the AI Act is a new European legislation that establishes harmonized rules for artificial intelligence (AI) systems within the EU. The primary goal of this legislation is to encourage reliable and human-centred AI applications. Adding tot that, the AI Act protects fundamental rights of citizens, ensures safety and secures a high level of environmental protection. An additional benefit is that this legislation supports the free movement of AI-based goods and services within the internal market.

The AI Act brings new standards and guidelines that your AI systems are required to comply with. This means that, as an organization, you need to strengthen the confidence in your AI solutions while managing the risks of AI-related cyber attacks. In addition, you need to develop strategies to counter unwanted use of AI. Adapting to these new rules in a timely manner is crucial for compliance and making the most of reliable AI technologies.

The AI Act has different obligations depending on the level of risk of the AI system you are using or developing:

• Prohibited AI: Developing, offering and using certain AI systems is strictly prohibited. Violations are severely punished with fines of up to €35 million or up to 7% of annual global turnover.
• High-risk AI: Systems that pose significant risks are subject to extensive obligations. These include mandatory risk analyses, human control, full transparency and mandatory registration of the system.
• Limited risk AI: These systems primarily require transparency obligations, such as clear user notifications on the use of AI.
• Minimal risk AI: No specific obligations apply. However, best practices are strongly recommended.

In addition, AI developers must meet various compliance obligations:

• Preparing detailed documentation explaining how the AI works and how the system is trained.
• Applying ethical and technical standards to avoid bias and discrimination in the AI model.
• Implementation of an effective risk management system specific to AI.

The AI Act is not isolated legislation, but works together with existing EU regulations, such as:

• GDPR: AI systems processing personal data must comply with strict privacy rules.
• NIS2: AI solutions within essential sectors, such as energy and telecoms, must meet cybersecurity standards.

Non-compliance carries significant risks:

• High fines of up to 7% of global turnover or €35 million.
• Possible ban on the use of non-compliant AI systems.
• Serious reputational damage and legal consequences.

The way we work and do business is changing at lightning speed. Cloud computing, SaaS solutions, and remote working have become the norm. This has given businesses tremendous flexibility, but it has also led to new cyber security challenges. Traditional security models, which relied on the idea of a secure perimeter (such as the “castle and moat” model), no longer suffice in this new world. They are simply not designed for today’s distributed IT environments.

Why Zero Trust?

Imagine a company operating like a medieval castle: thick walls, drawbridges, and watchtowers to keep out the invaders. This worked fine when all employees worked within the castle walls, with their applications and data safe behind them. But now that everyone works from different locations, those walls have actually become useless. We don’t need a castle, we need a whole new way of thinking. This is where Zero Trust comes in.

What makes Zero Trust so powerful?

1. No Trust, Always Verify: Zero Trust revolves around the principle that no one is automatically trusted. Whether someone is inside or outside the network, their access is continuously verified. This is a radical shift from the old model, where everyone inside the fortress was considered “safe.
2. Protection against lateral movement: One of the biggest threats today is the ability for attackers to move laterally within a network once they are inside. Zero Trust prevents this by giving users access only to specific applications, rather than to the entire network.
3. Improved user experience: Unlike traditional methods, where traffic was routed back to a data center (causing delays), Zero Trust enhances performance by directing users straight to the apps they need.

How AI helps us

1. Real-time threat detection: AI can analyze vast amounts of data in an instant and recognize patterns that indicate potential threats. This makes it possible to identify attacks before they do any damage.
2. Automation of security: AI makes it possible to automate routine tasks, such as file scanning and traffic monitoring. This means security teams can focus on the really important things.
3. Smart decision-making: AI can help make better, data-driven decisions. By adding context to threat intelligence, security analysts can respond more quickly and accurately.

Practical applications and examples

Take the 2020 pandemic, for example, which caused a huge shift to remote working. Many companies that still relied on traditional security models were suddenly faced with new vulnerabilities. In this situation, Zero Trust offered a robust solution. By treating each user as a potential threat, companies were able to protect their systems even while their staff worked from home.

And then there is AI. In the fight against cybercrime, AI has proven itself indispensable. Imagine a suspicious e-mail entering your inbox. Traditional filters might not pick it up, but an AI system, trained on millions of examples of phishing attempts, recognizes the patterns and blocks the e-mail before it can do any damage.

