A recent report conducted by the Centre for Internet Security (CIS) has found that many of today’s companies are neglecting simple cybersecurity practices. In the study, named “State of Cyber Hygiene Report”, over 300 Professional I.T. Technicians were surveyed to find out if organizations were adhering to 6 key cybersecurity avenues. Their results are as follows:
1 // Security management of company hardware
Inventory tracking of company hardware is essential to being able to detect suspicious devices that connect to your company’s network. If an attacker is able to connect a malicious device to the company’s server, they will have bypassed a critical aspect of the company’s cybersecurity wall.
The study discovered that a mere 29% of the studied companies keep inventories of 90%+ of their devices. Significantly, the survey discovered that more than half of the companies take between hours and months to discover unregistered devices on the company network.
2 // Security management of company software
Similarly to hardware management, software whitelisting allows for an organization to only allow authorized software to be installed on company-connected devices. The detection of any suspicious or unregistered software will result in an alert. Without this precaution, company computers could be running malicious software completely undetected.
With the proficiency of current-day malware, it only takes minutes of undetected connection for a malicious device to wreak havoc. However, CIS found that only 14% of organizations were able to detect new devices on their network in minutes, leaving the remaining 86% vulnerable to these devices.
3 // Ongoing assessment of vulnerable areas
Organizations should be continuously vigilant for new software vulnerabilities and react promptly in downloading relevant updates. Many historical cyberattack incidents were the result of companies neglecting to update their servers in time, making them vulnerable to threats that were in-fact patched out months before. It is recommended that companies adopt cycles of update-checks on the timeline of days and weeks, rather than months, in order to maximize security.
The study discovered that a majority (56%) of the companies have been keeping up with updates within one week, while the remainder of the companies took over a month to discover and deploy new updates.
4 // Limited administrative access
Administrative accounts have more control over an organization’s computers. Because of this, they are often a major target for cyberattackers. To counteract this, it is recommended that administrative computers are kept disconnected from sectors of the company’s network, to both minimize their vulnerability as well as their control. However, it was found that only 47% of companies are using this method to protect their administrative computers.
5 // Managed configuration environments for company devices
A common avenue for data breaches is a mistake during the set-up of software on new company systems. This is because configuration of these machines is often done in unsecure, unmonitored environments. To counteract this, it is important for the company server to scan for changes in software configuration on a minute-by-minute timeline. However, the study found that a mere 18% of companies were actually adhering to this recommendation.
6 // Ongoing monitoring of company event logs
Finally, it was deemed important for companies to continuously monitor logs of changes and digital activity. This allows for more efficient detection of suspicious or unregistered activity, which may be cause by cyberattack attempts. It was found that an astonishing 54% of studied organizations were not doing any log analysis on their network’s systems.
Do not fall victim to cyberattack. Become informed and regularly practice these 6 critical cybersecurity measures. Our tech experts at GigE have years of cumulative experience designing, deploying and maintaining cybersecurity strategies.
With our new 10-for-10 policy, we now offer ten minutes of professional consultation for only CAD$10. Call us at +1 888 366 4443 to get started now!