Cyber Security Learnings 2020: Tips From the Frontline

by Security Centric, on 22/12/2020 11:35:07 AM

There's no doubt that 2020 has created some unique challenges across every organisation, and since information security touches on arguably each of them, it also created some challenges for cyber security professionals. So, we've compiled a list of the top cyber security tips from some of the Security Centric team from 2020 in order to help you be more prepared in 2021. 

Sash V: Principal Consultant

There was plenty of cyber-related activity during 2020 that caught my eye, from some particularly creative COVID-19 themed phishing, through to performing supply chain risk assessments purely by reading sensationalist news headlines. However my standout for 2020 was the clear reliance on digital trust as an organisational enabler.

Whether it’s business chasing the buzzword holy grail of digital disruption, building platforms to move the customer journey from bricks and mortar to online, ensuring the legitimacy of video conferencing invitations to save you xx million, or plain old ecommerce, an organisation’s strategic business initiatives are more often than not dependent on digital activity. A 2020 AustCyber report estimates the economic contribution of digital activity at over $425 billion and 2.3 million jobs. This digital activity is built on the concept of digital trust – be it a financial transaction or a Zoom invitation – and this digital trust is in turn enabled by cyber security.

I’ve witnessed first-hand those high performing organisations that can draw a clear linkage between strategic objectives, corresponding initiatives, the reliance on digital trust whether internal or customer facing, through to individual or collective cyber security initiatives. The lesser performing organisations bury cyber security with IT, and solve tactical problems with technical solutions, or worse yet, try to solve an issue of business risk with a simple software product.

Bill R: Lead Consultant

“You’re on Mute”

Remote working has presented many challenges, and opportunities for the bad guys – IT departments being distracted getting everyone working remotely – rather than looking at where holes are. Trend I’ve seen is the embracing of 2FA as teams move out of the office – this has been a very good thing.

Ash S: Red Team

Take responsibility for hardening your own assets. I’ve seen many systems this year running out of date software that are either “marked to be upgraded” or “we just use the standard config and trust it” kind of thing. People don’t perform the easy hardening steps themselves which could save them hours of reconfiguration and management later. Putting proper processes in place when systems are deployed will save time, money and energy when you don’t have to redeploy, reconfigure and re-work processes later on.

Bassam A: Business Security Advisor

Remote working has become the new normal and emphasised existing risks. One of these of main concern for many clients is accidental or purposeful data leakage. This can be backed up by the most recent study by Varonis showing that 1,000 sensitive files were accessible to every employee in 53% of companies.

So what can you do to mitigate these issues? In my opinion the four first steps you should undertake are:

  • Identify and remediate global access groups that give access to sensitive/critical data
  • Ensure appropriate access
  • Run audits on your servers looking for data containers with global access groups applied to the access control lists
  • Replace global access groups with smaller security groups start with the most sensitive data and test changes so issues don’t arise

Jeff H: Cyber Security Engineer

A well placed phishing attack can still easily be one of the leading causes of credential leakage, data breaches, malware delivery or ransomware attacks within an organisation. While the technical side of preventing phishing is no doubt critical, such as implementing Mimecast or other similar email security platforms, organistions can often forget about the human side. People can be notoriously erronous and forgetful, but most importantly, motivated by curiosity and fear. It takes just a single user in your environment to interact with a phishing email that has peaked their interest or instilled fear for an attack to succeed.

This year at Security Centric, we've conducted plenty of email phishing simulations across various industries and found that between 15% and 50% of users can be successfully phished; the one common factor for organisations who scored on the lower side of successful phishes is the presence of a strong and regular user awareness training program - one that is supported by all levels of the business.

In short, don't forget about the people within your organisation. Help them to learn how to recognise, handle and respond to potential phishing attacks by providing training programs that include mixed learning methods such as video training, and phishing simulations. Not only will they feel more empowered and confident, your organisation can greatly increase its overall security posture and be in a better place to mitigate future phishing attacks.

Chris G: Senior Security Consultant

As organisations face the continuous advancements of malicious cyber threat actors and techniques, the focus for the first quarter of 2021 should be to ensure essential cyber hygiene is embedded and maintained by implementing the ACSC prescribed ‘Essential Eight’ mitigation strategies in combination with continuously provided cyber security awareness and training to employees. With the upward trend of sophisticated targeted phishing attacks transpiring in 2020 due to COVID-19 and other contributors, it’s critical organisations tackle 2021 with a focus on a cyber security capability uplift.

Ernst P: Senior Security Specialist

My take away this year was that organisations are continuously looking to implement the next tool to bolster their security instead of focusing on existing investments. By implementing best practices using tools and processes they've already invested in, they can generally reduce their exposure.

John C: Cyber Security Analyst

Technical Tip: Don’t assume NAT will keep you safe forever, remember to close all inbound ports on your local machine.

Jill T: Marketing Manager

Based on all the ransomware and phishing attacks this year and the data we’ve seen from multiple sources such as Verizon, Datto, and Cisco, we continue to see the human element of cyber being crucial to organisational security. We’ve seen professionals get it wrong in multiple attacks in the last half of 2020, so it’s important not to assume that people have a certain level of knowledge about areas of the business that are outside their specialty, or that they'll retain knowledge gained during inductions or security awareness training without regular re-skilling.

Wishing all of you a happy and safe holiday period - from all the team at Security Centric.



Finally, an actionable blog

The purpose of this blog is to make available the real-world lessons, experience, observations and mistakes that are part of the daily life of a group of cyber security professionals.

Read about:

  • What mistakes organisations are making (anonymously of course!)
  • What effective actions are available to quickly and economically achieve effective protection (without buying new kit)
  • Trends we're seeing, via our incident response and forensic investigation capabilities
  • And sometimes, just frustrations about what is wrong with cyber :|

Subscribe to Updates