In the aftermath of Covid 19 more & more organisations have adopted online strategies & digitalization of businesses for reaching out to their ecosystem i.e. customers, vendors, employees, partners, governments & more. Such an ever–expanding digital transformation attracts ever–evolving cyber–attacks & threat parameters in the digital world.
Cyber security, therefore, has evolved from just complying to a security framework to proactively cyber defending the advanced end points, infrastructure, network & applications that are running today’s corporations. To enhance business continuity and not just to ensure it, it is important to identify vulnerabilities, mitigate risks, protect critical systems and sensitive information from digital attacks irrespective of whether these originate internally or externally.
System vulnerabilities can be tackled with multi-pronged approach. Asset should be placed based on criticality. Administrator privileges should be regularly revisited. All software should be patched regularly. Real-time threat intelligence should be monitored closely. There should be a calendar for running vulnerability scans. False positives & false negatives should be identification & eliminated. Of these two, prioritise false negatives over false positives. It would be good to stay focused on software hardening & network hardening. Stick to basics – update password policies and use two factor authentication. If you are a software development organisation, or you are developing software for internal / vendor / customer use ensure that the software so developed is based on secure practice.
Proactive response strategy means what we do before an attack. The underlying philosophy here to focus on prevention, rather than response. This can be achieved by investing in & maintaining a strong defensive posture. One way of achieving this is red teaming. Furthermore, simple things such as educating employees about cyber hygiene and regularly verifying and authorizing every device, app and user can be very helpful in preventing attacks. Another important component of proactive strategy is to use tools that create insights into what’s happening on our networks and respond automatically, in other words, automate threat / attack response intelligence.
Since it is the CMDB where an organization’s information about hardware and software assets and their relationships is stored, and it is the CMDB that explains the dependencies between IT assets in a set-up, the starting point to securing our hardware and software assets is to have an active & accurately updated CMDB. This coupled with continuous scanning of the assets followed by quick remediation wherever needed tracked through ITSM integration goes a long way in securing IT assets.