{"id":127,"date":"2021-11-09T11:16:59","date_gmt":"2021-11-09T16:16:59","guid":{"rendered":"https:\/\/community.mis.temple.edu\/mis5211sec002fall2021\/?p=127"},"modified":"2021-11-09T11:16:59","modified_gmt":"2021-11-09T16:16:59","slug":"the-top-3-cyber-security-mistakes-and-how-to-avoid-them","status":"publish","type":"post","link":"https:\/\/community.mis.temple.edu\/mis5211sec002fall2021\/2021\/11\/09\/the-top-3-cyber-security-mistakes-and-how-to-avoid-them\/","title":{"rendered":"The Top 3 Cyber Security Mistakes and How to Avoid Them"},"content":{"rendered":"

Ransomware cost Americans\u00a0an estimated $1.4 billion<\/a>\u202flast year, and\u00a0beyond\u00a0high-profile hacks like\u00a0the\u00a0Kaseya and Colonial Pipeline\u00a0breaches,\u00a0cyber threats are more common than ever.\u00a0As a result,\u00a0businesses of all sizes are scrambling to\u00a0learn more about cyber security and\u00a0ensure\u00a0that they have\u00a0the proper measures in place to protect their\u00a0operations.\u00a0These are the top three considerations organizations must take into account when implementing or upgrading their\u00a0cyber security approach.<\/p>\n

    \n
  1. People and Training<\/strong><\/li>\n<\/ol>\n

    First and foremost, there is a significant lack of cybersecurity education among employees. The human firewall is the most important defense, but it is also the most vulnerable. That means security training has to be a top priority when it comes to an organization\u2019s cyber security. Organizations should implement a security awareness training platform which trains, tests and scores all employees. It\u2019s important to teach employees how to identify cyber security threats and remain vigilant toward anything suspicious, such as scams, fraudulent emails, or even physical threats. It\u2019s also important to consider implementing some sort of email gateway filter. With the rise of remote working, additional problems emerge as more people go mobile. For example, it is much easier on mobile to mix company and private mail and people tend to click quickly, which leads to errors. We all need to slow down, verify incoming requests and be cognizant of what we are clicking on so that we do not fall victim to a cyber security threat.<\/p>\n

     <\/p>\n

      \n
    1. Technology and System<\/strong><\/li>\n<\/ol>\n

      It is also paramount that organizations ensure systems are fully patched, inclusive of their OS, firmware and applications. They must ensure each endpoint detection and response application is installed on each device, with all systems reporting back to a central location or Security Operation Center, where all notifications, events, and alarms can be correlated. A quality Detection and Response application is not only going to defend against malware and other malicious activity, but it will also identify possible insider threats by monitoring lateral traffic. Utilizing such Security SaaS should be part of the overarching security platform which will provide a level of behavioral analytics with the ability to determine what is standard for that user and\/or system. Therefore, this allows organizations to identify unusual activity, even if the user has the rights to the systems being accessed.<\/p>\n

      Additionally, I would suggest V-LANs and least privilege access or even zero trust as a greater security play. For example, IoT devices should not cohabitate on the same V-LAN as the accounting or human resources department. This type of network segmentation allows for greater risk reduction.<\/p>\n

       <\/p>\n

        \n
      1. Staffing and Security Operations<\/strong><\/li>\n<\/ol>\n

        Many organizations forgo the managed services model to create an in-house security operation center, believing they can do it themselves. There are many cyber security tools available; however, there are very few trained and certified security engineers, and these tools often rely upon alarms, event notifications, or automated messaging to provide alerts. However, this begs the question, who will be monitoring and mitigating the environment at 3 a.m. on New Year\u2019s Eve? Effective cyber security infrastructure requires extensive resources to reduce the total volume of alerts, alarms and events to an actionable notification which requires mitigation. Vacation, training, sick time, education and retention programs are all factors to consider when creating a security operator center. There is a deficit of security analysts, engineers and architects throughout the cyber security space today. Even if you can hire a strong team of cyber security specialists, security operation centers require at least five to six people to ensure 24\/7 coverage.<\/p>\n

        In addition to the personnel issues, there are also equipment, software updates and proper configuration to consider. True quality deployment will require multiple layers, and the systems will have to be integrated, monitored and managed. In comparison, an organization that outsources its cyber security needs can depend upon systems being maintained and a team of experts to support them. Simply put, organizations should secure their environment through a third-party managed security service. These services are inclusive of EDRs, patching systems, a security information event manager, behavioral analytics and east\/west traffic monitoring. At best, with the current staffing shortage, an in-house SOC is an ineffective method to detect, quarantine and\/or remediate an infected device and\/or network.<\/p>\n

        Hackers are only becoming more sophisticated and, big or small, no organization can afford to go unprotected. Being aware of these three points is critical in protecting your organization from cyber threats. In the current cyber security environment, there is no room for mistakes.<\/p>\n

        The Top 3 Cyber Security Mistakes and How to Avoid Them – Cyber Defense Magazine<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

        Ransomware cost Americans\u00a0an estimated $1.4 billion\u202flast year, and\u00a0beyond\u00a0high-profile hacks like\u00a0the\u00a0Kaseya and Colonial Pipeline\u00a0breaches,\u00a0cyber threats are more common than ever.\u00a0As a result,\u00a0businesses of all sizes are scrambling to\u00a0learn more about cyber security and\u00a0ensure\u00a0that they have\u00a0the proper measures in place to protect their\u00a0operations.\u00a0These are the top three considerations organizations must take into account when implementing or upgrading […]<\/p>\n","protected":false},"author":26648,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[1],"tags":[],"class_list":{"0":"post-127","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-uncategorized","7":"entry"},"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec002fall2021\/wp-json\/wp\/v2\/posts\/127","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec002fall2021\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec002fall2021\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec002fall2021\/wp-json\/wp\/v2\/users\/26648"}],"replies":[{"embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec002fall2021\/wp-json\/wp\/v2\/comments?post=127"}],"version-history":[{"count":1,"href":"https:\/\/community.mis.temple.edu\/mis5211sec002fall2021\/wp-json\/wp\/v2\/posts\/127\/revisions"}],"predecessor-version":[{"id":128,"href":"https:\/\/community.mis.temple.edu\/mis5211sec002fall2021\/wp-json\/wp\/v2\/posts\/127\/revisions\/128"}],"wp:attachment":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec002fall2021\/wp-json\/wp\/v2\/media?parent=127"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec002fall2021\/wp-json\/wp\/v2\/categories?post=127"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec002fall2021\/wp-json\/wp\/v2\/tags?post=127"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}