How to design a successful cybersecurity plan
Last week, we discussed how your company's data could be compromised for an extended period without anyone in the organization knowing about the data breach (207 days on average). So, how should a cybersecurity footprint be designed to help mitigate these types of scenarios? To answer this question, while developing and implementing a new or existing cybersecurity footprint, the existing network and IT infrastructure should be viewed as a possible roadblock to a successful Cybersecurity Solution.
Network, Servers, Hosts, and Data …Oh My!
Segmentation of your network, or subnetting, into VLANs (Virtual Local Area Networks) has been around for a while and was initially implemented to aid in network performance, troubleshooting, or to bridge the gap with physical limitations. The reasons for looking at your data outside of just networking are crucial when developing your Cybersecurity plans, and that starts with the overall architecture of your infrastructure. Understanding the traffic, systems, applications, and data utilized and how the users access all of these systems is critical. It does not matter if you are a SMB or Enterprise customer; the design criteria are the same, and how it scales becomes the only differentiator. Below is a list of the more common traffic and data types most networks have in place:
- Datacenter Servers running applications like ERP, CRM, File
- Cloud Access over the Internet
- IoT systems like cameras and security systems
- Virtual Desktops or RDP access for both internal and external access
- VPN user access
- Web Servers
- Wireless Users (Guest and Corporate)
The above is just a sampling of areas that threat actors will attack. You can implement changes and isolate each of the areas by increasing segmentation. This reduces the risk of cross-contamination or a breach. Segmentation also allows you to implement specific algorithms and monitors, both human and software, to look for possible threats based on the type of system(s) used.
Case Study: ICG was hired to handle a breach for a significant manufacturing, distribution, and retail organization of over 3,000 employees. This organization lacked a cohesive architecture of its network and infrastructure, and there needed to be more segmentation or air-gapping for any of its systems and applications.
The site was compromised, and the threat actors planted the ransomware. When it hit, EVERY system was encrypted. The simplest system, and one of the most important to protect, is your backups….well they did not segment the backups, and ALL Backups were encrypted, including the archive.
During the remediation, we discovered many other high-risk areas throughout the organization. Proper architecture, implementation, and procedures would have saved this company millions of dollars in time, lost business, and recovery. Cybercriminals are indiscriminate, so don't think this couldn't happen to you. It can happen to anyone!
Beginning this journey can be daunting and one of the most complex parts of implementing a Cybersecurity plan. ICG's IT Professional Services offer a host of health checks and evaluations to ensure your systems are in an architectural best practice state. Contact ICG and let us help you with your Infrastructure and Cybersecurity.