After reading Scott Lovett’s post about personal cybersecurity, we saw that passwords are fundamental to IT security. Now anyone who played little league sports remembers that fundamentals were never “fun”. Whether soccer, basketball, or baseball, it was a lot of drilling and hard work to improve the basic skills required to be competitive. Basic cybersecurity is high pressure work, and information security teams are usually only in the limelight when something goes wrong. When a company is not in the news for a breach, these teams usually aren’t being cheered for their defensive victories. According to a recent news article, the average ransom paid by organizations in 2020 was over $312k! You don’t want to end up on the news for a cybersecurity breach, and you certainly don’t want to put money into the pockets of the cyber criminals.
Because every major business is a digital business, it is of the utmost important that companies build solid cybersecurity practices. To that end, I wanted to touch on some of the basics of corporate cybersecurity as well as offerings from ImagineX to help companies improve their security posture. The NSA released guidance on the top 10 cybersecurity mitigation strategies. Number 1 is upgrade and update software, closely followed by… you guessed it, “passwords”. How can a company ensure its employees’ passwords are safe and secure? Of course there are the policies around password length, complexity, and expiration which are super important. Access management and multi-factor authentication (#10 on the list) are also effective.
Going deeper, is it possible to know which employees’ passwords are at risk or have already been compromised? The answer is yes! ImagineX in partnership with a leading cybersecurity data firm has a solution that scans breach data for compromised employee credentials. This data can then be used to address stolen passwords, educate employees on cybersecurity best practices, and identify where the compromise happened to prevent it in the future.
Beyond passwords and access management, number 3 on the NSA list talks about “trusted certificates to prevent and detect the use and injection of illegitimate executables”, and number 5 covers actively managing systems. In order to support this, ImagineX has developed a solution to pull publicly available information about any company’s network that can identify potential issues with certificates, and provide an external view of the network as seen by potential threat actors.
And the last cybersecurity topic I want to touch on is number 6 on the NSA list which covers hunting for network intrusions. For that capability, ImagineX developed the Analyt-IX tool to give a more complete picture of vulnerability management and risk (see image below).
Whether or not you feel your company needs help with cybersecurity, people need to take these threats very seriously and take some basic steps to protect their data. If you’d like to learn more about the ImagineX approach to overall cybersecurity, please contact us at [email protected]. Good luck and stay secure!