"Whether you work for local law enforcement, a utility provider, a hospital, or a small or large company, you need to protect your critical infrastructure against cyber infiltration. The threat that cybercriminals pose to public entities and private businesses is substantial. A single intrusion could mean economic loss, bankruptcy, and in some cases, loss of human life."
Deputy Attorney General Rod Rosenstein
Cyber crime is one of the greatest threats facing our country, and has enormous implications for our national security, economic prosperity, and public safety. The range of threats and the challenges they present for law enforcement expand just as rapidly as technology evolves.
In Rhode Island, the United States Attorney’s Office, and federal and state law enforcement have teamed up to investigate cyber crimes, and to educate the public and businesses on ways to help avoid becoming a victim of a cybercrime and what to if they become victimized.
If you believe you, your family or your company are a victim of a cybercrime, or are interested in learning more about protecting yourself or your company from cybercrimes, please contact:
Rhode Island Fusion Center: (401) 444-1117
Rhode Island State Police Joint Cyber Task Force: (401) 444-1718 or (401) 444-1710.
FBI Cyber Division CYWATCH 24/7 support: 1-855-292-3937 or email CyWatch to report intrusions cywatch@ic.fbi.gov
United States Secret Service, Providence Resident Agency 24hr: (401) 331-6456
United States Attorney’s Office (401) 709-5042
Online Reporting & Resources
To report internet fraud/phishing: http://www.ic3.gov/default.aspx
DHS cybersecurity resources and information: http://www.dhs.gov/topic/cybersecurity
To access cyber threat information in the National Cyber Awareness System go to the US Computer Emergency Readiness Team (US CERT): https://www.us-cert.gov/ncas
To join FBI Infragard: https://www.infragard.org/
-
Membership includes receiving emails concerning Cyber Threat Updates
-
Quarterly meetings with a Cyber Focus
General questions relative to connecting to federal resources or joining FBI Infragard contact Brian Pires at the U.S. Attorney’s Office at (401) 709-5042.
Information and links that provide important information and guidance on helping to avoid becoming a victim of cyber crime and answers to some frequently asked quetions
Cybersecurity 101: What You Can Do at Home
DO NOT IGNORE SECURITY UPDATES
Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats.
USE TWO-FACTOR AUTHENTICATION
Use a username and password (something you know) and another form of identification (something you have) such as an RSA generated security code, a USB security key, voice ID, facial recognition, iris recognition or fingerprint scanning.
DON’T CLICK ON LINKS IN EMAILS AND WHEN IN DOUBT, THROW IT OUT
Links in email, tweets, posts, and online advertising are often the way cybercriminals compromise your computer. If it looks suspicious, even if you know the source, it’s best to delete or if appropriate, mark as junk email.
PROTECT ALL DEVICES THAT CONNECT TO THE INTERNET
Along with computers, smart phones, gaming systems, and other web-enabled devices need protection from viruses and malware.
Basic Steps to Protect Yourself from Phishing Attacks
Spear phishing-While most phishing campaigns send mass emails to as many people as possible, spear phishing is targeted. Spear phishing attacks a specific person or organization, often with content that is tailor made for the victim or victims. The most common of these is the Business Email Compromise (BEC) where the attacker purports to be a senior manager (CEO, CFO etc.) requesting immediate action on an urgent matter. The hackers scour the Internet to match up this information with other researched knowledge about the target's colleagues, along with the names and professional relationships of key employees in their organizations. With this, the phisher crafts a believable email. For instance, a fraudster might spear phish an employee whose responsibilities include the ability to authorize payments. The email purports to be from an executive in the organization, commanding the employee to send a substantial payment either to the exec or to a company vendor (when in fact, the malicious payment link sends it to the attacker). Ex. “I’m on travel and need an electronic transfer…” “Take a look at the latest spreadsheet…” with the click taking you to a malicious link.
How do I protect myself against phishing?
