February Guest Blog with trusted partner of Cyber Essentials,
Cyber Security Canada Victor Beitner, CISSP, GG, E-Technologist
One of the reasons I got involved with the Cyber Essentials program was selfish. I wanted to prove to clients that we take cybersecurity seriously. That we practice what we preach.
We often see clients working with IT Managed Service Providers and spending great sums of money to align with the security vision of the Managed Service Provider (MSP). Unfortunately, rarely have we seen Cybersecurity trained professionals working for MSPs. There is a perception that it is costly to hire these professionals. Currently, most Cyber professionals are hired by banks, law firms, and large accounting firms.
When we have an engagement with a client for a review either for a pre or post-event, they tell us that they are secure because they have all the controls in place, such as Firewalls, AV, etc. The problem we face is this: MSPs are great at monitoring system health but when it comes to security, there are so many events taking place in a second, it is like looking for a needle in a haystack.
Imagine this scenario: a request for a Dropbox sync happens every hour, day, or week and month. IT will expect that the client is using Dropbox or any other program that is normally used on the net, but let's focus on Dropbox traffic. These sync requests are normal. Now, what if there is a policy that states, these apps have to be approved and reside on registered computers. Great!
Now we see authorized Dropbox requests on a series of networks that are normal. They are happening on a regular basis, but now someone runs a script from a document in a browser. It now runs a process that is like Dropbox but is registered to a hacker or a system controlled by the hacker. When it syncs, this will allow the hacker to install a file that will be bypassed by the AV, because of the initial recon, he knows what AV solutions are in place and finds a bypass to the AV. He can now execute the file and wreak havoc. This seemingly innocuous event is called Beaconing.
How is IT going to discover this scenario without understanding that this event may be happening under their nose?
Correlation event tools for monitoring this type of traffic and process creation in the host is critical. The security engineers are always looking for these telltale signs, but IT is looking at the quantity of network traffic, assumes the firewall is blocking bad traffic and expects alerts on this bad traffic.
What kind of response can you expect from IT?
In my experience, a company will usually have HR policies but never IT Security policies. Clients always claim it is a good idea, but time and resources are an issue.
Usually, the outcomes of our assessments vary from very poor security (nobody is dealing with alerts, AV has failed updates, systems have failed updates, and the backup drive is sitting next to the server) to discovering that they are under a live attack from a port (Remote Desktop Protocol) that should have been closed years ago or do not have any mitigating controls in place to help defend attacks on this common access point. However, these vulnerabilities are often left unattended as someone might need access even once a year.
As a trusted partner, I would highly recommend the Cyber Essentials Canada Certifications. It is the beginning or baseline for a company to start protecting themselves from the changing landscape. By certifying, you can prove to clients that you take the security of their data seriously, and do not plan to be in a breach scenario if the worst were to happen. No company is too small to be attacked. Without this certification, all companies could be subject to unwanted recovery costs, ransom payments, legal costs, and forced upgrade costs.
Cyber Security Canada is currently assisting several organizations through the certification process. I think the success story behind companies certifying is the fact that people are starting to take cybercrime seriously and don't want to be a victim.
Finally, the Cyber Essentials Customer Success Team are always helpful. Providing templates for policies, they are consistently responsive to emails and calls. They are not in a rush to get you off the phone and are willing to listen to all your needs.
To learn more about our Certification Programs and how to become a trusted partner with Cyber Essentials Canada Contact Cyber Essentials Canada today!