our past roles may be devoid of details. Social engineering is a real thing. And it doesn’t require the sending of emails or phone calls. Tools exist that collect all of the desired information required to conduct a target selection.
Case in point, ongoing investigations related to the Microsoft Exchange compromises has yielded:
“Another theory under investigation: The hackers scanned social-media sites like LinkedIn to determine which email accounts corresponded to systems administrators and were therefore likely the ones to use in the attack. A third: The hackers may have been simply lucky, breaking into systems using a default administrator email address.”
Operational risk and operational security are real things and should be adopted, not only at the organizational level but at individual levels as well.
Virtual Chief Information Security Officers
One of the advantages of having a CISO in your organization? Help drive the cultural change from open to secure business practices. The challenge with the old mindset of security was/is in how it is viewed as the “Department of NO”
I myself have been guilty of this action. And truth be told, I still am. I find the NO quickly, so I can work on the YES! This helps me avoid “No” when resources have already been spent on the project. It helps define how to implement new or improve business processes in a secure manner.
We are agents of change, security evangelists, and lifelong researchers, that find, collaborate, and share the information so that all levels are informed of the risks, benefits, and changes that make organizations and individuals more secure.
A study conducted last year (2020) found that organizations that did not have a security champion at the executive level have inadequate security programs in their organization.
This level of expertise can seem out of reach for the SMB, here enters the Virtual Chief Information Security Officer. This role can be filled by engaging consultants or an MSSP’s services.
Building Your Cybersecurity Team
I’ve built teams in the past, using a specific method that has worked for longer than I had been a leader, so why break the system? The first thing you need is a mission statement.
Do you have one for your organization? If not, create one! This will help you guide the next steps. I did a post on creating a mission statement some time ago; it will be helpful to review.
Determine the size of your team based on your mission statement. Consider the coverage time, the special and general skills you will need on your team. DO NOT TRY TO FIND UNICORNS. Be realistic in your creation of job descriptions.
Know that you will need experienced people and realize that you won’t be able to have a bench of veteran security experts unless, of course, you have the budget.
Start with one leadership position, one mid-level, and many entry-level positions. My secret is to have one mid-level position for every six entry-level positions. One leader for every five mid-level positions.
What should entry-level look like? 0-2 Years experience, with the target to attain specific certifications within a reasonable time. Grow them to be your mid-level positions!
Log Retention is Important
Earlier this year, Operation Ladybird was made public, disrupting the Emotet infrastructure. The infrastructure was used as malware for hire.
In recent months, the cybersecurity industry has noticed the deployment of ransomware to already compromised networks, leaving in their wake a rush to recover data instead of investigating data theft.
Forensic services have been working at a higher rate to identify not only how the malware was introduced to victim networks, but what happened prior to the identification of compromise.
Organizations need to understand that log retention is important, with the dwell time being anywhere 30-45 days and months for APT (Advanced Persistent Threats), we need the ability to forensically put the story back together. The story isn’t always the first thing you see, look for the underlying plot!
Governments are now stepping up the offensive and removing malware at a large scale. This time, they used the automatic update feature to deploy the clean-up tool. This is forward-thinking, after having seized the infrastructure, use it to self-detonate!
Keep up the good fight, protect yourself, and report your cases so they can be analyzed, that information sharing will help in the fight!
That’s all from Humberto this month for cybersecurity monthly. To learn more about cybersecurity, you can watch our 2020 Cybersecurity in Review webinar, where Humberto joins Impact’s Director of MIT Security Services, Jeff Leder, as they assess 2020 from a security perspective, analyzing the biggest breaches and providing valuable insights into what businesses can do better. Watch here.