The Criticality of Strong Cyber Hygiene

By: Josh Mayfield | 11/27/2018

The more connected we become, the more at risk we are to cyber criminals who are busy looking for a chance to capitalize on our technology dependency. Unfortunately, we’ve seen this breakdown many times - in our hospitals when WannaCry ransomware forced medical personnel to turn away patients and in our local governments when ransomware used by the SamSam group rendered the city of Atlanta incapable of validating arrest warrants or accepting bill payments from residents. These are but two recent examples.

With countless attack possibilities and an ever expanding threat surface area driven by the explosion of apps, IoT and mobile users, savvy organizations today consider a breach a matter of when, not if. But there are practical steps you can take that will make a successful attack harder which might just be enough to cause your would-be attacker to move on to lower hanging fruit for a faster, easier score.

As your organization works to become more effective and efficient through innovative technology, a security mindset must be baked in from the very beginning. This mindset is best shaped by the goal of strong cyber hygiene which includes covering off on these basic areas:

  1. Fortifying data
  2. Probing for sensitive info
  3. Blocking unauthorized software
  4. Monitoring hygiene
  5. Educating users

Allowing the protection of your service offerings to become an afterthought could be a costly mistake. Thankfully, the NIST Cybersecurity Framework (NIST CSF) was created to help us advance along the continuum of good cyber hygiene. It was designed to help IT security pros everywhere, regardless of industry, categorically safeguard their devices, data, apps and users with a set of 5 broad practices: identify, protect, detect, respond and recover.

If you are looking for more information on how NIST CSF can help your organization, we created a series of short videos on the framework and other essential cybersecurity tips. For more on cyber hygiene, watch this video below, which is a look at NIST CSF’s second pillar, Protect. And you while you’re at it, watch and subscribe to our full Cybersecurity Insights video series on YouTube.



Video Transcript

Hey! It's me again, Josh from Absolute.

This week's episode is fully dedicated to the "Protect" pillar of the NIST Cybersecurity Framework.

Although everyone wants to describe their data devices apps and users as safe, the label is only true when we take deliberate steps to make it that way. Which is why the NIST Cybersecurity Framework focuses on those actions we can take to have safe devices, safe data, safe apps, and safe users.

The second law of thermodynamics tells us that everything in our universe, everything, goes from order to disorder, unless something (or someone) acts to reverse the drag of entropy. Without action, devices and data will naturally lead to disorder. They'll degrade and fall to shipwreck.

But the NIST "Protect" pillar gives us guidance for VPN access, blocking cloud storage apps, persisting endpoint visibility, and regenerating security apps like encryption or anti-malware: all hallmarks of good cyber hygiene.

With a keen eye on endpoint hygiene, you can bolster the entire device population. All put into service to protect data. These attributes can be measured with a unique score: The Endpoint Hygiene Coefficient.

When no single device aligns with my picture of hygiene, my Endpoint Hygiene Coefficient is "0".

This is rare. So rare, that we can rule it out. But just as rare is an Endpoint Hygiene Coefficient of "1". If only our devices remained that pristine. So imagine an Endpoint Hygiene Coefficient of "0.81". This means that some, if not all, devices are pulling us away, to some degree, from where they need to be.

Some devices are unencrypted, others are encrypted but have sensitive data in cloud storage apps. Still others have outdated AV tools. The reasons can vary, but by examining the device population AND quantifying the drift, you can get ahead of mishaps that put data at-risk.

We all have data to protect. But when you fortify data and avoid unwitting user hazards by probing for sensitive information, blocking unauthorized software, monitoring hygiene and recruiting your users to join your epic quest you can safeguard our most valuable raw material: information.

The world is far from perfect. But in the next episode, we'll accept that reality that we don't live in a Utopia, and explore the techniques for finding trouble.

So make sure you subscribe, and we'll see you next time!

Financial Services