In an ever-expanding world of cyberspace, the prevalence of cyber-attacks grows daily. Allocating budgetary resources to network and cybersecurity remains a pressing concern for many businesses, often accompanied by the question: "Who would target us, and why?!"
Small businesses face the challenge that lies in establishing robust protective measures. Where should one begin, and what are the most viable approaches for IT and security engineers to safeguard the business while fostering growth? Identifying those responsible for delineating a secure network is paramount.
In today's environment, security is intrinsically linked to business continuity. The repercussions of a breach—whether financial, reputational, or legal—can be devastating to enterprises of any size. The last thing any business desires is the loss of revenue or customers. We recall the significant impact on SolarWinds, whose stock value plummeted by 22% following the revelation of a breach according to Washingtonpost.com.
As IT and network security professionals, it is important to think creatively and break free from limitations and obstacles whether financial or administrative to provide a better service to your customers and a more secure IT environment that can help business continuity.
To make things fall into place and have a starting point, let us develop a working model that can simplify a high-level policy to follow which can improve day-to-day responsibility and improve security, let’s name it "TSSA” which encompasses the following components:
· Training and Spreading Awareness: Collaborate with other organisations to educate new hires about email security like phishing and spam risk, the training levels should differ according to the employee job roles in the company, this implies that IT should also get the training and set their network safety policies to protect and reduce incidents.
· Scanning: utilize open-source tools such as Nikto and Nmap which are very useful and require no license to start your scan to networks and systems and create network vulnerability assessment reports to work on fixing these issues in a later step.
· Securing: Following the scanning step, we identified some of the vulnerabilities and followed the resulting report which should include a list of open ports that represent open services that can be potential risks and must close any unused port, then we have the vulnerabilities we found during the scan which might be a list for an outdated software that requires patching, or a risky software version identified and listed in CVE databases.
· Auditing: conduct periodic auditing which can be decided how often to do according to the network size and type to dissect and identify the auditing aspects, to start with reviewing access, privileges, open ports, and allowed access to the internet for servers and maybe even users and related aspects.
TSSA Cycle
Spreading awareness should be an ongoing process that includes regularly sending internal emails to educate users about the latest threats and phishing examples subscribing to security emails from the services you have which is also a good way to stay alert on news and updates. Users should be advised on how to avoid clicking on links from unknown senders and to exercise caution with links from known senders when the emails appear unusual or unexpected.
According to the NCSC, A financial sector company of around 4,000 employees received 1,800 emails that contained several variants of malware. The email claimed to be an invoice that needed urgent attention, which was relevant to the role of some of the recipients. It was not targeted at individual users with personal information, but was well written, with good spelling and grammar.
It takes one malware to cause chaos, so using threat modeling like STRIDE to model the threats targeting your business, what your assets are, knowing how they can be targeted, and how to prevent these attacks and close and safeguard your systems is crucial.
In conclusion, cyber security is an expanding universe of the IT world we are living in, we need to set a starting point and work proactively to protect and enhance network and systems security regardless of the financial, administrative, or whatever blockers and change the focus to working with the available resources or even create your tools with python cyber security libraries or through the use of open source tools.