What are some of the biggest mistakes that businesses make when it comes to monitoring cyber threats?
What are the most common mistakes that businesses make regarding cyber threats? What measures can be put in place to avoid these mistakes? Do you have threat intelligence tools that you swear by to help with monitoring cyber threats?
Senior Network Engineer at a government with 5,001-10,000 employees
Real User
2020-07-27T14:31:58Z
Jul 27, 2020
The biggest single mistake I see businesses making in monitoring cyber threats is relying on humans to check these threats manually. This is a big mistake and a waste of human capital. Humans are prone to error, and the large number of threat warnings that inevitably show up with these tools make it too dificult to sort through and find the significant threats.
Automation is the key. Cyber security teams need to turn on all available automation so as to allow humans to keep track of bigger picture items. Another mistake is to not turn on automatic drop or reset of packets that contain threat vectors. NGFWs such as Palo Alto can do this automatically. Critical and High level threat packets should be automatically dropped.
Defense is depth is often ignored. You need boundary security (firewalls), endpoint security (antivirus and vulnerability tools) and network access security (NAC tools) among others. Syslog collection and montoring tools can perform anomaly detection as well.
Another thing people tend to ignore is database security. Every read should be monitored and only allowed to specific users. That way you can alert on an intruder reading databases for exfil.
Search for a product comparison in Threat Intelligence Platforms
We know that cyber security is an important concern for every organisation. The management of any organisation face the task of ensuring that their organisations understand the threat and set the right priorities. The management of any organisation face the task of ensuring that their organisations understand the threat and set the right priorities.
The management of any organisation face the task of ensuring that their organisations understand the threat and set the right priorities. The management of any organisation face the task of ensuring that their organisations understand the threat and set the right priorities.
To many, cyber security is a bit of a mystery. This is probably one of the reasons why it is not always approached appropriately.
Lacking knowledge of cybersecurity.
Mistake: “We have to achieve 100% security”
Reality: 100% security is neither feasible nor the appropriate goal
Developing the awareness that 100% protection against cyber crime is neither a feasible nor an appropriate goal is already an important step towards a more effective policy, because it allows you to make choices about your defensive posture. A good defense posture is based on understanding the threat (i.e. the criminal) relative to organisational vulnerability (prevention), establishing mechanisms to detect an imminent or actual breach (detection) and establishing a capability that immediately deals with incidents (response) to minimize loss.
Mistake: “When we invest in best- of-class technical tools, we are safe”
Reality: Effective cyber security is less dependent on technology than you think.
Good security starts with developing a robust cyber defense capability.
Although this is generally led by the IT department (who should be aware of the importance of cyber security), the knowledge and awareness of the end user is critical.
Mistake: Neglecting Security Testing
These require regular testing through both automated vulnerability scanning and deep-dive penetration testing.
Train your staff in everything from laptop protection to social engineering identification. And don't forget to retrain because the scams continue to get sneakier.
Sending valuable data to incorrect recipients via email
Accidentally emailing documents with sensitive data
Publishing confidential data on public websites by mistake
Misconfiguring assets to allow for unwanted access
Mistake: Believing a Breach Won't Happen to You.
They have to follow the below Cyber trends and the future model
Summary of techniques and vulnerabilities focused by threat actions.
Who are the actors?
How do they function?
What techniques do they use?
How do they get in to your environment?
How do they exploit corporate challenges?
What potential impact can they cause?
These issues coupled with common other mistakes – failure to plan, failure to define scope and being overly optimistic in scoping – were the pitfalls of SIEM implementations. This has not stopped CIOs and CISOs aggressively positioning SIEM as a silver bullet, to the extent of engaging 3rd party service providers to assist in monitoring.
A Threat Intelligence Platform (TIP) is a solution that collects, analyzes, and distributes threat intelligence data. TIPs can help organizations to identify and mitigate cyber threats by providing them with insights into known and emerging threats.
The biggest single mistake I see businesses making in monitoring cyber threats is relying on humans to check these threats manually. This is a big mistake and a waste of human capital. Humans are prone to error, and the large number of threat warnings that inevitably show up with these tools make it too dificult to sort through and find the significant threats.
Automation is the key. Cyber security teams need to turn on all available automation so as to allow humans to keep track of bigger picture items. Another mistake is to not turn on automatic drop or reset of packets that contain threat vectors. NGFWs such as Palo Alto can do this automatically. Critical and High level threat packets should be automatically dropped.
Defense is depth is often ignored. You need boundary security (firewalls), endpoint security (antivirus and vulnerability tools) and network access security (NAC tools) among others. Syslog collection and montoring tools can perform anomaly detection as well.
Another thing people tend to ignore is database security. Every read should be monitored and only allowed to specific users. That way you can alert on an intruder reading databases for exfil.
We know that cyber security is an important concern for every organisation. The management of any organisation face the task of ensuring that their organisations understand the threat and set the right priorities. The management of any organisation face the task of ensuring that their organisations understand the threat and set the right priorities.
The management of any organisation face the task of ensuring that their organisations understand the threat and set the right priorities. The management of any organisation face the task of ensuring that their organisations understand the threat and set the right priorities.
To many, cyber security is a bit of a mystery. This is probably one of the reasons why it is not always approached appropriately.
Lacking knowledge of cybersecurity.
Mistake: “We have to achieve 100% security”
Reality: 100% security is neither feasible nor the appropriate goal
Developing the awareness that 100% protection against cyber crime is neither a feasible nor an appropriate goal is already an important step towards a more effective policy, because it allows you to make choices about your defensive posture. A good defense posture is based on understanding the threat (i.e. the criminal) relative to organisational vulnerability (prevention), establishing mechanisms to detect an imminent or actual breach (detection) and establishing a capability that immediately deals with incidents (response) to minimize loss.
Mistake: “When we invest in best- of-class technical tools, we are safe”
Reality: Effective cyber security is less dependent on technology than you think.
Good security starts with developing a robust cyber defense capability.
Although this is generally led by the IT department (who should be aware of the importance of cyber security), the knowledge and awareness of the end user is critical.
Mistake: Neglecting Security Testing
These require regular testing through both automated vulnerability scanning and deep-dive penetration testing.
Mistake: Concentrating Too Much on the Perimeter.
Mistake: Disregarding Security Awareness Training.
Train your staff in everything from laptop protection to social engineering identification. And don't forget to retrain because the scams continue to get sneakier.
They have to follow the below Cyber trends and the future model
Summary of techniques and vulnerabilities focused by threat actions.
Who are the actors?
How do they function?
What techniques do they use?
How do they get in to your environment?
How do they exploit corporate challenges?
What potential impact can they cause?
These issues coupled with common other mistakes – failure to plan, failure to define scope and being overly optimistic in scoping – were the pitfalls of SIEM implementations. This has not stopped CIOs and CISOs aggressively positioning SIEM as a silver bullet, to the extent of engaging 3rd party service providers to assist in monitoring.