Cyber attackers only have to find one chink in your cybersecurity armor.
With networks comprised of many different types, brands, and models of hardware, running myriad applications and software, all interconnected via wifi to the internet, can there ever be enough armor?
Attackers are betting the answer is no. And it may well feel that way when it’s your job to keep them out.
So, here are five things you can do now to stay one step ahead:
· Take a fingerprint of all assets on your network
· Join an ISAO for really good and continuous threat intelligence
· Install a breach detection system
· Add a honeypot with the ability to investigate and alert
· Collaborate and make every person in your company a human firewall
“Most organizations don’t know what’s on their networks,” says Sensato CEO and cybersecurity expert John Gomez. “Attackers have a better chance of cataloging your network than you do—so we recommend that you use the same techniques to take your own inventory and get a real, intimate understanding of the assets on your network.”
That inventory should include social graphing—identifying which systems can absolutely never go down by looking at traffic patterns to determine which systems everyone relies on.
The Department of Homeland Security (DHS) encourages the development of and participation in ISAOs (Information Sharing and Analysis Organizations) so that organizations can collaboratively share and respond to cyber risks quickly.
Sensato, Beebe Healthcare, CHOA, and others felt so strongly about the lack of collaboration among cybersecurity professionals, especially in healthcare, that they formed the Medical Device Cybersecurity Task Force (MDCTF) in 2016 with a goal to move quickly and minimize bureaucracy to better address medical device cybersecurity. MDCTF has now become the Sensato-ISAO, which entered a trilateral agreement to collaborate with FDA (Food and Drug Administration) and H-ISAC (Health Information Sharing and Analysis Center).
Still in the early stages, the new partnership with the FDA and H-ISAC is seeking ideas and looking toward the future. “We should be looking toward what we can share with other industries and manufacturers to improve consumer safety,” says Mike Maksymow, CIO of Beebe Healthcare. “The more we can collaborate, sharing information, best practices, and open source programs, the better we can protect our organizations, each other, and the public.”
We know firewalls help; but we also know that dedicated cyber criminals can and will find a way through the wall. That’s why we recommend a breach detection system that’s host and network-based so you can learn sooner rather than later about breaches, study their signatures, and shut them out from further intrusion.
“Our BDS is a telecom-grade platform, built with the prime directive that you can’t have telecom networks going down, no matter what,” says Gomez. “Integrated with intelligence feeds, we made it simple and flexible for optimal implementation.”
The average attack can be completed in 14 minutes, so it’s important that your breach detection platform saves you time in detecting a breach and enabling your most effective response. That’s where honeypots shine. More than just alerting you to an intrusion, a honeypot allows you to monitor and track the attackers’ activities and gives you tools for responding to the attack.
“Attackers know they can get around firewalls and even breach detection systems,” says Gomez. “The one thing that scares them is honeypots, because they know it can be hard to spot them and once they stumble into a honeypot, they’re caught.”
Ask your cybersecurity partner if your honeypots can be connected to their ops center for best coverage and response.
One of the biggest problems in cybersecurity is that it’s been chaotic and fragmented across many different entities, with individual programmers designing security software and systems essentially in a vacuum. Most solutions are trademarked and protected, with developers guarding the secrets of their programs and companies protecting their profits.
That’s not how attackers, work, though. “Attackers are a very collaborative group. You can post a question online, asking for help breaking into something, and you’ll get a bunch of really helpful responses,” says Gomez. “It doesn’t matter what their ideology is. It doesn’t matter what country they’re from. It doesn’t matter what their mission is. They will collaborate.”
That’s why Gomez and other cybersecurity experts recommend that every member of an organization be included and involved in cybersecurity efforts at some level—creating “human firewalls” who are aware of the various types of threats, know how to avoid falling into phishing and other social attacks, and how to report suspicious activity.