Phishing is an equal opportunity threat, capable of showing up on desktops, laptops, tablets, and smartphones. Most Internet browsers have ways to check if a link is safe, but the first line of defense against phishing is your judgement. Train yourself to recognize the signs of phishing and try to practice safe computing whenever you check your email, read Facebook posts, or play your favorite online game.
Here are a few of the most important practices to keep you safe:
- Don't open e-mails from senders you are not familiar with.
- Don’t be afraid to make the call. The CFO or CEO will not lambaste you for a follow up phone call knowing that you are diligent in protecting the bottom line. Don’t just ask the administrative assistant if the CEO is on travel as purported, ask for direct contact and specific confirmation before authorizing and electronic transfer.
- Don't ever click on a link inside of an e-mail unless you know exactly where it is going. Mouse-over the link (aka ‘hover for cover’) to see if it's a legitimate link and that it does not redirect you to a malicious site.
- If you get an e-mail from a source you are unsure of don’t click- navigate to the provided link manually using your browser.
- Lookout for the digital certificate of a website.
- If you are asked to provide sensitive information, check that the URL of the page starts with “HTTPS” instead of just “HTTP.” The “S” stands for “secure.” It's NOT a guarantee that a site is legitimate, but most legitimate sites use HTTPS because it's more secure. HTTP sites, even legitimate ones, are vulnerable to hackers.
- If you suspect an e-mail isn't legitimate, take a name, subject line of the email or some text from the message and put it into a search engine to see if any known phishing attacks exist using the same methods.
- Keep your anti-malware security software up to date and automatically allow operating system updates as most are predicated on a security reason and not just for the often reported cool new functionality.
Tips provided in part by Malwarebytes at https://www.malwarebytes.com/phishing with minor additions/edits.Tips provided in part by Malwarebytes at https://www.malwarebytes.com/phishing with minor additions/edits.
Back-to-School Cyber Safety
Many students bring mobile devices, such as smart phones, tablets, and laptops to school. Although these devices can help students with their schoolwork and stay in touch with family and friends, there are risks associated with using them. However, there are simple steps that can help keep students stay safe while using their mobile devices and getting online.
The National Cybersecurity and Communications Integration Center (NCCIC) suggests reviewing the following tips and resources for information to keep students cyber safe:
- Keeping Children Safe Online
- Rethink Cyber Safety Rules and the “Tech Talk” with Your Teens
- Building a Digital Defense for School Kids and Cell Phone Safety
- Stop.Think.Connect. Toolkit
- Stay Safe Online
- Concerned Parent’s Internet Safety Toolbox
https://www.us-cert.gov/ncas/current-activity/2018/08/10/Back-School-Cyber-Safety
Simple Steps to Protect Yourself on Public Wi-Fi
David Nield for WIRED 08.05.18
(Excerpts) A public Wi-Fi network is inherently less secure than your personal, private one, because you don't know who set it up, or who else is connecting to it. Ideally, you wouldn't ever have to use it; better to use your smartphone as a hotspot instead. But for the times that's not practical or even possible, you can still limit the potential damage from public Wi-Fi with a few simple steps.
Know Who To Trust
No public Wi-Fi network is absolutely secure—that depends as much on who's on it with you as who provides it—but in terms of relative safety, known quantities generally beat out that random public Wi-Fi network that pops up on your phone in a shopping mall, or a network operated by a third party that you've never heard of. These may well be legit, but if any passerby can hook up for free, what's the benefit for the people running the network? How are they making money? There's no hard or fast rule to apply, but using a bit of common sense doesn't hurt. If you can, stick to as few public Wi-Fi networks as possible. In a new city, connect to Wi-Fi in a store or coffee shop you've used before, for example. The more networks you sign up to, the more likely the chances that you'll stumble across one that isn't treating your data and browsing as carefully as it should be.
