2022: A Checklist for the Year of Heightened Cyber Risk

Blog

Written by

Photo of Harman Singh

Harman Singh

Security Expert and Consultant

With greater threat comes greater responsibility. As 2022 is a year of heightened cyber risk, it's vital to ensure that your organization takes the necessary steps to protect itself.

In response to a heightened cyber threat, an organization should have a plan in place on how to proactively prepare and react when the situation arises.

What Factors Change the Cyber Risk for an Organization?

An organization's cyber risk status may change based on a few factors. These include:

  • Geopolitical tensions such as the Ukraine-Russia war could directly impact organizations using Russian vendors
  • A zero-day vulnerability that is actively exploited in the wild
  • How interconnected they are with other businesses and organizations that have been affected by a vulnerability
  • Hacktivism related to a specific event, sector or even country

All of the above reasons may lead to a change in cyber risk. Therefore, a balancing act between risk and your organization's defenses is essential. These factors leading to increased risk may require additional controls such as changed priorities in logging and monitoring, temporary changes to WAF and DDoS configurations, etc.

Now What...

To increase cyber alertness across its infrastructure, an organization's ability lies in doing its homework in these two areas:

  1. Keeping a minimal attack surface ensures your organization's attack surface is in check, offering little opportunity to attackers.
  2. Reducing the impact of an attack ensures your organization can cut the effectiveness of an attack during an incident.

Security Checklist

The most crucial part of understanding is that cybersecurity fundamentals must not be ignored across systems, devices and networks.

Phishing Response

Employees should be well-trained on how to identify and report phishing attacks. They should also know what to do if they think they may have fallen victim to one.

Check Your Internet Footprint

In the current threat landscape, checking your organization's internet footprint is more important than ever. This means understanding what information is publicly available about your organization online and ensuring that this information is accurate and up-to-date.

Ensure that remote working arrangements are secure and that employees understand their responsibilities to protect devices and underlying sensitive information.

Patching

  • Check your system patching cycle and ensure you are up to date on desktops, laptops and mobile devices.
  • Utilize automatic updates where possible; this makes your job more accessible and ensures these are applied as soon as released by vendors.
  • Ensure that firmware on devices such as routers and firewalls is updated.
  • Run a patch audit against internet-facing devices to ensure these are not vulnerable. During COVID, many critical and high-risk issues were exploited on the internet-facing security devices (VPNs, gateways, firewalls).

P.S. Do not fall for the 'patch everything' advice; follow a risk-focused approach to patching.

Authentication and Access Controls

Regularly review user permissions and access controls to ensure they are up to date and appropriate. Ensure that multi-factor authentication (MFA) is enforced and privileged accounts are reviewed.

"Regularly review user permissions and access controls to ensure they are up to date and appropriate"

Encourage staff via awareness, technical controls, and policies not to share passwords across corporate and non-corporate accounts.

Ensure that your organization's cybersecurity policies and procedures are up to date and well known by all employees.

Third-Party Access

When assessing the risks associated with third-party access to your organization's systems and data, you should consider:

  • The sensitivity of the data involved
  • The level of access required by the third party
  • The security controls in place to protect the data
  • The likelihood of a cyber-attack
  • The consequences of a successful cyber-attack

To mitigate the third-party access risks, you should implement appropriate security controls after understanding the level of access provided and to whom. These could include access control security, data encryption, perimeter defenses and regular cloud security audits to know your weaknesses.

Defensive Readiness

Organizations should ensure that their defenses are up to date and effective. This includes having the latest security patches for systems and applications and ensuring that antivirus software is installed and working correctly.

Logging and Monitoring Capabilities

  1. Check that logging is enabled and working as expected on all systems and that appropriate logs are being sent securely to a central location. Ensure that logs are stored for six weeks, if not longer, after reviews.
  2. Review your monitoring capabilities and ensure you have visibility of all potential threats.
  3. Ensure you can quickly identify any anomalies in behavior or activity.

Review Backup Plans

Ensure that your backups are up to date and that you can easily retrieve them in a data loss. Reviewing your backups regularly will help you identify any potential issues in the backup and restore process and ensure that your data is adequately protected.

Do not forget to backup private keys, backup codes, access keys and other sensitive information, not just data.

Incident Plan

When a cybersecurity incident occurs, it can significantly impact your business. Having a robust incident response plan will help you minimize the damage and get your business back up and running quickly.

Not sure where to start? Use our checklist to make sure your organization is prepared for a heightened cyber threat:

  1. Assign responsibility for managing the incident response to a designated individual or team.
  2. Conduct a risk assessment to identify your organization's most critical assets and systems.
  3. Develop contingency plans for protecting and recovering your critical assets and systems.
  4. Create a communications plan for internal and external stakeholders.

Communicate

As a security team, you must have buy-in from the rest of the business. They are your audience; they must be your side to make your job easier at the end of the day. Communicate the potential risks and situational change across the estate. Ensure everyone in your organization knows how to spot a phishing email, and remind them how to report such messages. Advise them to forward suspicious emails to your IT team or security department so they can investigate.

You may also like

  1. Ransomware is Everywhere, But are Organizations’ Defenses too Little, too Late?

    Blog

  2. Fileless Attacks: Addressing Evolving Malware Threats

    Opinion

  3. #DxPsummit: CISOs Discuss Ransomware Strategies for Recovery and Resistance

    News

  4. IR and the Bathtub Curve

    Blog

  5. Augusta Health Center Reveals Historic Breach

    News

What’s hot on Infosecurity Magazine?