Conduct an inventory of technology suppliers, inventory service providers, cloud vendors, and software products. You cannot secure your environment until you understand your exposure. You can cut down on your work and your supply chain cybersecurity risks by limiting suppliers’ access to your IT resources and sensitive data. Often, suppliers have more access than they really need and consequently pose more risk to your organization than necessary. Conduct a review of supplier access at least annually, and limit access to the minimum necessary for them to get the job done. Threats can come from other sources as well. Applying risk mitigation techniques to all of your cyber activities is important to preclude cyber attack or intrusion.
Ask your software vendors for a Software Bill of Materials (SBOM)
What is a Software Bill of Materials (SBOM)? It is an inventory of all software components and code bases, which can include: open-source software, dependencies, packages, vendor agents, SDKs, APIs, and more that are used in a software program. The Colonial Pipeline attack is part of the reason a 2021 Executive Order that now requires federal agencies to get SBOMs from vendors. Having this information ensures you know what is in your environment, and it will help you respond quickly in the event of a mass exploit like Log4j. It is smart to make this a requirement for your new vendors. Subscribe to exploit intelligence services and keep an eye on cybersecurity news. It is important that you act quickly when mass exploits are announced. Many companies and organizations have cybersecurity alert lists or publish this information in their newsletters.
Implement Stronger software patch management policies
According to a survey conducted by the Ponemon Institute, 42 percent of the respondents that had been breached stated that the cause was a known, unpatched vulnerability for which a patch was available but was not applied. Many organizations have a patch management policy that calls for monthly or bimonthly patching cycles. But when a critical vulnerability is announced, hackers may actively try to exploit your server within hours or days, not weeks. You need to update your patch management policies and procedures to ensure quicker patching for critical vulnerabilities and require strong patch verification. Many organizations think they have successfully patched their software, only to find out later the patch failed. Consider using Microsoft WSUS or a commercial patch management system, and always verify patches.
Enhance your monitoring and logging policies
Ensure that logging is turned on and set appropriate retention rates. Consider centralizing your logging. Then make sure you are monitoring your logs.
Start Proactive threat "hunting"
This is becoming one of CISA’s top recommendations for first steps to take when a zero-day exploit or mass vulnerability is announced. Hunting for unusual activity enables you to see if an attacker is lurking in your environment. Because many zero-day exploits can bypass antivirus, if you do not have a threat hunting program or tools in place, you should.
Get a risk assessment
A cybersecurity risk assessment involves identifying what you need to protect (i.e., sensitive data, critical systems) and the vulnerabilities and potential threats associated with those assets. Your vulnerabilities and threats are then assessed for likelihood and potential impact of an exploit, taking into account existing security controls (technical or non-technical) that may mitigate or lower the overall likelihood or impact of an exploit.
|cookielawinfo-checkbox-analytics||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".|
|cookielawinfo-checkbox-functional||11 months||The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".|
|cookielawinfo-checkbox-necessary||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".|
|cookielawinfo-checkbox-others||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.|
|cookielawinfo-checkbox-performance||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".|