In short…

Today, the combination of Zero Trust and AI offers businesses a powerful way to protect against the ever-increasing threats in the digital world. It’s not just about strengthening defenses; it’s about rethinking how we approach security in an era where the lines between physical and digital worlds are becoming increasingly blurred. Companies that embrace these technologies will not only be better protected, but better positioned to take advantage of the opportunities of the future.

“As a Cyber Security Specialist at OpenSight, I deal with the complex world of cybersecurity daily, where we are engaged in a race with criminals and state actors. As a Cyber Security Specialist, you know that you’ve chosen a profession where continuous learning and development are a must, as your adversaries are also constantly evolving. We often review reports from key players in this field. Recently, I reviewed the CrowdStrike 2024 Threat Hunting Report, and I’d like to share some of my findings and advice with you. This report not only provides insights into the latest trends in cyber threats but also emphasizes the need for a proactive approach to effectively combat these threats. Let’s dive deeper into what this means for you and your organization.”

The cunning of modern attackers

“What stood out to me most while reading this report is the constant evolution of attackers. Cybercriminals’ tactics are becoming increasingly sophisticated and dynamic. Where they once relied on simple, automated attacks, we now see a significant rise in so-called ‘interactive intrusions.‘ These are attacks where the attacker is actively sitting behind the keyboard in real-time, ready to bypass security measures as they appear.”

“This has significant implications for how we protect our networks. The speed and cunning with which these attackers operate make it essential not only to rely on automated security measures but also to have well-trained personnel capable of detecting and countering these advanced attacks. CrowdStrike’s report highlights the importance of speed in detection and response, which perfectly aligns with my own experiences.”

Cross-Domain Threats: An Increase in Complexity

“Another key insight from the report is the growing threat of cross-domain attacks. These are attacks where various parts of the IT infrastructure are targeted simultaneously, such as identity systems, endpoints, and cloud environments. What makes these attacks particularly dangerous is that they are often difficult to detect because the activities are spread across multiple domains, making them appear less suspicious when considered individually.”

“The challenge here is to see these activities in context and understand how they are related. This requires not only advanced technology, such as CrowdStrike’s AI-driven solutions, but also an in-depth knowledge of the various IT domains and how attackers can exploit them.”

The solutions: proactive threat hunting and AI

“In my opinion, the key to securing organizations against these complex threats is a combination of proactive threat hunting and the use of AI. As the report indicates, the time an attacker needs to move laterally within a network (the so-called ‘breakout time’) is often just a few minutes. This means there is no time to waste in detecting and responding to an attack.”

“AI can play a crucial role here by analyzing vast amounts of data in real-time and identifying patterns indicative of a threat. CrowdStrike’s Falcon platform is an excellent example of how AI can be used not only to detect attacks but also to automatically respond and prevent further damage. This kind of technology is indispensable in the fight against modern cyber threats.”

My advice for businesses

Based on the findings in the report and my own field experiences, here are some recommendations I would like to offer to businesses looking to enhance their security:

1. Keep learning and adapting: The world of cybersecurity is constantly changing. Stay informed about the latest trends and techniques, and ensure that your security strategy aligns with them.
2. Invest in proactive threat hunting: Don’t wait for an attack to occur before taking action. Ensure that you have a team constantly searching for potential threats, both inside and outside the network.
3. Utilize AI and Machine Learning: Traditional security systems often fall short when it comes to detecting today’s complex attacks. Invest in AI-driven solutions that can recognize patterns and respond quickly to suspicious activities.
4. Manage access strictly: Insider threats are a serious danger. Ensure you have strict access controls in place and continuously monitor who has access to which systems and data.
5. Monitor cloud environments closely: With the shift to cloud computing, it is essential to have a clear view of what is happening in your cloud environments. Attackers are increasingly targeting these areas, so make sure your cloud security is robust.

In short…

“The CrowdStrike 2024 Threat Hunting Report provides valuable insights into the modern threat landscape and confirms much of what we already know: threats are becoming more complex, attacks more sophisticated, and response times shorter. As a Cyber Security Specialist, it is clear to me that the future of security lies in a proactive, intelligence-based approach, supported by the power of AI. By combining these approaches, we can ensure that our organizations are not only protected against today’s threats but also prepared for the challenges of tomorrow.”

“Let’s work together towards a safer digital future!”

“Do you have questions or want to learn more about how to better secure your organization? Feel free to reach out via my LinkedIn profile!”

~ Marcel Krommenhoek

It’s no secret that the world of cybersecurity is constantly evolving. Businesses face new challenges and threats daily, making it essential to stay updated with the latest trends. Two technologies dominating the conversation this year are Zero Trust and Artificial Intelligence (AI). But what do they really mean for your business? Let’s take a closer look at these trends and what they could mean for you.

