February 08, 2022

Best Practices for Preventing, Detecting, and Responding to Cyber Attacks

By Elizabeth Fichtner
Intrusion Prevention (IPS)ProtectionResponseDatto EDRDatto Managed SOC

Preventing cyber attacks is a top security concern for most organizations in 2022, and with good reason. Attacks are growing steadily in size and sophistication, and ransomware has disrupted daily life for many of us this year. The Colonial Pipeline ransomware incident was just one of many major hacks in the news. Prevention is only the first part of the story, though.

By operating in an imperfect world, we all accept some level of risk. In fact, 64% of businesses worldwide have experienced some type of cyber attack. Some sources estimate that the average cost of a single breach has risen to $4.24 million this year. Even if your organization could survive that size of unexpected expense, we’re sure that you could think of other ways you would rather spend that money. Prevention and early detection of cyber attacks is a safer and cheaper strategy than reacting when it’s too late.

These three best practices for preventing and quickly stopping cyber attacks in their tracks will help you think about cybersecurity holistically and (hopefully) get ahead of your next attack, data breach, or cybersecurity incident.

Preventing Cyber Attacks

1. Top-down policies for improving your security posture

Best practices need to be backed by the right policies, and the first steps begin at the top. Cyber security should be an integral part of corporate governance, with buy-in from senior management. By providing proper funding, management can demonstrate that security is a top concern for the organization. Security software and hardware, training, and outside security services are all essential to include in organizational budgets. Policy making should also include the assignment of roles and responsibilities for all relevant stakeholders. A chain of command that includes both IT and corporate leaders allows each stakeholder to understand their role in preventing cyber attacks.

Senior managers and analysts should also consider regular cost-benefit analyses for cyber security across functions and business units. An inventory of data assets and their location can help put a dollar figure on the most efficient allocation of funding. It might not make sense to spend a million dollars to protect a business unit that generates only $500,000 in profits. These cost-benefit analyses can also be used to inform cost projections and growth strategies for the organization.

In similar ways, a detailed, up-to-date map of the organization’s overall security architecture can help IT-specific policies. In some cases, this begins with analyzing the organization’s attack surface, both internally and externally. This includes determining risk areas in current applications and then finding ways to minimize this risk. Many teams manage their risk by reducing the amount of code running and reducing entry points available to untrusted users.

2. Bottom-up practices for cybersecurity teams

Your organization can engage a number of practices to prevent, limit, or mitigate attacks that have been backed by well-developed policies. Software updates, upgrades and patching should be implemented on a regular basis. At the same time, security products’ policies must be carefully reviewed, and incident logs and alerts should be continuously monitored.

Networks should be segmented, with well-maintained firewalls and intrusion prevention system (IPS) safeguards among networks to contain lateral infections. In addition, thorough audits and penetration testing should be conducted across all systems on a regular basis.

Access management systems are also critical. User and software privileges should be kept to a minimum in terms of the number of users and the types of access that are granted. Store privileged credentials, including passwords and SSH keys, in a secure, centralized vault. Automatically rotate privileged credentials, isolate privileged account sessions for temporary employees, and regularly scan for orphan accounts of former employees that might still provide unauthorized access.

Finally, all employees, both staff and management, should be thoroughly trained in the importance of cybersecurity. It’s essential that they understand the risks of unsecured communication, security gaps in mobile devices, and the dangers of phishing attacks through email. Employees should also be strongly advised to report any suspicious emails or activities that might be detrimental to network security.

Threat Detection and Response

3. Adopt proactive measures to detect and respond to advanced cyber threats

Perhaps the most important best practice is taking a proactive approach to threat detection. Malware can pose a potential threat for days, months or more as an Advanced Persistent Threat (APT). In fact, many experts recommend acting as if you’ve already been hacked, even if your systems appear normal. Even if you’ve already implemented traditional solutions such as Endpoint Detection and Response (EDR) platforms, Next-gen antivirus (NGAV) software, or User/Entity Behavior Analytics (UEBA/UBA) tools to detect malware, threats, and other cyber risks, this mentality can help to protect you.

You need to implement a security solution that hunts for malicious files that have breached your defenses. It should also enable users to respond to threats and validate that your endpoints are completely “clean”. This validation needs to be conducted on a periodic basis and be available on-demand in dynamic cloud environments. Also consider using detection and incident response tools with deep analysis and forensics-based capabilities that can assess the health of an endpoint by validating what is actually running in memory at a given point in time, has run, or is scheduled to run in the future.

It almost seems naive to think you can prevent damage from a cyber attack. But, in fact, the majority of cyber attacks are prevented! Next-gen antivirus applications, strict security policies and compliance guidelines, and security hardware can work wonders. And, if a threat actor manages to penetrate your defenses, endpoint security tools like endpoint detection and response (EDR) software empower you to quickly isolate the attack and mitigate damage.

Request a Cyber Security Compromise and IT Risk Assessment

As a first step in upping your game in cyber defense, contact us to request a cyber security compromise and IT risk assessment. A compromise assessment is a quick way to independently validate your existing security posture, expose hidden threats and vulnerabilities in your environment, and identify ways to reduce your overall cyber risk.

Contact us to learn more about assessing your cyber risk.

Suggested Next Reads