Close Out Cybersecurity Awareness Month by Focusing on the Basics

Earlier this month, I wrote about the rise in credential-based cyberattacks and the importance of strong identity security. For Attivo Networks, Cybersecurity Awareness Month has been an opportunity to drive home the danger posed by today’s increasingly advanced attackers while also emphasizing the game-changing nature of modern identity security technology. With Identity Detection and Response (IDR) technology, defenders can go on the offensive, engaging in active defense strategies designed to detect attackers early and make their lives as difficult as possible.

But while identity security is increasingly critical, there are plenty of other areas of cybersecurity that deserve attention. To close out Cybersecurity Awareness Month, get back to basics with some tips and recommendations that any organization can use. Good cyber hygiene is essential, as is making sure your enterprise follows accepted best practices in cyber health. Before the month ends, take the time to go through this checklist and see how your defenses measure up.

Cyber Hygiene Checklist

• Make sure your software is up to date. Nobody likes taking the time to update software. It usually involves restarting the device and significantly disrupting workflow. But updates are often issued to correct specific vulnerabilities—and once those vulnerabilities are known, attackers will be racing to exploit them. Keeping software up to date won’t prevent every attack, but it will stop attackers from capitalizing on low-hanging fruit.

• Check your password policy. A strong password policy is important for any organization, but that doesn’t just mean using complex passwords. Passwords are a balancing act: make them too complex, and you risk your employees writing them down or reusing them, creating entirely different security risks. Password managers are a useful tool for private users and organizations and can help keep regularly updated and sufficiently complex passwords.

• Make sure your employees can recognize social engineering. Social engineering attacks are on the rise. Rather than evading perimeter security, social engineering allows attackers to target employees directly, tricking them into giving away personal information or credentials and granting attackers an easy way into the network. Mistakes happen, but it is important to help employees recognize the signs of phishing, spear phishing, business email compromise (BEC), and other social engineer-based attacks.

• Check for exposed credentials. In today’s threat landscape, visibility is key. Too often, organizations leave credentials or other valuable information exposed on endpoints, making them easy for attackers to compromise. Because it is harder for most in-network detection tools to identify attacker activity when they use valid credentials, preventing them from obtaining those credentials is critical. Gaining visibility into exposures and potential attack paths can help organizations nip this problem in the bud.

• Establish strong in-network defenses. Even with perfect visibility, preventing 100% of attacks is impossible. And while many tools struggle to detect attackers using valid credentials, some are specifically designed to do just that. IDR can be particularly helpful here, not only in detecting attack activity within the network but in misdirecting intruders with decoys and false information and gathering adversary intelligence on their tactics and methods. Ransomware attackers are particularly notorious for moving laterally throughout the network as they search for valuable assets to steal or encrypt. Detecting and derailing those attacks is essential as ransomware continues to rise.

• Check for excessive privileges. One other way enterprises can defend against credential theft is to employ the “principle of least privilege,” in which an identity only has the permissions it needs to fulfill its essential job function. While it can be inconvenient for employees to ask for additional privileges when they need to access a specific network asset or area, it also helps ensure that one set of compromised credentials won’t put the entire network at risk. Review your permissions policies to put a stop to overprovisioning and revoke any privileges that seem excessive or unnecessary.

• Ensure Active Directory (AD) is sufficiently protected. AD is a high-value target for attackers, but it is also essential for day-to-day business operations—which means it needs to be accessible. Unfortunately, this makes it notoriously difficult to secure, and with Microsoft estimating that more than 95 million AD accounts come under attack each day, this can present a real challenge. But today, there are tools available that can help mitigate AD-related threats by providing greater visibility into exposures and detecting activity like harvesting domain shares and Kerberoasting attacks. Attivo’s ADAssessor and ADSecure tools can provide these critical protections and keep AD as secure as possible.

• Be on the lookout for cloud misconfigurations. Credential-based attacks have received much attention this year, but the 2021 Verizon Data Breach Investigations Report also noted that attacks exploiting cloud misconfigurations are on the rise. Accelerated by the remote work necessitated by the COVID-19 pandemic, a growing number of enterprises are adopting cloud-based solutions. Many are even building multi-cloud environments, which—while useful—can be difficult to secure. It isn’t always easy to know where the cloud provider’s security obligations end and the customers begin, and multi-cloud environments only exacerbate this problem. Visibility into attack paths and exposures can help prevent attackers from taking advantage of an overlooked gap in protection.

Moving Forward with Confidence

While this checklist won’t completely secure your network against all possible threats, it’s a great place to get started. When it comes to cybersecurity, preventing every attack isn’t the goal—that would be impossible. But it is possible to make your network more difficult to attack successfully, and the best defense strategy is often simply to make the attacker’s life as difficult as possible. There will always be low-hanging fruit for adversaries to target. Your goal should be to make your enterprise a tougher nut to crack—and these tips can help you get there.