Today’s modern technology makes us more vulnerable and security risks are constantly increasing. You need to be aware of a lot to avoid that the vulnerabilities are exploited during a cyberattack – something that can have serious consequences both for the company and for society. Here we describe 5 important tips you should be aware of to better protect yourself against cyberattacks!
1. Create a security culture
Cybersecurity today is not only a technical challenge but also a human challenge – it is a matter of security culture. Criminals do not always use only technical shortcomings but also rely on people and social engineering to access sensitive data. Therefore, the human factor is the main cause of the most serious security breaches. Building and maintaining a strong security culture is thus an extremely important part of the work with cybersecurity.
To become better at security culture, attitudes and behaviors need to change. The organisation needs to see cybersecurity and security culture as an activity-critical activity and not solely as an IT issue – it is also important that the management prioritises the issue. What should define the work with security culture is to think of security as something that enables the work, not hinders it.
2. Update your systems in a secure way
The smarter systems get and the more software these are based upon, the need to be able to update these systems has increased. This need is due to the fact that complex software often contains bugs that should be fixed to ensure stability and security of the systems.
But making these updates is something that in itself can pose a security risk if not done properly. The integrity and availability of the systems must be maintained, and most system updates are normally not sufficiently evaluated in the environment in which they are used or in combination with the applications running. This primarily applies to OT environments where accessibility to the systems is essential.
To avoid the risks and to maintain the integrity and availability of the systems and be able to make secure updates, special solutions are required – read more about them here!
3. Segment your networks
Network segmentation reduces the risk and limits the damage of a cyberattack. Without it, there is a risk that sensitive information can leak or be manipulated, and that malware and ransomware can spread uncontrollably and quickly making the systems inaccessible. Attackers do not normally take the direct path to the target, such as critical control systems. Instead, they worm their way in via weak points far out in the network, alternatively via phishing or customer service, to reach their goal. State-funded attackers are also equipped with patience, prepared to work long-term doing everything in small steps, and are unfortunately often one step ahead. The harsh reality is that industrial control systems may already have been attacked without anyone noticing.
When working with cybersecurity and segmenting your systems into security zones, it is a good idea to use a risk-based way of working. In this way, you can avoid that the security work is carried out according to some undefined “ad hoc” method. In addition, it is often easier to explain and justify the investments you want to make if you can account for the risks you handle or reduce. The standard IEC 62443 is a good method to use when doing your risk-based zoning. Read more about it here!
4. Import files in a secure way
Importing files into secure environments poses a great security threat if the files are not properly scanned for malicious code before transfer. Transferring files between security domains pose risks to the receiving system. Malicious code in your sensitive network may exfiltrate information, perform sabotage by altering or make information inaccessible by ransomware. Systems can be made inaccessible and thereby cause serious consequences and costs.
Advenica’s Cross Domain Solutions provide an efficient and automated measure to scan for malicious code and at the same time assure separation for the connected networks.
5. Allow what is safe
Traditionally, many of our IT security products have been built using blocklisting as a basis; antivirus programs look for software code that matches a list of known signatures, intrusion detection systems look for suspicious traffic patterns, etc. With a blocklist, the list of signatures or traffic patterns must be updated when new threats appear. This means that there is a time window from discovery until the time the threat is met by inclusion in the blocklist. The system is at risk during this period. You also have the risk of someone else secretly knowing about a threat that never makes the list.
The opposite of blocklisting is allowlisting. The word allowlisting refers to the method of allowing only desired and trusted data in the system. Instead of blocking known threats, the system only lets in the type of data that is allowed. Nothing that has not been specified before is trusted. There are many physical systems based on allowlisting – the required key is needed to open a lock, only the right account holder can withdraw money from a bank account, and so on. Read more about allowlisting in our White Paper!
Do you want to know more about what we can do for you? Read more here!
Read more about our solutions here!
Do you have any questions? Do not hesitate to contact us!
