Cybersecurity isn’t something that can be approached with a “set it and forget it” attitude. Unfortunately, too many companies get bogged down with their daily operations and lose sight of their overall security posture, leaving themselves vulnerable.
Just like in any other role, it can be easy for cybersecurity professionals to fall into the same comfortable and predictable patterns and rhythms of the day. And even in the face of daunting headlines about recent cyberattacks, it can be just as tempting to believe that it couldn’t happen to you.
Flanked by security products and threat intelligence reports, security teams are often lulled into a false sense of security.
Unfortunately, this complacency can be many organizations’ greatest vulnerability.
This is because today’s cyberthreats require a forward-leaning security posture, in which potential risks are constantly evaluated, anticipated, and preemptively addressed. However, this can be far easier said than done.
This is why the Logically team wanted to share several proven strategies to escape the “set it and forget it” trap that can follow the implementation of security controls and instead foster a culture of vigilance within your organization.
Why Do Cybersecurity Systems Need Monitoring?
Investing in cutting-edge cybersecurity hardware and software is undoubtedly a crucial step in fortifying your digital defenses. However, it’s essential to recognize that these tools are just one component of a comprehensive cybersecurity strategy. While they provide a critical foundation, their effectiveness hinges on regular upkeep and proactive monitoring.
In other words, hardware and software, though powerful, are not standalone solutions; they require configuration tailored to an organization’s needs, regular updates, and constant surveillance to remain effective shields against cyberthreats. In doing so, cybersecurity teams can empower their organizations to stay in tune with the dynamic and evolving nature of cybersecurity, where adaptability and continuous improvement are paramount.
Proven Steps to Enhance Your Organization’s Security Posture
Here are several proactive strategies to enhance your organization’s cyberdefenses:
Make Cybersecurity a Top-Down Initiative
It’s one thing to tell your employees that following good cybersecurity practices is important. It’s another thing to teach your employees why these practices are in place, what they do, and why the company’s security depends on employees playing their part.
However, not all organizations are large enough to support an in-house cybersecurity team. That’s where Managed Security Service Providers (MSSPs) come in. A good MSSP can provide your organization with 24/7 monitoring, up-to-date information on potential threats, and access to trained cybersecurity experts—all for a fraction of the cost of employing an in-house team.
Even in cases where organizations choose to outsource their cybersecurity to an MSSP, employees still need to understand why cybersecurity is critical and how their actions can either contribute to or detract from safeguarding the company’s digital assets.
Provide Regular Cybersecurity Training
Teaching employees about their role in maintaining a strong security posture begins with providing security awareness training, and not just when they start with the company. Bi-annual training days ensure that employees thoroughly understand any new protocols that have been enacted and why they’re critical to follow. Bi-annual training also gives your employees the opportunity to ask questions and better understand why protocols are in place.
Employees need to understand that cybersecurity isn’t something that just the IT department, the MSSP, or anyone else is responsible for. Instead, all employees need to understand why cybersecurity is everyone’s responsibility.
Just as cybersecurity software is continually updated to adapt to new threats and provide better security, these regular training sessions give your employees the chance to be brought up to date on any changes that have been implemented.
Perform Regular Audits
Regular security audits are also a proven way to ensure that your current practices are up to date, that critical data is properly backed up, that all software is up to date, and that dormant user accounts are deleted. Moreover, security audits provide valuable insights into potential vulnerabilities and areas for improvement, enabling proactive adjustments to your security posture in order to mitigate risks before they escalate into security breaches.
Balancing Frequency and Depth: Tailoring Security Reviews to Your Organization
While every organization’s security posture and operations are unique, there are some best practices that cybersecurity teams can follow to ensure that they are proactively accounting for changes in their operations and in the cyberthreat landscape.
Here are some suggested activities that can occur at different frequencies:
Bi-Annually
Twice per year, all your employees should be provided with cybersecurity training. If you choose to outsource your cybersecurity to an MSSP, you should consult them about what this training should include and see if they are willing to conduct the training.
As part of this training, you may want to consider running mock social engineering tests and tabletop scenarios. Social engineering involves using techniques that exploit a target’s human psychology into either divulging personal information (such as a username or password) or taking action (such as clicking a link or opening a malicious file). Mock social engineering tests, such as sending out fake phishing emails in an attempt to get your employees to hand over sensitive information, are a great way to test the efficacy of your cybersecurity in a no-risk scenario. It can also help you identify which employees may need additional training.
Tabletop scenarios are similar to fire drills. You present your employees with a hypothetical cybersecurity incident and they craft a response using their knowledge and your current protocols. Once the scenario is finished, your cybersecurity team can review how the company responded, identify any weak spots in your existing protocols, and adjust those protocols accordingly.
Quarterly
Even the best-laid plans aren’t useful if they are out of date. All cybersecurity documentation, including incident response plans and business continuity plans, should be reviewed quarterly to ensure they remain current, aligned with industry standards, and capable of effectively guiding your organization’s response to any security incidents or business disruptions.