The transition to Zero Trust

When we talk about Zero Trust, we’re not just referring to a new tool or buzzword. It represents a fundamental shift in how we approach security. The traditional model, where companies relied on perimeter-based security, has seen its day. This approach, which was once enough to keep threats out, now falls short in the era of cloud computing and remote work.

Why is Zero Trust so important?

1. Security for a decentralized world: In an era where employees can work from anywhere at any time, it’s crucial to ensure they have secure access to the resources they need, without the risk of unauthorized access.
2. Protection against internal threats: Not all threats come from the outside. Sometimes internal actors, whether intentional or not, pose a significant risk. Zero Trust ensures that no one, not even internal users, has access to more than they need.
3. Flexibility and scalability: As businesses grow and evolve, Zero Trust offers a flexible approach that can easily be adapted to changing business needs.

The impact of AI on security

AI is not just a buzzword in the world of cybersecurity; it’s a game-changer. Traditional security systems are often reactive, meaning they respond only once an attack is already underway. AI changes this by enabling a proactive approach, where threats are detected and neutralized before they can strike.

What do these trends mean for your business?

For businesses, the integration of Zero Trust and AI brings several tangible benefits. Firstly, it means better protection against today’s increasingly complex threats. But it also means that your company can respond more flexibly to changes in the market and technology.

Take, for example, a company that is rapidly growing and hiring new employees. With a traditional security approach, it could take months to securely onboard everyone onto the right systems. However, with Zero Trust and AI, this process can be much faster and more secure.

Additionally, AI gives you the ability to identify threats that you might otherwise overlook. This means you’re not only protecting your data but also safeguarding your reputation and business continuity.

In short…

Zero Trust and AI are essential tools for businesses that want to survive and thrive in an ever-changing digital world. By embracing these technologies, you can ensure that your company remains secure and is also prepared for the challenges of tomorrow. It’s time to think about the future of your business security and take the necessary steps to secure that future.

Last month was another one of those days, there was a global disruption caused by a bug in software. Unfortunately, the error turned out to be so severe that Windows machines went into a blue-screen of death (BOSD). So even though CrowdStrike had fixed the issue within 90 minutes and stopped pushing the faulty update, the damage had been done. I sympathise with the IT departments that had to deal with this as this must have caused massive chaos. This incident, where problems with CrowdStrike security software led to computer system failures worldwide, highlights the need for a robust Disaster Recovery (DR) plan. This article discusses the importance of a good DR plan and highlights the essential steps: inventory, plan, test, learn and repeat.

Inventory: understand what you need to protect

The first step in creating an effective DR plan is taking an inventory. This involves making a complete and detailed list of all critical IT assets within your organization.

This includes servers, network equipment, software applications, data storage and even physical locations. Understanding which systems and data are critical to your core processes helps prioritize protection measures, as well as develop a plan.

When taking inventory, it is important to also identify dependencies between systems. This means understanding how different components of your IT infrastructure are connected and how a failure in one system can impact other systems. It’s advisable here to look especially at the organization’s core processes and, from that perspective, determine how to get these processes back up and running when things go wrong.

Plan: develop a strategic DR plan

With a thorough inventory, you can move on to the planning phase. A strategic DR plan should include clear procedures for different disaster scenarios, such as natural disasters, cyber attacks, hardware failures and human error. It is essential to assign specific responsibilities to team members and ensure that everyone knows what is expected of them in case of an emergency.

A good DR plan also includes a communication plan. This plan should describe how to communicate internally and externally during and after a disaster. The CrowdStrike incident highlights the importance of transparent communication to prevent panic and keep customers and partners informed of the recovery measures taken.

Learn: draw lessons from every incident

After every test or actual disaster, it’s important to carry out an evaluation and learn from the experience. This process includes analyzing what went well, what did not go well and what improvements can be made. Learning from incidents and tests helps to continuously improve and adapt your DR plan to new threats and technologies.

Repeat: continuous improvement and updating

Developing a DR plan is not a one-off task. It is an ongoing process that needs to be repeated and updated regularly. Technologies evolve, new threats emerge and business needs change. By regularly reviewing and updating your DR plan, you can ensure that you are always prepared for the latest challenges.

