header image
resilience

5 Tips for Cyber Security Success and Ransomware Resilience
Mike Groves 18 May 2022
18 May 2022    Mike Groves

Investing in Cyber Resilience: Spend, Strategy, and the Search for Value

Today's fast-changing threat landscape puts increased pressure on companies to make the right investment choices and improve their cyber resilience. For this report, S-RM surveyed 600 senior leaders and IT decision makers to discover which cyber investment areas provide the best value for money and what savings result from investing in cyber security.

Download Report

The cyber threat landscape is constantly evolving. For businesses, particularly small or medium-sized enterprises, the effort needed to stay ahead of cyber risk is daunting. However, there are practical exercises organisations of any size can undertake to protect themselves against cyber threats.

 

Here Mike Groves, Director of Cyber Advisory, outlines five tips every organisation should consider when protecting itself against cyber threats and offers specific advice on ransomware readiness – the most prolific of all the cyber incidents we see at S-RM.

 

Numbers-01Understand that your data is attractive to attackers

An organisation’s data is a very precious resource, and there is little surprise that regulations around data, particularly personal data, are growing and hardening. For any business collecting, storing, or processing customer, employee, or client data, you must understand that this is an attractive target for attackers and hence presents your greatest area of risk and liability.

 

Numbers-02Take steps to understand the evolving threat landscape

You don’t have to be a technical cyber expert to understand the evolving threat landscape. You can build knowledge and awareness incrementally. Focus on your industry and keep up to date with the risk businesses face – you can do this by subscribing to weekly risk bulletins, free alert services, and by signing up to receive material from organisations like the National Cyber Security Centre (NCSC) in the UK. As a next step, consider engaging a professional cyber security consultancy to help you understand your firm’s threat profile.

 

Numbers-03Understand and map your IT environment and attack surfaces

Are your printers networked? Do you use a third-party supplier to host your company website? It’s important to map out your IT environment, which can get very complex – but you can’t protect what you can’t see or don’t know is exposed. Making sure your IT team (be that internal or external) has up-to-date network diagrams, asset registers, public (and private) IP address inventories is important. Having these resources ready and available allows you to assess your own exposure to vulnerabilities accurately, implement mitigating controls, and also respond more quickly and effectively in the event of an incident.

 

Numbers-04Carry out a comprehensive review of your cyber security controls

Once you have mapped out your IT environment, you can start to carry out a risk assessment of each point of exposure. This will provide the foundation of a ‘road mapping’ exercise in which solutions can be intelligently focussed on known and prioritised weaknesses. However, there’s no point in having a ‘to do’ list with no one assigned to carry out the tasks. So, when it comes to implementing changes, ensure that the programme is owned at the right level of leadership and resourced with appropriate expertise. We also recommend that companies align their roadmap against a well understood technical framework (for example CIS18, NIST, etc.) This will allow you to make sure you have considered all control domains.

 

Numbers-05If time and budget are scarce, focus on quick wins:

If there isn’t time or budget to go through these steps, assume that an attack is likely to happen sooner rather than later and focus on quick wins:

  • Provide security awareness training for your staff
  • Arrange penetration testing to expose and remediate the flaws most visible to would be attackers
  • Update and simplify your Incident Response plan
  • Exercise response teams and processes with a simulated attack

 

Ransomware Resilience  

Of all the cyber security threats organisations face, ransomware remains one of the most pervasive, and is the key driver behind most incidents we respond to at S-RM.

There has been recent speculation within the cyber security sector about the war in Ukraine and whether Russia-based hacking groups might step up new forms of attack on certain western targets as a result.

However, for the time being, the majority of organised cybercriminal groups appear to be operating as normal, and ransomware groups continue to target western companies indiscriminately.

Such groups will often scour the internet and use publicly available vulnerability scanning tools to identify ‘low hanging fruit’ to target – in other words, companies with weak security postures and exposed vulnerabilities.

You can minimise your chances of being impacted by a ransomware incident by implementing the following core security controls:

  • Review your public facing infrastructure for vulnerabilities and ensure that the latest security updates and patches are applied and tested as fast as is feasible.

  • Deploy multi-factor authentication (MFA) to all external services and remote access methods.

  • Deploy and monitor an Endpoint Detection and Response (EDR) solution to increase your capabilities to detect and respond to threats as they occur. Remember that a tool like this is only as good as the time and resource you give to configuring and monitoring it properly.

  • Maintain regularly tested backups of critical systems and data which are off-network or offline to reduce downtime in the event of a cyber-attack. These backups should be stored away from the core infrastructure with a segregated method of access management in place. 

  • Enable logging within the environment at the most granular level and with the longest retention feasible, particularly for network logs. This will mean that, in the event of an incident, you can easily and effectively investigate what vulnerabilities may have been exploited and how a threat actor may have gained access to your environment – in turn, this will mean you can emerge more resilient from an incident and remediate any security failings identified.

  • Review your denial of service protections with your ISP and consider using web application firewalls where applicable. 

 

S-RM is here to help organisations build their cyber resilience. Please reach out to our experts to get your cyber plans underway.

S-RM is a global risk consultancy providing intelligence, resilience and response solutions to clients worldwide. To discuss this article or other industry developments, please reach out to one of our experts.

Mike Groves
Mike groves Director of Cyber Security Email Mike

CYBER SECURITY INSIGHTS REPORT 2022

We reveal the challenges faced by C-suite professionals and senior IT leaders across three key areas of cyber security – budgets, incidents and insurance.

Download Report