Choice aid for cyber-security measures – part 1

By 28 January 2021 Blog, CERT, SOC, Tesorion Immunity

To many people, making choices is a stressful moment. Ranging from what am I going to eat, what am I going to wear today, and how do I keep my budget under control to the more far-reaching choice how do I keep my organisation secure. To assist you in making choices in the area of cyber-security, we will offer you some handles in a series of three blogs.

It is not new that you need to take action to keep your organisation cyber-secure. But what action do you take? With some assistance of your favourite search engine, you run into fantastic abbreviations of which the one sounds even flashier than the other. But do you need a SOC, NGFW, SIEM, SASE, WAF, EDR, or something else? There is a sea, perhaps even an ocean, of options, but which one is the best?

The question ‘What solution is best in your situation, in line with your business in this phase’ will (unfortunately) not be answered in this article. We do, however, give you handles to assist you in determining the right direction.

In advance: Whatever direction you choose, 100% security does not exist. This means that it is wise to think about this in advance. Hence, if it does go wrong, then make sure you have something to fall back on to recover your business operations, like a CERT.

Level 1: the minimum requirements

To keep this transparent, we have defined three levels. Level one describes the minimum requirements. The things we depart from in the other levels also assume that this has actually been set up. It is all but higher mathematics; it is more a matter of common sense. These measures have the objective of not letting your business operations run an unnecessary risk.

Systems and software
To protect your organisation against attacks from the internet you have probably already set up a firewall. This ensures that only the systems that must connect to the internet can do so. Where possible, you limit the said access to what is strictly required. A camera system must, for instance, connect to a video management system to be able to save the recordings. There is no need whatsoever for the said camera to be able to connect to regular websites like nu.nl.

However, threats can also arise from clients. Examples of these threats include infected flash drives, downloads or even download programs that contain malware (do you still remember Kazaa?) and drive-by-downloads. To protect the equipment of your employees, you consequently need an end-point protection solution that at least acts as a regular anti-virus program.

Besides running patches, it’s also a good idea to carry out structural checks on your existing security measures. See it as a kind of MOT, in which you check that everything is working as it should be. Because selecting, implementing, and administering cyber security measures can be complex, it’s definitely worth considering whether you want to do this yourself or look for a party to assist you.

Employees
Email is still the most commonly used attack vector. It’s the easiest way to penetrate your security systems, because nowadays every employee regards email almost as a primary necessity. Malicious emails are designed to mislead your employees. You can intercept emails that are not directed to any particular recipient with a spam filter, but ‘professional’ phishing emails are able to avoid this. It’s therefore important that you keep your employees well informed. They’ll then know what to do when they receive a suspect email or if, for whatever reason, they click on the links in such emails. If you’d like to help your employees recognise malicious email, there are free resources available for raising awareness or for informing your employees that external emails entail a higher threat level.

Level 1 is all about designing systems and processes, and creating cyber security awareness among employees. Using these measures, you can empower your employees, protect their work environments, and ensure that access to your company network is restricted to what is necessary.

We’ll dig deeper into the subject in the second blog in this series. We’ll examine a number of basic measures that organisations can consider to achieve a higher degree of cyber security.

The powerful combination of Tesorion Immunity

How does it work?

More information
Tesorion Immunity context