The CrowdStrike incident highlights how vulnerable even the most sophisticated IT systems can be and how important it is to have a robust and up-to-date DR plan. By taking inventory, planning, testing, learning and repeating, you can minimize the impact of disasters and ensure the continuity of your business processes. The IT chain is only as strong as its weakest link!

Of course, it is good to keep in mind that despite CrowdStrike causing this catarostrophic incident, they still prevented more downtime for customers than they caused.

OpenSight Back To School Series

During the OpenSight Back To School Series, we publish weekly blogs diving deeper into the five NIST Security Domains:

1. Identify
2. Protect
3. Detect
4. Respond
5. Recover

By implementing the measures associated with these domains, you can reduce the likelihood of cyber attacks and the impact of potential incidents.

In the world of cybersecurity, it’s crucial not only to know how to prevent an attack but also how to respond effectively when something does go wrong. The NIST (National Institute of Standards and Technology) Cybersecurity Framework offers a structured approach for organizations to enhance their cybersecurity. One of the key components of this framework is the ‘Respond’ domain. In this blog, we discuss the main aspects of this domain, including Response Planning, the 24/7 Security Operations Center (SOC), Cyber Security Incident Response Team (CSIRT), Security Orchestration, Automation, and Response (SOAR), and Incident Management Tools.

Response Planning: expecting the unexpected

In our previous NIST blogs, the topic of Response Planning frequently came up as a suggestion for implementation. In this blog, we’ll dive deeper into what Response Planning actually entails and why it is so important. Response planning is the backbone of an effective response strategy. It involves developing and implementing a plan that includes procedures and protocols to ensure that every team member knows what to do in the event of an incident. This guarantees less panic when something does go wrong.

How can you effectively apply Response Planning in your organization?

• Develop a Dynamic Plan: Ensure that your response plan is flexible enough to accommodate changes when new threats or technologies emerge. This means regular updates and reviews.
• Train Your Team: Practice makes perfect! Regular drills and simulations of incidents ensure that everyone on the team knows their role during a real incident.
• Communicatie is Key: Have a clear communication plan that describes how information will be shared during an incident, both internally and externally.

CSIRT: “The A-Team” of cyber incidents

The Cyber Security Incident Response Team (CSIRT) is your first line of defense when things go south. This team is there to jump into action, minimize damage, and get your organization back on track. Essentially, a CSIRT is like a fire brigade, but for cybersecurity.

Tips for establishing and deploying a CSIRT within your organization:

• Create a Multidisciplinary Team: Ensure a mix of different experts—from IT to legal—so that all aspects are covered. Like a SOC, a CSIRT doesn’t have to be entirely internal; it can also include external experts. However, ensure clear role distribution. Everyone should know who is in charge during an incident and who is responsible for what task.
• Quick Decision-Making: A good incident triage ensures that the most critical threats are dealt with first.
• Evaluation and Feedback: Conduct thorough evaluation and feedback sessions to identify lessons learned and improve processes.

SOAR: Smarter responses

SOAR (Security Orchestration, Automation, and Response) includes all the tools that make your cybersecurity much more efficient. It automates many of the time-consuming tasks and allows your team to focus on the really important matters. Less time wasted, faster responses—that’s what SOAR is all about.

4 tips for successful SOAR implementation

• Automate Repetitive Tasks: Let SOAR handle tasks like log analysis and incident classification, so your team can focus on more complex issues.
• Develop Playbooks: Create standard procedures for common incidents to ensure quick responses.
• Integrate with Existing Tools: Make sure your SOAR platform integrates with your existing security tools, like SIEM systems, for a seamless workflow.
• Alerts and Notifications: Set up alerts for critical events in SOAR, so relevant teams are immediately informed.

Incident Management Tools: The toolbox for cyber incidents

Incident management helps you keep everything organized, from the initial incident report to the final resolution. These tools help teams work in an organized and efficient manner, especially when multiple incidents need to be managed simultaneously. With the right tools, you can coordinate the entire incident response without causing panic.

How to effectively use Incident Management Tools?

• Choose the right tools: Select incident management tools that fit the size and needs of your organization. They should be scalable and capable of handling different types of incidents.
• Integration with their systems: Ensure that your incident management tools integrate seamlessly with your SOC, SIEM, and other security systems.
• Incident logging: Record every incident in detail, including timestamps, affected systems, and actions taken, for future reference.
• Automate Workflows: Use the tools to automate as many workflows as possible, from incident detection to reporting.