Stick With HTTPS
As of a couple of weeks ago, Google Chrome lets you know when the site you're visiting uses an unencrypted HTTP connection rather than an encrypted HTTPS encryption by labeling the former "Not Secure." Heed that warning, especially on public Wi-Fi. When you browse over HTTPS, people on the same Wi-Fi network as you can't snoop on the data that travels between you and the server of the website you're connecting to. Over HTTP? It's relatively easy for them to watch what you're doing.
Don't Give Away Too Much Info
Be very wary of signing up for public Wi-Fi access if you're getting asked for a bunch of personal details, like your email address or your phone number. If you absolutely have to connect to networks like this, stick to places you trust (see above) and consider using an alternative email address that isn't your primary one. Stores and restaurants that do this want to be able to recognize you across multiple Wi-Fi hotspots and tailor their marketing accordingly, so it's up to you to decide whether the trade-off is worth it for some free internet access.
Limit AirDrop and File Sharing
When you're on a public network around strangers, you'll want to cut off the features that enable frictionless file sharing on your devices. On a PC, that means going to Network and Sharing Center, then Change advanced sharing settings, then Turn off file and printer sharing. For Macs, go to System Preferences, then Sharing, and unselect everything. Then head to Finder, click on AirDrop, and select Allow me to be discovered by: No One. For iOS, just find AirDrop in the Control Center and turn it off. And voila!. No one nearby can grab your files, or send you one you don't want.
Use a VPN
By far the most effective trick for staying safe on public Wi-Fi is to install a VPN or Virtual Private Network client on your devices. It encrypts data traveling to and from your laptop or phone, and hooks you up to a secure server—essentially making it harder for other people on the network, or whoever is operating the network, to see what you're doing or grab your details. We've written here about some of the ways to choose a good VPN, as not all VPNs are created equal, and some are downright dodgy. It's definitely worth paying for a service, as free solutions are more likely to be financed by some suspect marketing or data collection practices that it's best to steer clear of. Independent review sites like The Wirecutter and That One Privacy Site can help here. Actually connecting to a VPN is usually straightforward, and once you've downloaded the client for your provider of choice, it will take you step-by-step through the process, whether you're on mobile or the desktop. If you move around a lot, and connect to a lot of different networks, a good VPN is well worth investing in.
Bonus Tips
In the next few years, as the next-generation WPA3 Wi-Fi security protocol comes online, public Wi-Fi will have more built-in protections. Until then, many security exploits rely on old, outdated software, so make sure you're running all the latest patches and software updates on your laptop or phone before venturing out. Also, don't download or install anything new over public Wi-Fi unless you absolutely have to. And again, best way to avoid running into security problems due to public Wi-Fi is not to use it at all—think about downloading videos and music for offline access before you leave home, for instance, or using your smartphone's hotspot function instead. If you are going to get connected though, the steps mentioned above should maximize your chances of staying out of trouble.
https://www.wired.com/story/public-wifi-safety-tips/?wpisrc=nl_cybersecurity202&wpmm=1
Online Resources
Expert tips on how to protect your personal information online
https://www.consumer.ftc.gov/articles/0272-how-keep-your-personal-information-secure
10 Tips to Stay Cyber Safe While Travelling
http://www.welivesecurity.com/2016/06/29/stay-cyber-safe-road-10-tips-summer-season/
Information and photos to assist users in detecting ATM skimmers, gas pump skimmers and other related fraud devices.
http://krebsonsecurity.com/all-about-skimmers/
Three Ways to Thwart Hackers' Attempts at Persuasion
4 Ways to Protect Against the Very Real Threat of Ransomware
https://www.wired.com/2016/05/4-ways-protect-ransomware-youre-target/
A Proactive Approach To Incident Response: 7 Benefits
Cybersecurity 101: What the Average Business User Can Do
How to Protect Yourself from Macro-based Malware
http://thehackernews.com/2016/03/macro-malware-protection.html
My anti-virus is up to date so I am protected, right?
https://nakedsecurity.sophos.com/2016/05/16/my-anti-virus-is-up-to-date-so-i-am-protected-right/
7 common cyber security myths debunked
http://www.itproportal.com/2016/05/26/7-common-cyber-security-myths-debunked/
Cybersecurity basics and best practices for small businesses
https://www.ftc.gov/tips-advice/business-center/small-businesses/cybersecurity
5 Email Security Tips to Combat Macro-Enabled Ransomware
Cybercriminals are increasingly looking to macro variants, leaving organizations to defend against advanced tactics like macro-based malware attacks any way they can.
