Editor’s Note: Weekly throughout October—Cybersecurity Awareness Month—UMUC will be sharing tips, best practices and information to help you protect your data and personal information and become more aware of cybersecurity issues in our daily lives. Week 1 featured “Hack” to School, the top eight tips for students’ safety. During Week 2, we shared Five Proverbs to Live By to survive in cyberspace. This week, Balakrishnan Dasarathy, PhD, UMUC Professor & Program Chair, Cybersecurity and Information Assurance, wonders …
Is Your Employer Implementing These 5 Cyber Security Action Items to Secure the Workplace?
You’ve probably heard, especially during this year’s Cybersecurity Awareness Month, that cyber threats are increasing in number and sophistication. Adversaries of various kinds range from nations and states to the lone wolf, and from political extremists to monetary reward-seekers.
Often, our adversaries are insiders. Their motivations vary and include sabotage, denial of service, ransom, political malfeasance, surveillance and reconnaissance. But regardless of the attacker and the motivation, organizations can minimize their vulnerabilities and exposure to threats by focusing on five specific areas:
- Employee Awareness and Training―Employees are the weakest link in cybersecurity today. The importance of training them in these essential personal cybersecurity measures cannot be stressed enough. Employees should:
- Always use long and complex passwords
- Change their passwords often
- Never use the same password in multiple sites
- Never share sensitive information over social networks
- Avoid clicking attachments in phishing emails
Security awareness should not be a once-a-year event. Ongoing training and communication are keys to avoiding unsafe cyber behavior. Good “cyber hygiene” must be continually reinforced because the temptation to cut corners is ever-present in any competitive corporate environment.
Employees frequently should be cautioned against exfiltration attacks of proprietary information, whether the unauthorized transfer deals with sales data, customer contacts or intellectual property such as product design.
- Sensible Bring Your Own Device (BYOD) to Work Policies: Today, the growing malware and exfiltration threats are through personally owned smartphones, tablets or other mobile devices brought to work. A major reason is that the enormous pressure to bring mobile apps to market using a short development cycle often results in less emphasis on security.
Mobile apps provide a quick entry point for cyber-attacks in an enterprise. BYOD policies should clearly state which devices and apps are allowed in the workplace as well as the need to monitor those devices, using device management software, to detect intrusion attempts, malware infestation, and ensure up-to-date patches.
Employees should be made aware that anything on their devices, including their personal email, documents and data, can and will be monitored. They should also know that in the case of theft or loss, everything in their device might be wiped clean to prevent sensitive enterprise data from getting into the wrong hands.
- Security of Front-End Web Applications: Many enterprises, especially those that deal with end customers, are likely to host a web server allowing access to the services that they provide. This web service is literally a “front door” to the organization’s information assets.
A web application might have been built internally or customized from a vendor product. In either case, though, security should have been “baked in” during every step of the application’s development—from requirements, to design, to implementation, to testing—and there are well-known secure software development methodologies to follow.
Often, an adversary breaks into a system by supplying improper input to various fields in the web interface. Various injection attacks, specifically SQL injection attacks to circumvent proper authentication, happen through the web server. An enterprise’s databases are its information crown jewels. So it’s very important to make sure that all input data is validated and sanitized thoroughly in the application code.
If an enterprise didn’t develop its own web application, then it should at least employ fuzz testing to check application security. Fuzz testing is similar to what an attacker does by crafting unusual or random input to test whether an application can be penetrated.
- Plugging Holes Against Insider Threats: We have seen many instances of insider threats including the two prominent ones at the National Security Agency (NSA). Insider threats lead to two major forms of attack―exfiltration attacks for monitory gain or for political and propaganda purposes, and sabotage and revenge attacks.
In the latter case, a perpetrator might commit an attack while actively employed, as he or she is about to transition from a job, or even after leaving by, for example, planting a logic bomb in application code to activate an attack at a specific future time.
The best way to prevent or at least minimize insider threats is to adopt what is known as the “least privilege” policy, which simply means that employees should be given the minimum authority needed to perform their job’s functions. Also, frequent job rotation or changing domains of administration is a good policy to detect and prevent abuses.
Employees should be cautioned that their activities can and will be monitored and that any non-compliance can result in termination and prosecution. Deterrence is a powerful strategy against insider threats!
- Installing and Updating the Latest Version, Patches and Anti-Virus Software: Malware is released on a continual basis. To combat this, configure antimalware software to be updated at least once every day.
A malware, whether a virus, worm, Trojan horse, bot, or ransomware, has its own signature or key characteristics that can be programmed for detection. The vendor updates its antimalware software signature file or database so that it can detect any new malware.
Moreover, new malware is often created to take advantage of a newly discovered vulnerability in various enterprise software artifacts, including operating systems, languages, middleware such as Java, and applications such as Outlook and Word.
To minimize future malware exploiting this vulnerability, install a patch or new version of the affected software that’s issued by the vendor as soon as it becomes available.
By Balakrishnan Dasarathy, PhD, UMUC Professor & Program Chair, Cybersecurity and Information Assurance