97% of cyber events could have been prevented!
MAINTAINING FOCUS ON GOOD CYBER HYGIENE
A Verizon-Secret Service study* documents that as much as 97% of cyber events could have been prevented, or mitigated the damages, through the use of best practices:
- Monitor and filter outbound network traffic
- Ensure essential controls are met and regularly audit to in order consistent implementation
- Change default credentials
- Avoid shared credentials
- Implement a firewall or access control list (ACL) on remote access/administration services
- Utilize IP blacklisting
- Update anti-virus and other software consistently
- Audit user accounts
- Restrict and monitor privileged users
- Test applications and review codes
- Monitor and mine event logs
- Change the approach to event monitoring and log analysis
- Define ‘suspicious’ and ‘anomalous’ (then look for whatever ‘it’ is)
- Increase awareness of social engineering
- Train employees and customers to look for signs of tampering & fraud
- Create an incident response plan
- Engage in mock incident testing
- Secure business partner connections; and
- Eliminate unnecessary data and keep tabs on what is left
If you would like explanations and examples, I can help!