5 best practices for reacting quickly to security incidents

3. May, 2021

In Austria alone, estimates put the number of affected systems at over 7,500 [1]: Various vulnerabilities in Microsoft Exchange servers allowed (or allow) the hijacking and compromise of critical corporate communications – the so-called hafnium hacks. Many systems were not updated and patched quickly enough. Fast and efficient responses can be achieved in an emergency by following simple best practices to maintain up-to-date cyber security.

Concrete recommendations for action: Basis CIS Security Controls

As early as 2012, the 20 Best Practices were developed as guidelines for companies to permanently improve IT security even in non-IT affine companies and institutions. Since 2015, they have been published and regularly updated by the Center for Internet Security (CIS); the current version 4 is from 2019. In addition to detailed instructions, more in-depth technical recommendations for action are also freely available. [2]

Top 5 CIS IT Security Guidelines

Start by establishing the following processes to put your IT systems on a robust foundation.

    • Create and maintain an up-to-date inventory for software and hardware used.
      Only if you know which systems and versions are in use in your company can you react quickly to current recommendations and notifications. An inventory is thus the basis for an initial assessment of the situation and enables quick identification and reaction to possible threats.
    • Evaluate and remedy weaknesses on an ongoing basis.
      Based on the current inventory, the existing systems can be checked for indications of problems and vulnerabilities. This process is mainly supported by automation through appropriate tools, enables the rapid detection of vulnerabilities and includes the immediate installation of updates through patch management.
    • Limit the rights of users and never work with admin rights.
      One ill-considered click, one wrong website – 100% security will never be achievable. It is, therefore, more important that all users only work with the necessary rights (principle of least privilege). Administrator, backup or other essential and powerful roles in IT systems should never be used for daily work. In this way, damage limitation is achieved in the event of possible incidents.
    • Use e-mail, browser and malware protection on all systems.
      The most frequent gateways for malware are still e-mails and web browsers. Ensure that only the specified updated systems are used, that protection against malware is available on all systems without exception and that it cannot be circumvented.
    • Carry out regular backup and restore tests of essential data.The question is no longer whether a security incident will occur but when it will occur. Regular backups of important systems and data are therefore essential. Do not forget to test backup data for recoverability and integrity at regular intervals. Protect your backup system additionally against unauthorised changes and sabotage, e.g. by outsourcing data to media that cannot be accessed online.

Based on the top 20 of the CIS guidelines, these five points contribute significantly to achieving a minimum standard of a long-term oriented IT security strategy. However, they are only the beginning – the complete list and further details can be found directly on the CIS website.

 

recommended reading:

Three years after NotPetya: 5 tips for your business

Data backups targeted by new attack strategies

Working safely from home

Sources

[1] https://cert.at/de/aktuelles/2021/3/microsoft-exchange-server-von-neuen-und-alten-schwachstellen

[2] https://www.cisecurity.org/controls/cis-controls-list/

SIEM

What is a SIEM?

Nozomi Guardian Air
HarfangLab Guard
MITRE ATT&CK Framework
v.l.n.r.: Joe Pichlmayr (CEO IKARUS) – Anouck Teiller (CSO HarfangLab) –Alexander van der Bellen (Bundespräsident Österreich) - Frédéric Joureau (Erster Botschaftsrat der französischen Botschaft in Wien) – Christian Fritz (COO IKARUS)
EDR
Cyber Kill Chain
Business Email Compromise
Prognosen für die zehn größten Cybersecurity-Bedrohungen für 2030
E-Mail Verschlüsselung
Schritt für Schritt zum Notfallplan für IT-Security-Incidents
Account Management
Bedrohung
Indicators of Attack
Gefahren durch vertrauenswürdige Services
Threat Intelligence

WE ARE LOOKING FORWARD TO HEARING FROM YOU!

IKARUS Security Software GmbH Blechturmgasse 11
1050 Vienna

Phone: +43 1 58995-0
Sales Hotline:
+43 1 58995-500
sales@ikarus.at

SUPPORT HOTLINE

Support hotline:
+43 1 58995-400
support@ikarus.at

Support hours:
Mon – Thu: 8am – 5pm
Fri: 8am – 3pm
24/7 support by arrangement

Remote maintenance software:
AnyDesk Download