A Day in the Life of an IT Pro: Back to basics

Written by

IT pros, our time has come; 2016 is the year of cybersecurity. A recent report from Cisco reveals that there will be one million cybersecurity job vacancies this year. As IT security takes the spotlight and becomes a hiring priority for organizations, there’s an opportunity for IT security professionals to ensure network security is taken seriously.

Whether you’re a veteran like me, or just starting out in your career, I wanted to share my top ten basic tips to help ensure that you can spring clean your network without encountering any hitches or discrediting cyber-attacks.

1) The most basic of basics

I’m not talking about your ABC’s here, but your basic security framework! Take a long hard look at the current security framework, what does it look like? Does it fit the reality of your organization’s needs? If you don’t have one, start by reviewing some of the standard industry frameworks. For example, ISO/IEC 27002 and COBIT. Then, continue with a comprehensive audit of policies and inventory – think user accounts, type of accounts, the type of transactions (public/internal), the sensitivity of the data being handled, account roles/responsibilities, end user agreements, BYOD policies and change management policies.

As it has been said before, no man is an island and IT security is not necessarily achieved by just one person, machine or policy. There are a number of factors, people and processes to consider. Your framework is therefore going to be a continuously evolving one, but an essential basic all the same.

2) Your pal AutoMATE

Even the most seasoned IT professional can use a little help from time to time. User devices and applications make a whole lot of noise and a large number of network connections, data transactions and application requests. Manually detecting threats on this scale would be impossible without the support of your BFF: automation. Centralizing syslogs and events from network devices, servers, applications, databases and users via a SIEM is a must-have. This approach makes it easier to automate threat detection as and when they happen and provide corrective responses to mitigate the risks.

3) Better the devil you analyze

If you have access to real-time data, you can detect suspicious activities on the network. Whether it’s an increase in web traffic activity on a critical router or firewall, or suspicious connection requests to assets from an unknown source outside your network, with data-driven analysis you will be able to better understand how an attack happened. Data-driven analysis will help you with forensics and root-cause analysis to help you prevent such attacks in the future.

4) Smallest threats can sometimes be the largest

While I don’t know for sure what information is on your network, I would bet there is confidential data. Any user in your company can copy this sensitive data on a USB device and you may not even know. In the perfect IT world, you must monitor all end-point devices from laptops to the smaller USB devices. By monitoring end-point devices, as soon as the user plugs in a USB it can be ejected or blocked automatically and a corrective action implemented.

5) It’s all about the money, money…and healthcare

Payment card and healthcare industries are more prone to data breaches than any other. If you’re working in either of these industries and face an attack, it could compromise millions of credit cards or patient records. These industries have compliance standards which should be established to avoid regulatory fines or criminal proceedings. These standards provide the basics for protecting your servers and databases.

6) The inside man

Sometimes the most damaging security threat comes from the inside. IT pros should be as vigilant against insider threats as they would external ones. For example, an employee logging on to a business critical server or core router outside of business hours or having his credentials elevated to an admin group without prior approval should cause warning alarms to go off. While they may just be keen workers, it’s always best to be vigilant.

7) Everything is not always ‘OK’

Clicking ‘OK’ to running unknown executables and opening unknown email attachments can have ill-effects on your network. It’s important to educate users about the risk of thinking everything is ‘OK’ and everyone is your friend. For example, ransomware is a type of malware that locks your files or system with an encryption that can only be decrypted after paying a ransom amount. Beware of notorious Ransomware families like CryptoWall 3, CryptoLocker, CTB-Locker, etc.

8) Integrity ch-ch-changes

While the subtle changes to files, registry and data can be hard to detect, most zero-day malware and advanced persistent threats use this to their advantage. By monitoring file integrity, you can keep an eye on any stealth changes on files and registries and prevent data loss or business downtime.

9) Knowledge is power

Most threats, such as malware, DDoS attacks and botnets are spread by bad hosts on the internet. For us IT pros, collective intelligence on these bad actors can be used to proactively pinpoint security concerns, such as potential phishing attempts and infections, by monitoring suspicious traffic that might be going to the command and control servers.

10) Knowledge is power 2.0

Just like the intelligence the bad guys share, as the pros we should share intelligence amongst our broader peers and educate users on common attack types. The underworld of bad guys and cyberattacks is a constantly evolving beast, but knowledge can help in proactively avoiding common threat types.

In the year of cybersecurity, there will be rallied troops on both sides of the battle. With an ever increasing number of users, data and network connections the challenge is on. However, with the basics in place we can at the very least start the war with the right security strategy.

What’s hot on Infosecurity Magazine?