In short…

The NIST ‘Respond’ domain is crucial for reacting calmly, organized, and effectively to cyber threats. By focusing on response planning, having a 24/7 SOC, a sharp CSIRT, and utilizing SOAR and incident management tools, your organization can better prepare for and respond to cyber threats. This not only helps to minimize damage but also to maintain the trust of stakeholders during times of crisis.

Do you have questions about this blog or need help implementing the Respond domain? Feel free to contact us; we at OpenSight are at your disposal!

OpenSight Back To School Series

During the OpenSight Back To School Series, we publish weekly blogs diving deeper into the five NIST Security Domains:

1. Identify
2. Protect
3. Detect
4. Respond
5. Recover

By implementing the measures associated with these domains, you can reduce the likelihood of cyber attacks and the impact of potential incidents.

Today, we’re diving into the ‘detect’ domain of NIST. This part can get pretty technical, but it’s absolutely crucial for your organization’s cybersecurity. We’ll take a look at the key components of this domain: Intrusion Detection Systems (IDS), Security Information and Event Management (SIEM), Endpoint Detection and Response (EDR), Identity Detection and Response (IDR), and the Security Operations Centre (SOC).

Intrusion Detection Systems (IDS) – The digital guard dog

An Intrusion Detection System (IDS) is a security system used to detect unauthorized access to a computer or network resource. Think of IDS as a guard dog, but digital and without the fur. When it spots suspicious behavior, it alerts you. IDS is essential for maintaining integrity and protecting your data.

3 tips for successfully implementing IDS:

• Choose the Right IDS: Decide between a Network-based IDS (NIDS) or Host-based IDS (HIDS) depending on what works best for your organization. NIDS monitors network traffic, while HIDS watches over activities on individual devices.
• Configuration and Tuning: Set up your IDS to match your network traffic. Avoid false positives by adjusting rules and filters to fit your specific needs.
• Keep Your IDS Updated: Always keep your IDS up-to-date so it can detect the latest digital intrusion techniques.

Endpoint Detection and Response (EDR) – The personal bodygoard for your devices

Endpoint Detection and Response, or EDR, is another type of alarm system. Think of EDR as a personal bodyguard for all your devices, like your laptop, smartphone, and tablet. EDR watches these devices, detects suspicious activities, and responds quickly to stop threats. EDR goes beyond traditional antivirus software by monitoring suspicious activities on each endpoint in real-time. Imagine your phone suddenly starts sending strange messages; EDR would immediately notice and take action to prevent anything bad from happening.

Tips for using EDR in your organization:

• Choose a Reliable EDR Solution: Select an EDR tool that suits your organization and is compatible with all the devices you use. Look for features like real-time monitoring, threat intelligence, and response capabilities.
• Test the EDR Tool: Make sure the EDR tool works well and doesn’t conflict with existing software by running a test first. This also helps you see if it’s user-friendly and whether your team handles it well.
• Integrate with SIEM: Connect the EDR solution to your SIEM system to gain better insight into security incidents and respond to threats more quickly.
• Regular Reviews: Regularly assess the effectiveness of your EDR solution. Analyze incidents, adjust detection rules, and optimize the system to handle new threats.
• Frequent Reporting: Use the reporting features of the EDR solution to keep management updated regularly and evaluate the effectiveness of your security measures.

Identity Detection and Response (IDR) – Keeping an eye on access

Identity Detection and Response (IDR) focuses specifically on identities within your network. It’s less about systems and more about people. IDR ensures that only the right people have access to certain data and applications. It monitors suspicious login attempts and responds quickly to prevent unauthorized access. If someone tries to guess your password, IDR will catch this and make sure your account stays safe.

Things to Keep in Mind When Implementing IDR:

• Choose the Right IDR Tool: Figure out what you want to achieve with IDR and where your needs and risks lie. Then select an IDR solution that integrates well with your existing Identity and Access Management (IAM) and other security tools like SIEM and EDR.
• Implement a Response Plan: Create an incident response plan for identity-related incidents. This should include steps like isolating suspicious accounts and recovery actions.
• Consider Legal and Regulatory Requirements: Ensure that your IDR solution complies with relevant regulations and standards, such as GDPR or other industry-specific requirements.

Security Operations Centre (SOC) – The digital command centre

The Security Operations Centre, or SOC, is the last acronym we’ll cover in this blog. SOC is the nerve center of your security. The SOC team consists of experts who monitor your network 24/7, analyze threats, and respond to security incidents. Think of it as a command center where everything comes together. If something goes wrong, the SOC ensures a quick and effective response to minimize damage.

