Understanding the Cyber Exploit Cycle- Part 2


With the rise of cyber attacks happening across all industries and markets we will examine specific recommendations made by the Communications Security Establishment (CSE). CSE’s recommendations are used to protect our nation’s network and can be used as a guide by SMB’s to build a defense against cyber exploits and protect their own infrastructure.

Communications Security Establishment provides and protects information of national interest; safeguarding Canada’s security. It is their priority to protect the computer networks and information of greatest importance to Canada.

CSE provides foreign intelligence to a number of Government departments and agencies, including Foreign Affairs Canada, the Canadian Security Intelligence Service and the Department of National Defense.

As covered in Understanding the Cyber Exploit Cycle: Part 1, attackers will continually probe computer systems, including our governments, looking for vulnerabilities in order to gain access. Once they have access, intruders can steal or distort the information they encounter, corrupt it, or program the underlying systems to exploit other connected computers and networks.

We have adapted CSE’s recommended 10 Mitigation Measures to server our SMB clients in order to reduce the vast majority of cyber threats:

1. Standardize and limit the number of Internet Gateways- By reducing the number of external connections users can benefit from protection provided by higher level cyber defenses. These enterprise level defenses monitor and respond to malicious activity.

2. Patch Operating Systems and Applications- Unsupported or outdated operating systems and applications create a significant risk of exposure. By implementing a patch maintenance policy the exposure to threats and vulnerabilities can be reduced.

3. Enforce the Management of Administrative Privileges- By keeping the number of users with administrative privileges limited, the exposure to threats will also be limited. It is recommended to use two factor authentication when possible, and establish a change password schedule.  Where possible the CSE recommends that administrative functions be performed on a dedicated workstation that does not have access to the internet or open e-mail access.

4. Harden Operating Systems- Disable all non-essentials ports, services, and accounts. Ensure an enterprise-level auditing and anti-virus solution is in place to prevent any compromise to t the infrastructure.

5. Segment and Separate Information- Information should be categorized, and networks zoned in groupings that have the same security policies and protection requirements.

6. Provide Tailored Awareness and Training- IT security awareness and activities should be frequently reviewed, maintained and accessible to all users with access to a system. The human element will always be a contributing factor to threat exposure. Regular communication regarding attempted or actual compromises will help reinforce best practices and changes as required.

7. Manage Devices at the Enterprise Level- Use equipment that can be controlled and managed at the enterprise level. A strict control policy is essential for any organization that utilizes a bring-your-own-device (BYOD) policy.

8. Apply protection at the host level- Monitoring alerts at the host level can provide early indication of intrusions before the entire system is affected. Deploying a host-based intrusion prevention system can protect against both known and unknown malicious activity.

9. Isolate web-facing applications- Create a virtualized environment exclusively for internet browsers and e-mail, since they are most susceptible to exploits. Any malware that infects this environment will therefore not infect the enterprise.

10. Implement Application Whitelisting- Identify authorized applications and components to be white listed, enforcing which applications are allowed to be installed on a host. Whitelisting policies should be deployed across the organization.

A more detailed look at these top 10 security actions to protect the Government of Canada can be found by download CSE’s IT security bulletin.

Be Prepared.

The best recommendation to protect your organization against cyber attacks and a potential security breach  is to take decisive action before an intrusion has occurred. Knowing where your data resides, who has access to it, and what steps can be taken in the event that a restore is needed, will go a long way in protecting and limiting your loss in the event of an intrusion.

(image via pixabay.)