How to Score First in Cyber Security

Guest blog written by Alexander Lewis, Principal Security Consultant and Blogger at Softcat. 

When sound advice on cyber security comes from the dugout

Football managers are full of wisdom. ‘Take one game at a time’; ‘We have to focus on the fundamentals’ or ‘keep playing on the front foot’, highlighting the need to continuously out manoeuvre your opponent.

The last truism strikes me as relevant in our own world of IT and works as a guiding principle in cyber security. Quite literally, we’re in a battle against the cybercriminals, which are developing new tactics all the time to gain the upper hand.

Cyber threats are increasing, we know this, and I have no doubt you are fed up with hearing it. The threat actors are continuing to disrupt our lives and capitalise on the unstoppable digitisation of the world. No-one needs reminding of the damage they cause.

It all seems to be terrible and frightening stuff, though I’m not sure that screaming headlines do a good job at giving us the full picture. Nor do they help create the right mindset to tackle cybercrime. Instead, they just serve to scare us to bits.

Even more on your plate

Our work against the cybercriminals has become harder. The pandemic has normalised the idea of working-from-anywhere, and we all know what that means. People will boot up their laptops wherever they happen to be, connect to the internet, open their emails and generally start working with minimal thought of cyber security. They possibly lack the training and don’t necessarily know how to protect themselves, or expect the security to be provisioned for them, either by their organisation or by the network connection provider. Regardless, it all means the onus is still very much on the IT team to be the guardians and keep the threat actors at bay.

A viable solution

The good news is that it doesn’t always require a top-to-bottom overhaul to strengthen your defences. Simply by orienting yourselves so that if/when an attack does get through, you can take effective action, makes a massive difference.

I know for a fact that some organisations still don’t do the incidence response planning that really matters, and so compromises are invariably handled in an unstructured and thereby unsuccessful way. Worse still, some organisations have the plans in place, but don’t stress-test them, only to discover the weaknesses in a live situation.

Strengthening your defences

Assuming we’re starting from scratch, it’s crucial to have a clear view of your current security posture – good and bad. Identify where the strengths and weaknesses are, and the all-important gaps. This gives you a baseline from which to build.

I suggest not only to have a tried-and-test reactive plan in place, but to develop a proactive plan as well, which I’ve written about previously in an article called Is prevention better than cure?  on FLUENT, Softcat’s own channel for insight. To summarise the key steps:

  1. Prevent what is common:

Every organisation should be looking to prevent the everyday, common or garden-variety attacks. Phishing, ransomware, and social engineering attacks come under this heading, are generally large volume, and are more ‘try my luck’ style attacks than anything else. This should be the first step in your maturity process.

  1. Prevent what is likely:

These are likely, high-risk attack scenarios that you face because of your industry, geographical location, media coverage, type of organisation and so on. They can, and sometimes do, cross over with common attack scenarios, but that doesn’t have to be the case. These attacks are often more targeted, more persistent, and can sometimes be executed with greater sophistication, so expect these to be more mature in nature.

  1. Prevent any complacency:

Resist the temptation to ever think you’ve cracked it. Cyber threats are evolving fast, so what is ‘common’ and ‘likely’ today could change tomorrow. Review your posture on a regular basis and avoid being caught out.

I also covered how education is a vital line of defence that we can use to protect ourselves. Raising awareness through formal sessions on things such spotting phishing attempts can be priceless. Also, pinning up notices in communal areas like kitchens or breakout spaces gently reminding people how important it is to stay alert can be a big help.

Help and guidance from experts

I know it’s not easy with the number and sophistication of threats increasing, and cybersecurity being one topic on a long to-do list. Yet the methodology I’m proposing really will help.

The guidance is based on the cyber security expertise we’ve developed at Softcat, which operates the largest partner network across the UK and Ireland and works with all the key security providers.

We strive to work with our customers in such a way that directly benefits them, be they small businesses or large enterprises. In every case, we first understand a customer’s particular security needs to create bespoke solutions.

We can also deploy our range of predetermined services rapidly to help customers move their security posture forward, including baseline, vulnerability and breach assessments, incident response services, governance and risk management, and managed services.

It’s unlikely that you’ll hear us quoting football managers during an engagement, although I hope you’ll agree some of the guidance I’ve shared can stand us all in good stead. And ‘keep playing on the front foot’ is always worth bearing in mind in an ever-changing world.

If you would like further advice, or to know more about how Softcat can help with your cyber security solutions, please get in touch via [email protected].