Immediate Steps Organizations Need to Do Now, Post-NCSAM

Oct 30, 2018 | by Angel Grant, CISSP

Data is the new currency. It comes from everywhere - from our homes, cars, applications - from every point of our lives and from every location.  We are seeing stats of over 42 BILLION entities by 2022 that need protection from criminals. Now ask yourself: are you ready? Is your business ready?

Individuals have more credentials than ever before and there are more THINGS beyond “people” having identities. Breaking it down more, the definition of a consumer “Identity” is changing with the emergence of social identities. The Internet of Things (IoT) is morphing into an “identity” of things in which an identity can be associated with an actual human or machine – meaning an identity is no longer just who is accessing your application, but what is accessing it.

We see significant data breaches each year and will continue to as more companies make their digital transformation journey. Considering all of this, you are likely asking what can be done to secure data in today’s cyber threat landscape.

Determine what matters most, classify it and put access controls on it.
Before you even start a data protection strategy you must know what matters most and what data (structured and unstructured) if lost, stolen or destroyed would cause your organization the most harm. This is becoming more important than ever, not just because of insider threats, but with the growth of ransomware. Once the data is classified you need to control access to it. Take steps to ensure the right level and authentication and authorization controls are in place. This means moving beyond the password and embracing multi-factor authentication (MFA) solutions.

Make It Useless.
Make data at rest or in transit useless to criminals by leveraging encryption or tokenization. Remember, it is an economics game for these cybercriminals. If they can’t use your data for gain, they won’t take it.

Back It Up.
Not just as part of your standard business continuity planning, but going one step further – consider putting your critical data in isolated recovery that is air gapped.  An isolated data center environment disconnected from the network and restricted from users other than those with proper clearance is an added layer of protection. Also ensure your backup has Integrity Checking & Alerting Workflows to stage copied data in the isolated recovery zone and perform periodic integrity checks to rule out that it was affected by malware, along with mechanisms to trigger alerts in the event of a breach.

Monitor everything.
Get visibility across endpoint, network, users…everything in your environment. Begin thinking about how you can connect Identity and Access Management data with your Security Information and Event Management (SIEM) solution for added context.

Monitor users: Take inventory of who has access to what and what they are doing. Map typical user behavior and be able to recognize when a user’s behavior is atypical.

Monitor endpoint: Look for Signatures (known) vs. behaviors (always evolving).

Monitor Network: With full packet capture you can expose command and control (C2) connectivity and reduce dwell time.

Digital transformation is one of the most influential forces—perhaps the most influential force—redefining business risk today, sending organizations scrambling for ways to address new security and risk challenges that are difficult, large in scale and continually evolving. Taking these few steps now will go a long way towards helping your organization.

# # #

Learn more about the value of frameworks for managing risk in the paper RSA Risk Frameworks: Making Digital Risk Manageable.

Author: Angel Grant, CISSP

Category: RSA Fundamentals, Blog Post

Keywords: Cybercrime, Data, Data Privacy, Data Security, Identity & Access Management, IoT, NCSAM