2014 was a cybersecurity eye opener for all individuals using technology. The public and many corporations had to personally face the repercussions of the cybersecurity weaknesses throughout all technology. The whole world was watching this year as cyber-attacks hit one after the other, arguably the worst cybersecurity incident happening in November to Sony Pictures Entertainment. Not as popular but certainly as devastating, Heartbleed was part of the worst vulnerabilities made public and possibly the worst vulnerability ever released.
This is the year that we all count our losses, learn from our past mistakes, and give cybersecurity the attention it deserves. So how do you protect yourself from similar attacks? We have written a detailed guide on how to prepare by using the examples mentioned above. Below is a quick overview of the five topics discussed in the complete guide.
5 key areas of importance in cybersecurity
- Data Loss Prevention – Locate and protect important data with security controls that are backed up with policy and shared with individuals that require the information.
- Access Control – Access control for all individuals must be documented and reviewed to determine that separation of duties is in place and access to sensitive data is limited to those with business justification.
- Incident Response and Infrastructure Monitoring – It is important that timely responses are made when critical incidents occur. It is also important that a change documentation policy exists that when systems are added, changed, or decommissioned a proper procedure is in place to update security monitoring on priority.
- Infrastructure Configuration and Authentication – To protect ourselves it is important that a server configuration standard is in place with common security configuration recommendations made from leading security organizations.
- Vulnerability Scanning and Penetration Testing – Vulnerability scanning is an extremely useful tool when assessing the security of your environment on a regular basis. It does not take much technical security “know how” to run a vulnerability scan on the environment, and it will export a detailed report on the vulnerabilities and configuration issues within the environment. Penetration testing should also be used to move beyond the scanning tools to manual exploits to find the vulnerabilities that the hackers will use to compromise your environment.
To protect your company from cyber-attacks, it is important to continually be aware of the vulnerabilities that are found by security researchers. The best way to do so is by subscribing to security feeds and monitoring the security community. Staying on top of security patches is critical and should be implemented on a regular basis. If your applications are not patched or up to date, you leave yourself open to attack. So get prepared and have a more secure 2015.