Email clients and web browsers top the list of applications used to trigger the ransomware payload. It’s critical that organizations get a handle on their email traffic if they are going to protect against phishing and spearphishing attacks. The big problem, however, is that the ransomware threat extends well beyond the email traffic itself to encompass any file with macros – that is, embedded scripts that contain programming code.
Here are five recommendations designed to help stop weaponized attachments and macro-enabled malware delivered via email
1. Disable Macros
2. Use only essential applications
3. Enable email attachment sandboxing
4. Neutralize active code at the gateway
5. Train and educate your workforce
For more information on the five recomendations above clink the link below:
10 Important Cyber Security Tips for Small Business Owners
By Ahmad Hamidi March 10, 2017 in isBuzznews
(Excerpts) Small businesses are generally not well secured due to being labeled as small businesses, but their security threats are not necessarily small. On any given day, they can fell to the hacking, malware, ransomware and data breaches due to their cheap and dated protection. But with the few steps, you can avoid such cyber security risks. If you think that your small business is not vulnerable to cybercrimes like big corporations, you need to think again. 43 % of cyber-attacks target the small businesses!
Here are simple yet efficient cyber security tips for the small business owners to minimize the risks of hacking, malware, and ransomware.
Use Strong Passwords:
You must use strong passwords composed of numerals, alphabets and characters. If your passwords are strong, it is a tough job for someone to crack it. Encourage your employees and users to create strong passwords.
Minimize the Number of Password Attempts:
A hacker will try all of the passwords randomly till they successfully open up your account. It means that your account is not safe even with a 6 digit pin creating a million unique possibilities.
Remember, a password cracking software can guess your codes in minutes. So, you must limit the number of attempts at all stages of your authentication process. This point is as useful as creating strong password for your system.
Choose Your Password Manager Software Wisely:
Password manager tool creates strong passwords and remembers them for you. This is why many businesses prefer using password manager software. If you are considering the same, you have to think many times because of the various concerns. For example, your all passwords are stored in its database, meaning a hacker can get all if he goes for just one.
Prefer On-Screen Keyboard to Feed Sensitive Information:
Nowadays, hackers are so sophisticated that they can record your keystrokes with the help of keylogging software, especially when you are using shared networks. What you can do to avoid your information leaking to other ends is that by using virtual or on screen keyboard, keylogging software can’t keep the track of the on screen keyboard being operating with the mouse clicks.
Be Careful About Backups:
What about your data backup? While data backups are essential to effective security, mismanagement and mishandling of backups can make them vulnerable to the theft. For example, if you choose cloud storage, your data is stored at remote location. Any negligence means that someone can gain access to your data easily. Therefore, you must encrypt and password-protect your documents before storing them on the cloud or remote server. You must go extra mile to encrypt your sensitive data. In this way, you can have a peace of mind knowing that you have an extra layer of protection for the remotely secured documents.
Educate Employees About Cyber Security
When security breaches are more common than you think, it is good to educate your employees about cyber security before you have any breach. Here are the few strategies to keep in mind to train your employees in cyber security:
•Train everyone—from top to the bottom
•Conduct seminars frequently
•Tell them how to recognize the attack
•Regularly test your employee’s IT security knowledge
•Make clear your policies about hacking, data breaching and use of devices in your organization.
•Identify the inside threat in your company
Avoid Storing the Customer’s CVV Number
Getting the customer’s card details, with customer’s consent, can help you make the future checkouts convenient. On the flip side, this practice makes your customers data exposed to the hackers.