How to Effectively Use SOC in Your Organization:

• SOC Team: Assemble a team of experienced security experts responsible for monitoring and responding to security incidents. This can be an in-house or outsourced team. These security experts work together to maintain a 24/7 alert monitoring system.
• Advanced Tools: Implement advanced monitoring and analysis tools like SIEM, EDR, and threat intelligence platforms to support and enhance the SOC.
• Drills and Simulations: Regularly conduct incident response drills and simulations to prepare your SOC team for real threats.

In short…

The “Detect” domain of NIST may be technical and full of acronyms, it’s an indispensable domain for the cybersecurity of any organization. We’ve looked at IDS, SIEM, EDR, IDR, and SOC. Each of these components plays a crucial role in detecting and responding to security threats. Together, they ensure that your network and data remain secure, even in a world full of cyber threats.

If you have any questions or comments after reading this blog, or if you need help implementing the right tools and systems, feel free to contact us. We at OpenSight are happy to help!

OpenSight Back To School Series

During the OpenSight Back To School Series, we publish weekly blogs diving deeper into the five NIST Security Domains:

1. Identify
2. Protect
3. Detect
4. Respond
5. Recover

By implementing the measures associated with these domains, you can reduce the likelihood of cyber attacks and the impact of potential incidents.

Today, we’re diving into the ‘Protect’ domain of the NIST Cybersecurity Framework. This area is all about how you can safeguard your organization and data against various digital threats. We’ll be focusing on six key topics: Identity Management and Access Control, Awareness and Training, Patch Management, Encryption, Network Security, and Endpoint Protection.

Identity Management and Access Control: The Gatekeepers of Your Organization

Imagine you’re throwing a staff party—it’s important that only your employees, and maybe partners, show up. People who aren’t invited have no business being there. You’re aware of everyone who is attending, and you keep an eye on what everyone is doing. In the digital world, Identity Management and Access Control work in the same way. Identity Management helps organizations control who has access to their systems. Once someone is identified and the system knows who they are, Access Control decides what they can do. Access Control ensures that employees only have access to the data they need and nothing more.

4 tips for successfully implementing Identity Management and Access Control:

• Use Multi-Factor Authentication (MFA): Add an extra layer of security by requiring users to use multiple forms of verification, like a password and a text message code. This makes it harder for unauthorized users to gain access.
• Implement role-based Access Control (RBAC): Assign access rights based on the user’s role within the organization. This means that employees only have access to the data and systems they need for their work.
• Use Access Control Lists (ACLs): Utilize ACLs to specify which users or groups have access to certain systems, data, or files. This gives precise control over who can do what within your IT environment.
• Communicate and enforce access policies: Ensure that all employees are aware of the access policy and the consequences of not complying with it. Enforce the policy strictly to ensure the integrity of the systems.

Patch Management: digital plastering

We all kind of dislike those notifcations that pop up when your software needs updating. But in the world of cybersecurity, those updates are crucial. That’s why Patch Management is so important for your cybersecurity. Patch Management means keeping your software up-to-date with the latest security patches. These patches fix vulnerabilities that hackers might exploit.

Not patching is like walking with a hole in your shoe, fine when the weather is nice but when it starts raining, you would have preferred to go to the shoemaker earlier.

5 Tips to effectively implement Patch Management in your organization:

• Develop a Patch Management Policy: Define the frequency of patch updates, how they’re tested, who is responsible, and procedures for emergency patches in case of critical security issues. Make sure everyone in the organization is aware of this policy.
• Test Patches Before Rollout: Conduct a testing phase to ensure patches are compatible with your systems and don’t cause unexpected issues.
• Automate Patch Management: Use software to manage and install updates and patches automatically.
• Document Patch Activities: Keep a log of all patch activities, including installed patches, the systems they were applied to, and any issues that arose. This helps with compliance and audits.

Encryption: your data under lock and key

Encryption is a crucial part of protecting data. It encrypts your data, so only those with the right ‘key’ can read the information. This is especially important for sensitive information like customer data or financial details. Even if someone intercepts your data, they can’t do anything with it without the right key.

