New year – new advice?
The potential conflict over Ukraine is a reminder of state-sponsored cyber-threats. A bulletin published by the US government’s Cybersecurity and Infrastructure Security Agency (CISA) serves as a useful checklist for both concerns about state-sponsored and security threats in general.
The natural response might be to get the latest Gartner sponsored or new AI security system to aid protection. These can be difficult (and expensive) to buy and operate.
Much can be done through more simple methods. CISA’s Insights bulletin* titled “Implement Cybersecurity Measures Now to protect Against Potential Critical Threats” reminds us how much can be achieved in 5 steps.
Organisations can “Reduce the likelihood of a damaging cyber intrusion” through:
- Perimeter and access security to prevent ransomware and hackers from gaining access to networks
- Implementing secure configuration to reduce known weaknesses
- Vulnerability assessment to reduce software exploits (The National Vulnerability Database has announced 1,111 new vulnerabilities already in 2022. 98 of these are classified high severity)
- “Hygiene” service – essentially testing – to check you’re secure and all of the above has been done properly
This is good advice, but surprisingly difficult – and time-consuming – to achieve with traditional systems.
- How do you ensure you have found all of the perimeter connections you need to secure?
- Which systems have default and insecure configuration settings disabled, and importantly which do not?
- Have all of the systems been assessed for vulnerabilities, and when was this last done?
Would it be better to save money and time by having a single environment to do this that keeps pace with your changing IT systems?
You may have landed on the right website to find out more.