Cybersecurity Culture: Technology's Role
August 07, 2020 by Becky Metivier
Bill Gates once said, “The first rule of any technology used in a business is that automation applied to an efficient operation will magnify the efficiency. The second is that automation applied to an inefficient operation will magnify the inefficiency.” In terms of a cybersecurity culture this couldn’t be truer.
There are an overwhelming number of cybersecurity technology solutions out there, but if you don’t have good processes in place – or people who can interpret the information – these won’t do as much as you think to protect you. A tool can’t fix a bad process. Of course, technology is still an important component of a cybersecurity culture, but only in partnership with people and process.
It may seem strange to think about technology in terms of culture. It does, though, because a person is going to use it, and a process is going to drive its operation. We see lots of different technology components in organizations that aren’t managed in the context of cybersecurity culture. The tools aren’t process-oriented or culturally embedded, so people either don’t know how to use these, aren’t using these in the right way, or have left these in a static state.
Let’s take a look at the technologies you should consider implementing – with the appropriate people and process considerations – to build a cybersecurity culture. We recommend a layered approach to cybersecurity, known as defense-in-depth. Here’s what it should include, and how each technology can be managed with security in mind.
Perimeter Preventative Controls
Perimeter preventative controls are those technologies designed to keep malicious traffic from getting on your network. Here are some suggested controls.
#1. Firewall
Designed to block unauthorized inbound access while permitting outbound communication.
- Prior to configuring, document the rules that will be applied and include a business justification for each. For example, if a port is to be left open, document why and what business requirement is satisfied by doing so. Always keep configuration backups.
- Consider High Availability (HA) synchronization, a configuration in which two firewalls are placed in a cluster and their configuration is synchronized to prevent a single point of failure on your network.
- Be sure to segment your critical services. This allows you to isolate network traffic and filter, so you can limit or prevent access between network segments.
- Have someone review your firewall logs every day. Be sure they are highly trained and up to date on the latest threat intelligence. If you do not have a resource available, consider partnering with a managed threat detection service provider like Tyler.
- Be diligent with patches and updates.
#2. Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)
Devices or software applications that monitor a network or systems for known threats or policy violations.
- Place sensors in strategic locations for both external and internal traffic capture.
- Ensure signatures are being updated as frequently as updates are available from the vendor.
#3. Multi-factor Authentication for Remote Access
Multi-factor authentication requires an additional challenge to the user to provide more authentication information (something you have or something you are) over and above your username and password (something you know) to access an account.
- At a minimum, this should be required for all administrator remote access activity.
Internal Network Preventative Controls
Internal network preventative controls are those technologies designed to monitor your internal environment for malicious traffic or suspicious activity. Here are some suggested controls.
#1. Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)
- Employ a host-based system to include an application layer for critical services, such as web applications. It frustrates hackers when there are layers to get through.
#2. Web/Internet Filtering
- Be sure to have approved sites documented and include an exception list based on roles that might require access to special sites.
#3. Data Loss Leakage Prevention (DLP): Software That Detects Potential Data Exfiltration Transmissions
- Monitor or block the use of removable media, such as USBs.
- Send email securely, especially when transmitting non-public personal information (NPPI).
- Control your NPPI inventory. There are new tools available that can automatically find all the NPPI on your network and make sure it can’t be exfiltrated.
#4. Antivirus Software
- Use a centrally managed solution capable of pushing updates to all endpoints and reporting on failed updates, as well as malware infections.
- Update as often as the tool allows.
- Do not allow it to be configured or altered by individual users.
So, while technology is an important piece of your overall mission for cybersecurity, it should not drive the conversation or be considered without including your people and your processes. You can spend money on expensive tools, but if these aren’t process-oriented or embedded in the cybersecurity culture of your organization, these will only provide a false sense of security.