State actors have tremendous resources they can use to attack your organization and its networks. Based on your organization\'s maturity, you need to take steps now. Before it is too late. This article is for those organizations that have a new/weak/non-existent security posture.
Nearly everyone has an immature cybersecurity posture.
The guiding principle of your strategy is to focus on the detection of a breach and resiliency.
- Turn on authentication logging and review for unusual times, locations, etc. Do this daily.
- Send all of your security device logs to a Security Incident and Event Management (SIEM) system. If you cannot afford one, use open source.
- Ensure you have active and properly restoring backups of your systems.
- Create a fast recovery system where servers and workstation images can be rapidly deployed.
- Install and/or validate your backup systems and backups. Backup critical systems at least daily.
- Purchase "buffer equipment" that can be used to swap out/replace compromised systems while you re-build compromised ones.
- Determine what patches need to be installed by assessing all of your systems and their current patch levels.
- Hire a Security Operations Center (SOC) as a service company. Have people who know what they are looking at watch your networks for you.
- Obtain training for your staff (security team and otherwise) on cybersecurity topics (anti-phishing, operational security, etc)
- Restructure your Internet-facing systems to utilize Load balancers, DNS shielding, and operational redundancy. This can be very inexpensive and highly effective against a multitude of attacks.