Insider threat incidents have increased by 44% over the past two years, and the cost of an incident now tops $15.3 million, according to the 2022 Cost of Insider Threats report from Ponemon. To defend against this pressing security — and business — risk, organizations need a comprehensive insider threat detection strategy. This article provides extensive guidance to help you get started building an effective program.
Insufficiently protected open ports can put your IT environment at serious risk. Threat actors often seek to exploit open ports and their applications through spoofing, credential sniffing and other techniques. For example, in 2017, cybercriminals spread WannaCry ransomware by exploiting an SMB vulnerability on port 445. Other examples include the ongoing campaigns targeting Microsoft’s Remote Desktop Protocol (RDP) service running on port 3389.
Cybercrime has become more prevalent since the start of the COVID-19 pandemic. Indeed, 81% of organizations worldwide experienced an uptick in cyber threats and 79% suffered downtime due to cyberattacks during peak season, according to a 2021 report by McAfee Enterprise and FireEye. Attacks have also become more complex. IBM and the Ponemon Institute report that the average time to spot and contain a data breach in 2021 was 287 days, a week longer than in 2020.
Proper management of the configuration of your infrastructure components is vital to security, compliance and business continuity. Unfortunately, configuration drift in systems and applications is common, which leaves the organization vulnerable to attack. Indeed, about 1 in 8 breaches result from errors such as misconfigured cloud environments, and security misconfiguration ranks #5 on the OWASP list of the top 10 web application security risks.
The Center for Internet Security (CIS) offers Critical Security Controls (CSCs) that help organizations improve cybersecurity. CIS CSC 17 covers incident response and management. (In earlier versions of the CIS controls, handling of security incidents was covered in Control 19.) CIS CSC 17 focuses on how to develop a plan for responding to attacks and other security incidents, including the importance of defining clear roles for those responsible for the various tasks involved.
The Center for Internet Security (CIS) provides Critical Security Controls (CIS Controls) to support the evolving field of cybersecurity. CIS Control 18 covers penetration testing (this topic was covered by Control 20 in the previous version). Penetration testing is the intentional launch of cyberattacks in order to evaluate an organization’s security.
CIS Control 8 Center for Internet Security (CIS) version 8 covers audit log management. (In version 7, this topic was covered by Control 6.) This security control details important safeguards for establishing and maintaining audit logs, including their collection, storage, time synchronization, retention and review. Two types of logs are independently configured during system implementation.
Control 10 of CIS Critical Security Controls version 8 is focused on malware defenses. It describes safeguards to prevent or control the installation, spread and execution of malicious applications, code and scripts on enterprise assets. (In CIS version 7, this topic was covered by Control 8.) Malware, especially ransomware, has become a pressing security issue in recent years.