Control Physical Access to Systems and Network Components:
Don’t permit outsider or unauthorized person to use your system. If it is required, in the case of technician from another firm, provide them the general PC or have someone to supervise them during the tasks. Lock your computer up after leaving them and insist your staff to do so. Apart from that, you have to monitor the personal devices of the employees.
Update Your Software Regularly:
Never ignore the pop up messages on your screen which remind you about upgrading your software. Allowing software updates is one of the most important things you can do with your computer security. If you don’t, your computer is vulnerable to malware and hacking. Software vendors release software updates to address the security risks in their existing products that could be exposed to the hackers anytime. They generally contain vulnerabilities fixes and product enhancement.
Secure Your Networks:
Make sure your Wi-Fi network is hidden and secure to avoid the unauthorized access. And here are the ways to do that:
•Hide your Service Set Identifier available in wireless access point and router.
•Encrypt your wireless access point
•Disable access from the outside network
•Scan your network regularly
Additional Resources
Cyber Smarts Cybersecurity Awareness Program for Middle and High School Students
What is Cyber Smarts?
Students helping students to stay safe while:
• Gaming
• Using Social Media
• Sending Texts and Emails
• Downloading from the Web
• Shopping on the Internet
Why Cyber Smarts?
• Online predators are savvy and troll the Web
• Online shopping is not without risk
• Cyber bullying has real world implications
• What you post on the web never goes away
download_cyber_smarts_brochure_for_middle_and_high_school_students.pdf
To bring the Cyber Smarts program to your community please contact Brian Pires at
(401) 714-4284
Federal Trade Commission (FTC) Video Data Breach Response
https://www.ftc.gov/news-events/audio-video/video/data-breach-response
TC Video The NIST Cybersecurity Framework and the FTC
https://www.ftc.gov/news-events/audio-video/video/nist-cybersecurity-framework-ftc
Stop.Think.Connect.
Cybersecurity is a shared responsibility. Please find resources and tips so we can each do our part to keep the Internet safe.
https://www.dhs.gov/stopthinkconnect
Top 20 Critical Security Controls for Effective Cyber Defense
With data breaches increasing, more than ever organizations have to ensure that they have all necessary security controls in place to keep their data safe. As a response to growing security threats, the SANS Institute, together with the Center for Internet Security (CIS) and other organizations, developed the 20 Critical Security Controls (CSC) for Effective Cyber Defense. The CIS CSC provides IT pros with a prioritized, focused set of actions to help them stop some of the most dangerous cyber-attacks.
#1. Inventory of Authorized and Unauthorized Devices.
Organizations must actively manage all the hardware devices on the network, so that only authorized devices are given access and unauthorized devices can be quickly identified and disconnected before they inflict any harm.
Why is this critical? Attackers are continuously scanning the address space of organizations, waiting for new and unprotected systems to be attached to the network. This control is especially critical for organizations that allow BYOD, since hackers are specifically looking for devices that come and go off of the enterprise’s network.
#2. Inventory of Authorized and Unauthorized Software.
Organizations must actively manage all software on the network, so only authorized software is installed. Security measures like application whitelisting can enable organizations to quickly find unauthorized software before it has been installed.
Why is this critical? Attackers look for vulnerable versions of software that can be remotely exploited. They can distribute hostile web pages, media files and other content, or use zero-day exploits that take advantage of unknown vulnerabilities. Therefore, proper knowledge of what software has been deployed in your organization is essential for data security and privacy.
#3. Secure Configurations for Hardware and Software.
Companies need to establish, implement and manage the security configuration of laptops, servers and workstations. Companies have to follow strict configuration management and implement change control processes to prevent attackers from exploiting vulnerable services and settings.
Why is this critical? Manufacturers and resellers design the default configurations of operating systems and applications for ease of deployment and use, not strong security. Open services and ports, as well as default accounts or passwords, can be exploitable in their default state, so companies have to develop configuration settings with good security properties.
