Prevent and respond

EXPERIENCING ATTACKS can be a huge problem for businesses and a PR nightmare, and, unfortunately, software is inherently vulnerable. That said, there are plenty of ways you can harden your business against attack.

To start with, consider the following measures: 

• Implement a risk management framework and process.
• Implement foundational cyber security controls such as the essential cyber hygiene controls from the CIS Critical Security Controls (The 18 CIS Critical Security Controls).
• Ensure you build out strong phishing awareness and prevention defences that include testing users.
• Ensure edge and external facing devices are kept up to date and continuously assessed as part of asset and vulnerability management programs.
• Invest in supply chain and dark web monitoring services to identify potential supplier compromise.
• Understand and where possible ensure contractual coverage for outrages and cyber events is in place with key suppliers.
• Build out IR plans and playbooks to be able to address and handle a supply chain compromise to a key supplier. Ensure the plan is well rehearsed and exercises performed for this scenario.
• Ensure insurance cover is in place for disruption of service due to a supplier / service disruption. 

It is recommended that the following steps are performed to protect external facing devices:

• Consume relevant threat intelligence related to key technologies and suppliers.
• Maintain an asset inventory for external facing devices and ensure they remain up to date with patches.
• Ensure devices are continuously monitored using an attack surface management or vulnerability assessment tool.
• Onboard relevant log sources to your detection and response team or SIEM system.
• After announcement of zero-day exploits perform compromise assessments on impacted external facing devices and where applicable connected systems and networks.
• Use least privilege for service accounts to limit what permissions the exploited process gets on the rest of the system.
• Segment externally facing servers and services from the rest of the network with a DMZ or on separate hosting infrastructure.
• Web Application Firewalls may be used to limit exposure of applications to prevent exploit traffic from reaching the application.

In addition to enhance resilience against supply chain cyber-attacks, businesses should consider the following measures:

• Regularly evaluate the security practices of suppliers and third-party vendors to identify and mitigate potential vulnerabilities. 
• Implement Data Backup and Recovery Solutions: Ensure critical data is backed up regularly and can be restored swiftly to maintain business continuity during disruptions. 
• Provide Employee Cybersecurity Training: Educate employees on identifying and responding to cyber threats, fostering a security-aware culture within the organisation. 
• Establish a Communication Strategy: Develop a plan for communicating with stakeholders during a cyber incident to maintain trust and provide timely updates. 
• By integrating these practices, businesses can strengthen their resilience against cyber threats in a bid to ensure continuity in their operations.

Gavin Knapp, cyber defence technical lead, Bridewell

For more information, visit www.bridewell.com

03308 285 883