· RISK ASSESSMENT - The first and foremost thing that needs to be started is Threat Modelling , which means defining what are your critical assets that need to be protected, identifying threats and vulnerabilities to them, calculating the probability and impact of a breach to these assets, and available counter measures to minimize the risk. Also, to run a threat modeling exercise first and then look at counter measures.
· IDENTITY PROTECTION - Most breaches target identity and access management weaknesses both at user level as well as at privileged users / administrator levels. Hence, look at multi factor authentication for applications that are accessed over the cloud.
· PRIVILIGED IDENTITY PROTECTION - As administrators have full rights to most systems, hackers target admin accounts with high priority. Thus, limit users with admin rights, give admin access only on a time bound basis, and restrict admin logins only from secure workstations dedicated to admins.
· DEVICE SECURITY - Cyber criminals realize that not all users may update their system patches and versions on a timely basis and that makes these devices (endpoint and mobile) vulnerable especially, when they are on public networks. One of the researches reports that some of the attacks exploited vulnerabilities more than a year old but remained unpatched by the targeted organization. Therefore, keep the end user devices (laptops, desktops and mobile devices) and servers updated with the latest versions, operating systems, and updates. Software as a Service model helps IT and security practitioners today as they can expect regular feature and security updates from their respective SaaS providers.
· EMAIL SECURITY - Phishing and Spoofing emails are on the rise tricking users and senior management to share passwords and other sensitive data. Monitor incoming emails, and detect and prevent suspicious emails that could be targeted phishing or spoofing attempts.
· DATA SECURITY - One cannot control how data flows but one should still identify, classify and protect sensitive data irrespective of where it resides or flows. Implement persistent security at individual file level to be able to monitor and prevent unauthorized users from accessing the data. Encrypt data at all stages (at rest, in transit and in use) as much as possible.
· CLOUD SECURITY - With advent of cloud applications and cloud stores, monitor user activities and detect unauthorized behaviour like copying sensitive data to non-corporate cloud storage apps.
· NETWORK SECURITY - Prevent as many threats as possible but also remember that certain zero day attacks may not always be detected. So, implement network monitoring and response systems in place to detect suspicious behaviour and threats.
· ECURE BACKUPS - Make sure that critical data and systems are backed up regularly and stored securely to be able to recover from cyberattacks that target data integrity and availability.
· USER AWARENESS AND TRAINING – Lastly, human readiness to identify and respond to a potential attack is most important. It is significant to keep educating users within the organization on cyber security best practices such as password protection, be safe online etc. Hackers know that humans are prone to error and could be exploited with well-crafted attacks like phishing and social engineering campaigns