#4. Continuous Vulnerability Assessment and Remediation.
Organizations need to continuously acquire, assess and take action on new information (e.g.,software updates, patches, security advisories and threat bulletins) to identify and remediate vulnerabilities attackers could otherwise use to penetrate their networks.
Why is this critical? As soon as researchers report new vulnerabilities, a race starts among all relevant parties: Culprits strive to use the vulnerability for an attack, vendors deploy patches or updates, and defenders start performing risk assessments or regression testing. Attackers have access to the same information everyone else, and can take advantage of gaps between the appearance of new knowledge and remediation.
#5. Controlled Use of Administrative Privileges.
This control requires companies to use automated tools to monitor user behavior and keep track of how administrative privileges are assigned and used in order to prevent unauthorized access to critical systems.
Why is this critical? The misuse of administrative privileges is a primary method for attackers to spread inside an enterprise. To gain administrative credentials, they can use phishing techniques, crack or guess the password for an administrative user, or elevate the privileges of a normal user account into an administrative account. If organizations do not have resources to monitor what’s going on in their IT environments, it is easier for attackers to gain full control of their systems.
#6. Maintenance, Monitoring, and Analysis of Audit Logs.
Organizations need to collect, manage and analyze event logs to detect aberrant activities and investigate security incidents.
Why is this critical? Lack of security logging and analysis enables attackers to hide their location and activities in the network. Even if the victim organization knows which systems have been compromised, without complete logging records, it will be difficult for them to understand what an attacker has done so far and respond effectively to the security incident.
#7. Email and Web Browser Protections.
Organizations need to ensure that only fully supported web browsers and email clients are used in the organization in order to minimize their attack surface.
Why is this critical? Web browsers and email clients are very common points of entry for hackers because of their high technical complexity and flexibility. They can create content and spoof users into taking actions that can introduce malicious code and lead to loss of valuable data.
#8. Malware Defenses.
Organizations need to make sure they can control the installation and execution of malicious code at multiple points in the enterprise. This control recommends using automated tools to continuously monitor workstations, servers and mobile devices with anti-virus, anti-spyware, personal firewalls and host-based IPS functionality.
Why is this critical? Modern malware can be fast-moving and fast-changing, and it can enter through any number of points. Therefore, malware defenses must be able to operate in this dynamic environment through large-scale automation, updating and integration with processes like incident response.
#9. Limitation and Control of Network Ports, Protocols, and Services.
Organizations must track and manage the use of ports, protocols and services on network devices to minimize the windows of vulnerability available to attackers.
Why is this critical? Attackers search for remotely accessible network services that are vulnerable for exploitation. Common examples include poorly configured web servers, mail servers, and file and print services, as well as domain name system (DNS) servers that are installed by default on a variety of devices. Therefore, it is critical to make sure that only ports, protocols, and services with a validated business need are running on each system.
#10. Data Recovery Capability.
Companies need to ensure that critical systems and data are properly backed up on at least a weekly basis. They also need to have a proven methodology for timely data recovery.
Why is this critical? Attackers often make significant changes to data, configurations and software. Without reliable backup and recovery, it is difficult for organizations to recover from an attack.
#11. Secure Configurations for Network Devices.
Organizations must establish, implement and actively manage the security configuration of network infrastructure devices, such as routers, firewalls and switches.
Why is this critical? Just as with operating systems and applications (see Critical Security Control 3), the default configurations for network infrastructure devices are geared for ease of deployment, not security. In addition, network devices often become less securely configured over time. Attackers exploit these configuration flaws to gain access to networks or use a compromised machine to pose as a trusted system.
#12. Boundary Defense.
Organizations need to detect and correct the flow of information between networks of different trust levels, with a focus on data that could damage security. The best defense is technologies that provide deep visibility and control over data flow across the environment, such as intrusion detection and intrusion prevention systems.