How to implement Encryption successfully:

• Choose the Right Encryption Algorithms: For effective data protection, it’s crucial to use modern, strong, and proven encryption algorithms. Old or non-standardized algorithms offer less protection and may provide a false sense of security. Make sure the chosen encryption meets relevant laws, regulations, and industry standards.
• Manage Encryption Keys: Managing encryption keys is almost as important as encrypting the data itself. Use a Key Management System (KMS) to securely generate, store, distribute, and destroy keys. Make sure keys are replaced regularly and that ypu have clear procedures for managing their lifecycle. Limit access to keys to authorized individuals and systems, and use hardware security modules (HSMs) for extra protection.
• Encrypt Data in Transit and at Rest: Encrypt both data that’s being transmitted and data that’s stored. For data in transit, use secure communication protocols to ensure that data can’t be intercepted or altered. For data at rest, encrypt all sensitive information, including backups and archives. This protects the data even if physical storage media are stolen or lost.

Network Security: defending your digital fortress

When defending a fortress, you want to make sure the walls are sturdy and that there are guards at the gate. Network security works the same way. It’s about using various strategies, technologies, and methods to ensure the integrity, confidentiality, and availability of networks and the information they carry. The goal is to protect networks from a variety of threats, such as cyber criminals trying to break in, malicious software (malware), phishing emails, and the leakage of sensitive information.

4 essential components for effective network security:

• Firewalls: Firewalls are important for network security. They act like a wall between an organization’s internal network and external networks like the internet. Implement firewalls to control which data comes in and goes out, based on predefined rules. They help prevent unauthorized access and can block suspicious traffic.
• Intrusion Detection and Prevention Systems (IDPS): IDPS are systems that detect and counteract suspicious activities or intrusion attempts on a network. An Intrusion Detection System (IDS) monitors network traffic for signs of harmful activity and alerts administrators. An Intrusion Prevention System (IPS) takes it a step further by taking action to block or stop these activities.
• Antivirus and Antimalware Protection: Networks need protection against malware that can spread across the network. Install antivirus and antimalware programs that scan network traffic and files for malicious software and remove or quarantine them.
• Monitoring and Logging: Continuous monitoring and logging of network activity is crucial for network security. By tracking network traffic and activities, potential threats can be quickly identified and addressed. Logs also provide valuable information for analyzing incidents and improving security measures.

Endpoint Protection: every device counts!

Endpoint Protection is a key part of the ‘Protect’ domain. This is about protecting all the devices connected to your network, like computers, smartphones, and tablets. All these devices contain valuable and sometimes sensitive information. Endpoint Protection ensures that this information is well-protected, even if an employee isn’t careful and leaves their laptop on the train.

How to Ensure Successful Implementation of Endpoint Protection:

• Identify Endpoints: Make a list of all the devices that have access to the network, including laptops, desktops, mobile devices, and IoT devices.
• Choose the right Endpoint Protection solution: Select a solution that provides comprehensive protection against malware, ransomware, phishing, and other threats. Make sure the chosen solution is compatible with the various operating systems and devices used in your organization.
• Implement Policies and Awareness: Develop clear policies for the use of devices and networks, like requiring passwords and prohibiting the installation of unauthorized software. Train employees on the importance of Endpoint Security and their role in protecting the organization. This will hopefully stop laptops being left on trains. Use MDM tools (Mobile Device Management) to enforce security policies on mobile devices that access company data.
• Regularly Update Endpoints: Keep all endpoints up-to-date with the latest software and security updates to minimize known vulnerabilities.

In short…

The ‘Protect’ domain of the NIST Cybersecurity Framework is the backbone of a proactive security strategy for organizations. By focusing on critical areas such as Identity Management and Access Control, Awareness and Training, Patch Management, Encryption, Network Security, and Endpoint Protection, you not only reduce cybersecurity risks within the organization but also create a culture of safety and awareness among employees. In an era where threats are constantly evolving, the ‘Protect’ domain provides a practical approach to maintaining robust and resilient cybersecurity.

Need advice or help implementing the ‘Protect’ domain in your organization? Feel free to contact us. We’re here to help!

OpenSight Back To School Series

During the OpenSight Back To School Series, we publish weekly blogs diving deeper into the five NIST Security Domains:

1. Identify
2. Protect
3. Detect
4. Respond
5. Recover

By implementing the measures associated with these domains, you can reduce the likelihood of cyber attacks and the impact of potential incidents.

This blog addresses an important part of cyber security: the NIST Cybersecurity Framework. This framework has five domains, each addressing a different aspect of cyber security. Let’s start at the beginning with the first domain: ‘Identify’ and the 5 main sub-topics within this domain: Asset Management, Risk Management, Supply Chain Management, Data Classification, and Cyber security Roles and Responsibilities. These topics form the foundation from which you build all your cyber security measures. If you get this right you’re well on your way to protecting your organization.

