Think your IT Department is across it?

It would be nice if it was this simple and we like to think that most of our customers at Stopline have excellent IT staff who are across the current risks.

The issue is, it’s not quite that simple and for IT staff (whether permanent staff or outsourced), keeping networks and connected devices working optimally usually requires more time than they have, or have been allotted.

When assessing the potential for risk in any organization’s Information Technology, we start by asking some simple questions:

  1. How many computers do you have?
    1. Where are they now?
    2. Who has access to them or who are they assigned to?

If this cannot be readily answered in a precise way, then you have just identified a potential point of risk and it is one that cascades from that first ‘simple’ question.

The Australian Signals Directorate provides the following advice on “Strategies to Mitigate Cyber Security Incidents”:

“No single mitigation strategy is guaranteed to prevent cyber security incidents. At least 85% of the adversary techniques used in targeted cyber intrusions which ASD has visibility of could be mitigated by implementing the following mitigation strategies, referred to as the ‘Top 4’:

  • use application whitelisting to help prevent malicious software and unapproved programs from running
  • patch applications such as Flash, web browsers, Microsoft Office, Java and PDF viewers
  • patch operating systems
  • Restrict administrative privileges to operating systems and applications based on user duties.

These Top 4 mitigation strategies for targeted cyber intrusions are mandatory for Australian Government organisations as of April 2013.”

Source: https://www.asd.gov.au/infosec/mitigationstrategies.htm

Based on the anecdotal evidence we have from responding to computer security incidents for over a decade, we would strongly agree that where these mitigating strategies are not employed, they are usually at the ‘root cause’ of the security event.

If you understand this to be true then you can see how our ‘simple’ question regarding the number of devices can be used as an indicator of risk.  If you don’t know how many devices you have, where they are, what they are connected to, or who has access to them; how will you know if they are patched, running the latest anti-virus software Etc.?

This seems like an oversimplification on face value but if you look to the most recent round of cyber-attacks and ransomware events, these mitigation strategies (and the extent to which they were deployed) are really what determined who was a victim and who was not.

The Stopline cyber risk health check is a once-off or regular check-in to assess the state of cyber security within a given organisation.

The first ‘health-check’ is a high level review and focuses on key areas where we understand that the most active risks are;

  1. Asset management and inventory maintenance;
  2. Operating system and application patching and vulnerability management;
  3. Configuration maintenance;
  4. User account management;
  5. Service level agreements, businesses understanding of who is responsible and which risks are being managed by managed by any outsourced provider(s);
  6. Policies and guidelines, current state and staff awareness of the policies and content;

 Learn more about cyber risk health checks…