Why is this critical? Culprits often use configuration and architectural weaknesses on perimeter systems, network devices and internet-accessing client machines to gain initial access into an organization’s network.
#13. Data Protection.
Organizations must use appropriate processes and tools to mitigate the risk of data exfiltration and ensure the integrity of sensitive information. Data protection is best achieved through the combination of encryption, integrity protection and data loss prevention techniques.
Why is this critical? While many data leaks are deliberate theft, other instances of data loss or damage are the result of poor security practices or human errors. To minimize these risks, organizations need to implement solutions that can help detect data exfiltration and mitigate the effects of data compromise.
#14. Controlled Access Based on the Need to Know.
Organizations need to be able to track, control and secure access to their critical assets, and easily determine which people, computers or applications have a right to access these assets.
Why is this critical? Some organizations do not carefully identify and separate their most critical assets from less sensitive data, and users have access to more sensitive data than they need to do their jobs. As a result, it is easier for a malicious insider — or an attacker or malware that takes over their account — to steal important information or disrupt operations.
#15. Wireless Access Control.
Organizations need to have processes and tools in place to track and control the use of wireless local area networks (LANs), access points and wireless client systems. They need to conduct network vulnerability scanning tools and ensure that all wireless devices connected to the network match an authorized configuration and security profile.
Why is this critical? Wireless devices are a convenient vector for attackers to maintain long-term access into the IT environment, since they do not require direct physical connection. For example, wireless clients used by employees as they travel are infected on a regular basis and later used as back doors when they are reconnected to the organization’s network.
#16. Account Monitoring and Control.
It is critical for organizations to actively manage the lifecycle of user accounts (creation, use and deletion) to minimize opportunities for attackers to leverage them. All system accounts need to be regularly reviewed, and accounts of former contractors and employees should be disabled as soon as the person leaves the company.
Why is this critical? Attackers frequently exploit inactive user accounts to gain legitimate access to an organization’s systems and data, which makes detection of the attack more difficult.
#17. Security Skills Assessment and Appropriate Training to Fill Gaps.
Organizations have to identify the specific knowledge and skills they need to strengthen security. This requires developing and executing a plan to identify gaps and fix them through policy, planning and training programs.
Why is this critical? It is tempting to think of cyber defense as primarily a technical challenge. However, employee actions are also critical to the success of a security program. Attackers often use the human factor to plan exploitations, for example, by carefully crafting phishing messages that look like normal emails, or working within the time window of patching or log review.
#18. Application Software Security.
Organizations must manage the security lifecycle of all software they use in order to detect and correct security weaknesses. In particular, they must regularly check that they use only the most current versions of each application and that all the relevant patches are installed promptly.
Why is this critical? Attackers often take advantage of vulnerabilities in web-based applications and other software. They can inject specific exploits, including buffer overflows, SQL injection attacks, cross-site scripting and click-jacking of code, to gain control over vulnerable machines.
#19. Incident Response and Management.
Organizations need to develop and implement proper incident response, which includes plans, defined roles, training, management oversight and other measures that will help them discover attacks and contain damage more effectively.
Why is this critical? Security incidents are now a normal part of our daily life. Even large and well-funded enterprises struggle to keep up with the evolving cyber threat landscape. Sadly, in most cases, the chance of a successful cyber-attack is not “if” but “when.” Without an incident response plan, an organization may not discover an attack until it inflicts serious harm, or be able to eradicate the attacker’s presence and restore the integrity of the network and systems.
#20. Penetration Tests and Red Team Exercises.
The final control requires organizations to assess the overall strength of their defenses (the technology, the processes and the people) by conducting regular external and internal penetration tests. This will enable them to identify vulnerabilities and attack vectors that can be used to exploit systems.
Why is this critical? Attackers can exploit the gap between good defensive intentions and their implementation, such as the time window between the announcement of a vulnerability, the availability of a vendor patch and patch installation. In a complex environment where technology is constantly evolving, organizations should periodically test their defenses to identify gaps and fix them before an attack occurs.