This can be timed to be completed right before your bi-annual employee cybersecurity training so that your employees can be made aware of changes and updates almost as soon as they happen.
By scheduling this quarterly review right before employees undergo their bi-annual training, employees have time to become more familiar with any changes and test any new protocols in a no-risk scenario so that any problems can be addressed as soon as possible.
Monthly
All user accounts should be audited at least monthly. This ensures that any inactive user accounts can be appropriately deactivated. One method to avoid having inactive accounts on your systems is by having your IT department work with the HR department to create a process to have accounts de-provisioned as employees are offboarded.
Daily
User logins and other network traffic should be monitored daily. This helps a cybersecurity team flag suspicious activity more quickly. If you know Sally from accounting is currently on vacation in Tahiti, then your team knows that the person attempting to log in to your servers at 2 a.m. using her credentials from an IP address in Oregon is probably not Sally. If an organization wasn’t monitoring user logins, then you may not have realized there was anything suspicious about this login attempt, or that Sally’s credentials had been compromised.
Organizations should also be backing up critical data on a regular basis and reviewing it to ensure it is backed up properly. If an incident does occur and all else fails, you can always restore your data from a backup.
However, you need to check that the data is being backed up properly. Depending on how much data you generate and how often it changes, you may want to be checking these backups on a monthly, weekly, or even daily basis.
During the Employee Onboarding Process
All new employees should undergo cybersecurity training as part of their onboarding process. This ensures that they are familiar with your protocols, understand how to identify suspicious activities, and know who to report suspicious behavior to.
During the Employee Offboarding Process
When an employee leaves the company, their login and other credentials must be removed from the system. This ensures that their credentials can no longer be used to access private information or systems. Dormant accounts may be targeted by cybercriminals looking to gain access to your organization’s systems or be used by the former employee.
Why Set It and Forget It Fails: Case Studies
While daunting for any organization to face, the lessons learned in the wake of cyberattacks can provide cybersecurity teams with invaluable insights into the specific vulnerabilities and weaknesses within their systems and processes, ultimately strengthening their defensive strategies and preparedness for future threats.
Here are just two examples to illustrate the dangers of complacency, the range of cyberthreats, and the potential impacts of cyberattacks on businesses:
MGM Resorts International
The MGM hack, one of the most significant breaches in the last few years, is a dramatic example of the importance of adopting a proactive and dynamic approach to cybersecurity. Although it was estimated to only span 10 days, the breach exposed personal data of former guests, including names, Social Security numbers. addresses, and passport numbers and froze MGM operations, highlighting just how fast and devastating consequences can be for businesses and their customers.
Digging deeper, the cyber attack exploited several vulnerabilities, primarily through social engineering and the use of ransomware. The attackers, believed to be part of the group Scattered Spider, specialized in social engineering tactics and used them to impersonate an employee found on LinkedIn to obtain credentials from MGM’s IT help desk. From there, a lack of segmentation, vulnerability patching, and additional social engineering allowed the group to access and infect MGM’s systems. Making matters worse, the hackers used known ransomware from a ransomware-as-a-service operation, to encrypt MGM’s data and demand payment in cryptocurrency for its release.
In this case, the impact can be linked back to an approach that fails to regularly update and patch systems as well as reinforce security awareness training with all employees.
Logically Client
Logically worked with an organization a few years ago that had taken a “set it and forget it” approach to its cybersecurity. The organization had an unpatched server that was open to the internet, and cybercriminals were able to exploit that vulnerability and gain unauthorized access to their systems. After the incident, this company reached out to us to audit its current cybersecurity practices and take a look at its environment to see what had happened.
The Logically team was able to identify the vulnerability and determine that it was caused by an improperly configured firewall. Had the firewall been configured correctly, the attack would have likely been stopped before it could breach the organization’s systems.
To make matters even worse, the company hadn’t been regularly checking its data backups, so when it went to restore its data, it discovered that several years of data had been lost. This occurred because a new administrator had changed the location of where the files were being stored on the server but had failed to communicate this, so the backups weren’t switched over to the new location.
In response, Logically worked with the company to implement a comprehensive backup management process that ensured that data backups were regularly monitored, properly configured, and securely stored in compliance with industry standards.
Bringing It All Together
Cybersecurity is complicated, with new threats appearing daily.
However, when it comes to safeguarding your organization’s digital assets, it’s critical to remember that your organization does not have to face these challenges alone.
This is why many organizations turn toward proven MSSPs like Logically.
Our team has experience supporting a wide range of organizations, providing personalized and tailored solutions, 24/7 monitoring, and access to experienced professionals able to help your team craft robust yet flexible cybersecurity protocols. Together, Logically will become a trusted partner and extension of your organization’s IT team, working tirelessly to strengthen your cybersecurity defenses, mitigate risks, and safeguard your digital assets against emerging threats.
Want to learn more about our specific managed services provider offerings and how Logically can bring the best of cybersecurity to your organization? Reach out to us for a personalized consultation.
Originally posted October 30, 2019. Updated May 9, 2024.