Asset management: knowing what you’ve got

Asset Management is all about knowing what you’ve got. Think of every device, system, software, and bit of data your company uses. It’s the first step in the ‘Identify’ domain for a reason. It’s tough to protect something if you don’t even know it’s there. Just like when you do a big spring clean, you need to know what’s in your house before deciding what’s important and what can go. Keeping an inventory helps you figure out which assets are most critical and need the most protection. It also helps avoid surprises when something goes wrong.

4 tips for successful Asset Management:

• Take a full inventory: Start with a detailed list of all physical and digital assets. Automated tools can make this less labor-intensive, which makes keeping your inventory up-to-date easier.
• Categorize Your Assets: Classify assets based on their importance to your business and their risk sensitivity.
• Keep your inventory up-to-date: Perform regular new scans and audits, especially after major changes or purchases.
• Label your assets: use labels or barcodes to easily identify and track your assets..

Supply Chain Management: keeping an eye out on your partners

Your cyber resilience is only as strong as your weakest link, and we’ve become increasingly connected and dependent on our connections with others. To properly protect yourself, you must strengthen all links. This includes suppliers and partners. Supply Chain Management means paying attention to the cybersecurity measures and resilience of your suppliers and partners. It’s about knowing who has access to your data and systems and ensuring they follow the same strict security measures as you do. This helps prevent security issues outside your direct control.

5 Tips for Effective Supply Chain Management:

• Screen your suppliers: Do your research before adding a new supplier
• Set clear requirements: Clearly state the security measures you expect from your suppliers and formalize them in contracts.
• Continuous monitoring: Continue to keep an eye on your suppliers’ cyber security practices.
• Regular Communication: Maintain open and regular communication with your suppliers about security expectations and updates.
• Conduct Audits: Schedule periodic audits of your most critical suppliers to ensure they continue to meet your requirements.

Data Classification: knowing what needs protection

Not all data is created equal. Data Classification is about organizing your data based on sensitivity and importance to the business. The classification is based on the confidentiality and sensitivity of the information. In essence, it comes down to how much impact an incident involving the confidentiality, integrity or availability with this information, has on the organization. Personal customer data, for example, needs more protection than a picture of a company outing. By properly classifying your data, you ensure that you provide the right protection where it’s most needed.

How to effectively implement Data Classification:

• Define classification levels: Establish clear categories for your data, such as public, internal, confidential and strictly confidential.
• Use labels: Label your data automatically based on their classification to reduce manual errors.
• Implement access control: Limit access to sensitive data to only those employees who really need it. And monitor and use and disseminate this information (DLP).
• Keep the Policy Up-to-Date: Regularly review and update the data classification policy to keep up with new threats and be able to take appropriate action.

Cybersecurity Roles and Responsibilities: Who Does What?

A strong cybersecurity strategy isn’t just about technology; it’s also about people. Cybersecurity involves everyone in the organization. It’s crucial to define clear roles and responsibilities so everyone knows what’s expected of them. From the IT department to the executive team, everyone has a role to play. Clear responsibilities ensure no confusion about who does what during an incident.

How do you get clear what the cyber security roles and responsibilities are within your organization?

• Define Roles and Responsibilities: Make a list of who is responsible for which aspects of cybersecurity. Include these roles and responsibilities in employees job descriptions.
• Communicate clearly: Make sure everyone understands what responsibilities they have and why.
• Training and awareness: Offer regular training to make employees aware of their role in security. Ensure management is involved and supports cybersecurity so the whole team sees the importance.
• Evaluate and Improve: Regularly evaluate your cybersecurity roles and responsibilities to keep them relevant and effective.

In short…

The “Identify” domain of the NIST Cybersecurity Framework is like building a solid foundation for a house. Without it, everything you build runs the risk of collapsing. By focusing on Asset Management, Risk Management, Supply Chain Management, Data Classification, and Cybersecurity Roles Responsibilities, you lay the foundation for a strong and resilient cybersecurity stance. Having these things in order increases the organization’s cyber resilience, making you more resistant to incidents.

If you need advice or help with implementing the ‘Identify’ domain in your organization, feel free to reach out. We at OpenSight are happy to help!

OpenSight Back To School Series

During the OpenSight Back To School Series, we publish weekly blogs diving deeper into the five NIST Security Domains:

1. Identify
2. Protect
3. Detect
4. Respond
5. Recover

By implementing the measures associated with these domains, you can reduce the likelihood of cyber attacks and the impact of potential incidents.