sb-au logo
Story image

Organisations still not getting cybersecurity fundamentals right - Wavelink

06 Dec 2019

Article by Wavelink managing director Ilan Rubin

Most IT security professionals are well aware that the most important aspects of cybersecurity boil down to human actions.

It’s possible to have the most sophisticated and expensive cybersecurity tools in place and still suffer a major breach due to human error.

One of the most basic of these errors is failing to install patches to close security gaps.

The fundamentals of cybersecurity include installing patches as soon as they become available, educating employees regarding their role in keeping the organisation secure, and keeping systems secure with multifactor authentication.

However, it’s shocking how many organisations fail to manage even these basic tasks, creating a significant risk that their organisation will fall victim to an attack.

Research shows that nearly 60% of organisations that suffered a data breach in the two years between 2016 and 2018 fell victim to a known vulnerability with patches available.

These organisations could have avoided being breached simply by installing the patches as soon as they became available.

And, the evidence suggests that many of these organisations are aware of this, with 39% of respondents to the survey saying their organisations were aware that the breaches were linked to known vulnerabilities.

These numbers are worrisome because it shows that breaches aren’t happening because of sophisticated attacks, advanced tactics, or innovative techniques.

Instead, they’re happening because CISOs and CSOs aren’t getting the fundamentals right.

And, given the speed with which cybercriminals create exploits the moment a vulnerability becomes known, it’s essential for organisations to be on top of patching.

In addition to patching, there are other cybersecurity fundamentals that can mitigate the risk of a cyberbreach, yet many organisations are ignoring or neglecting them.

These include:

Adopt the Australian Signal Directorate (ASD) Essential Eight
This is a priority list of risk mitigation strategies to protect organisations against a range of adversaries. Patching is one of the Essential Eight, along with application whitelisting, restricting administrative privileges, using multifactor authentication, and backing up data daily.

Implement continuous security awareness campaigns
34% of notifiable data breaches were caused by human error from April to June 2019, demonstrating the crucial importance of providing ongoing security education for employees. By reducing human error, organisations can dramatically reduce the incidence of successful cyber attacks.

Adopt a next-generation firewall (NGFW)
NGFWs combine traditional firewalls with additional filtering functionalities, which can help compensate for unpatched systems.

Apply a rigorous and autonomous approach to web application vulnerability management
By applying machine learning to detect and block attacks, organisations can reduce their reliance on manual resources and improve accuracy.

Employ multifactor authentication
Requiring more than just a password to access mission-critical systems makes it harder for these systems to be hacked.

Backup data
To ensure business continuity, organisations should back up their data based on criticality and service level agreements.

Organisations need to re-examine their approach to the fundamentals of cybersecurity and make sure they have basic security hygiene measures in place.

Getting the basics right can pay huge dividends.

For example, in many cases of attacks, the patches have been available for more than a year yet the organisations haven’t applied them.

This creates unnecessary risk for the organisation and effectively negates any investment made in sophisticated cybersecurity solutions.

It’s a bit like locking the back door while leaving the front door wide open.

Employing these six cybersecurity fundamentals can help close and lock that front door.

Story image
Rise in cyberattacks targeting the cloud as use of collaboration tools increase
“While we are seeing a tremendous amount of courage and global goodwill to overcome the COVID-19 pandemic, we also are unfortunately seeing an increase in bad actors looking to exploit the sudden uptick in cloud adoption."More
Download image
Why shifting workforce demographics requires updated management
Globalisation; a younger workforce; remote working trends - the landscape of the modern workplace has changed forever. And businesses could be in for a shock if they don't manage it properly.More
Link image
Webcast Series: Best security practices for a mobile workforce
Join an exclusive monthly webcast series to learn how to better secure your mobile workforce in the evolving threat landscape.More
Story image
Five wine-tasting tips that should be applied to network security
What does network visibility really mean? Much like a blind wine tasting, we need to keep an open mind and trust what data is telling us without being biased by previous results.More
Story image
Months on, many organisations still don't have secure remote access - report
The report analyses the extent to which businesses were prepared for the sudden shift into remote working due to COVID-19 restrictions, and analyses how organisations have adjusted to support remote workers amidst the COVID-19 pandemic. More
Story image
CrowdStrike expands Linux protection, adds machine learning prevention
CrowdStrike says its solution delivers proven breach prevention and visibility from its cloud-delivered platform via a single lightweight agent.More