#NSBCS.042 - Cyber Security Preparedness: A necessity, Not a luxury
Source: NSB Cyber
Cyber Security Preparedness: A Necessity, Not a Luxury
In today's digital age, where businesses rely heavily on technology for their operations, cybersecurity has become an indispensable component of their success. The interconnectedness of the modern business world has made organisations increasingly vulnerable to cyber threats, ranging from data breaches and ransomware attacks to supply chain disruptions and reputational damage.
A well-prepared cybersecurity strategy not only protects sensitive data but also safeguards an organisation's reputation, financial stability, and overall business continuity. By prioritising cybersecurity, businesses can mitigate the risks associated with cyberattacks and ensure their long-term success.
To ensure adequate protection, organisations should prioritise the following key areas:
Risk Assessment and Management
Identifying and assessing potential cyber threats is crucial for developing effective security measures. Organisations should conduct a thorough assessment to identify potential threats, evaluate each threat's likelihood and potential impact, and develop appropriate mitigation strategies.
Organisations should subscribe to threat intelligence feeds, attend industry conferences, and follow cybersecurity news to stay informed about emerging threats and trends. Additionally, regular vulnerability assessments can help identify weaknesses in systems and applications. By prioritising risks based on their likelihood and potential impact, organisations can focus on the most critical threats.
Security Policies and Procedures
Clear and concise security policies and procedures provide a framework for guiding employee behaviour and ensuring consistent security practices. Organisations should develop comprehensive policies that outline their commitment to cybersecurity, define employees' roles and responsibilities, and establish data handling, password management, and incident reporting guidelines.
Creating detailed procedures for common security tasks, such as password management, data handling, and incident reporting, can help ensure employees follow best practices. Regular review and updates of policies and procedures are essential to reflect changes in the threat landscape and industry best practices.
User Education and Awareness
Educating employees about cybersecurity best practices is essential for preventing and mitigating attacks. Organisations should provide comprehensive training to employees on cybersecurity topics, including phishing awareness, password security, data handling, and social engineering tactics.
Fostering a security-conscious culture is crucial. Organisations should promote employee awareness of cybersecurity risks and encourage them to report suspicious activity. Regular phishing simulations can also help test employees' ability to recognise and avoid phishing attempts.
Technical Controls
Appropriate security technologies are essential for protecting an organisation's network and data. Organisations should deploy security measures such as firewalls, intrusion detection systems, intrusion prevention systems, and encryption.
Keeping systems and software up to date with the latest security patches and updates is critical to addressing vulnerabilities. Additionally, continuous monitoring of network traffic for suspicious activity and potential threats is essential. Implementing strong access controls, such as multi-factor authentication and role-based access control, can help prevent unauthorised access to systems and data.
Incident Response Planning
A well-defined incident response plan outlines the steps to be taken in the event of a cyberattack. Organisations should clearly define the roles and responsibilities of different teams and individuals involved in incident response, establish effective communication channels, develop escalation procedures, and conduct regular drills to simulate cyberattacks and test incident response procedures.
Having a plan and playbooks for containing the spread of an attack and recovering systems and data is essential. A robust incident response plan can help organisations minimise the impact of a cyberattack and recover quickly.
Tabletop exercises provide a safe environment for organisations to practice their incident response procedures. Organisations can identify weaknesses, improve coordination, and train staff by simulating various cyberattack scenarios.
Business Continuity and Disaster Recovery
A business continuity and disaster recovery plan ensures that an organisation can continue to operate in the event of a disruption, such as a cyberattack. Organisations should develop a comprehensive plan outlining the steps to maintain critical business functions, identify critical business processes and resources, develop backup and recovery procedures, and test the plan regularly.
A plan for relocating operations to a secondary site in case of a major disaster can help ensure business continuity. Regular testing of the plan can help identify weaknesses and ensure its effectiveness.
Third-Party Risk Management
Many organisations rely on third-party vendors and suppliers, which can introduce additional risks. Organisations should evaluate the cybersecurity practices of third-party vendors, require vendors to sign contracts outlining their security obligations, and conduct regular audits of vendor security practices.
Implementing a vendor risk management program can help organisations assess and manage risks associated with third-party relationships. By carefully managing third-party risks, organisations can reduce their overall exposure to cyber threats.
Organisations can significantly reduce their risk of falling victim to cyberattacks and protect their valuable assets by prioritising these key areas and implementing effective cybersecurity measures. Cybersecurity is not just a compliance requirement; it's a strategic investment that can safeguard an organisation's future.
For information on NSB Cyber’s Cyber Resilience capabilities or to book a meeting with our team, click here.
What we read this week
North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams - North Korean threat actors are using LinkedIn job scams to deploy COVERTCATCH malware targeting developers, particularly in the Web3 sector. The attack involves sending fake coding tests that contain the malware disguised as a Python challenge. Once executed, it compromises macOS systems by installing a secondary payload to maintain persistence. The campaign is part of broader operations like "Operation Dream Job," which use recruitment lures to distribute malware such as RustBucket. These tactics aim to infiltrate cryptocurrency organisations and conduct cyber heists to generate illicit income for North Korea.
Google Introduces ‘Air-Gapped’ Backup Vault to Thwart Ransomware - Google has introduced an "air-gapped" Backup Vault feature to protect enterprise data from ransomware attacks. The new solution offers an isolated storage environment that prevents backup data from being modified or deleted by attackers, even if they have compromised the primary network. Backup Vault integrates with Google Cloud's security tools and includes features like immutable storage, automated recovery, and centralised management. It aims to help businesses ensure data resilience and compliance with regulatory requirements.
Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows Flaws - Microsoft's September 2024 Patch Tuesday update addresses 79 vulnerabilities, including seven which are rated critical and three actively being exploited flaws in Windows. These vulnerabilities include elevation of privilege, security feature bypass, and remote code execution exploits. Critical issues like CVE-2024-43491 (remote code execution vulnerability) have been highlighted due to similarities with previous downgrade attacks and the rollback of security fixes for some Windows 10 components. Users are urged to install the latest security updates and servicing stack updates to mitigate these risks.
Chinese Hackers Linked to Cybercrime Syndicate Arrested in Singapore - Seven individuals have been arrested in Singapore for their involvement in cybercrime linked to a global syndicate. Authorities seized electronic devices, stolen personal data, and credentials for hacker-controlled servers. The operation involved 160 officers from various Singaporean law enforcement and security agencies. PlugX, a remote access trojan often used in cyber espionage by Chinese state-sponsored groups, was among the tools discovered. The investigation is ongoing, with significant cash and cryptocurrency also confiscated from the suspects.
CISA says SonicWall Bug Being Exploited as Experts Warn of Ransomware Gang Use - The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a critical vulnerability (CVE-2024-40766) affecting SonicWall devices by the end of the month. This vulnerability, actively exploited by attackers, allows unauthorised access and can crash the firewall. Researchers have observed ransomware groups, like the Akira gang, exploiting the flaw as an initial access vector for attacks. SonicWall released patches and advised limiting device access if patches cannot be applied immediately. The bug has a severity score of 9.3 out of 10.
References
https://thehackernews.com/2024/09/north-korean-threat-actors-deploy.html
https://www.securityweek.com/google-introduces-air-gapped-backup-vault-to-thwart-ransomware/
https://thehackernews.com/2024/09/microsoft-issues-patches-for-79-flaws.html
https://www.bleepingcomputer.com/news/legal/chinese-hackers-linked-to-PlugX-malware-arrested-in-singapore/
https://therecord.media/cisa-orders-patching-of-sonicwall-bug-ransomware