The Center for Internet Security or “CIS” has five controls for IT projects that will prevent 80% of today’s cyber threats. These critical security controls or recommendations provide an objective, time-tested framework to inform, prioritize, and simplify security-first IT system design. With cyber-attacks on the rise, dynamic security hardening is imperative to neutralize innovative ransomware, zero-day vulnerability, political hacktivism, and data breach assaults.
According to Cybersecurity Magazine, 43% of data breaches involve small and mid-size businesses.
A related study by Bullguard revealed that nearly 50% of SMB owners did not have a cybersecurity defense plan.
Cyber threats are widespread, and almost half of us are increasingly unprepared. It’s time to change that right now.
Using actual results from a network security assessment for a ten-person employee benefits broker, we’ll use practical examples to illustrate how the following five CIS initiatives will fortify your defenses:
- Institute Cyber Security Awareness Training
- Implement Continuous Vulnerability Management
- Refine and Limit Administrative Access Privileges
- Maintain, Monitor, and Analyze Audit Logs
- Incorporate Incident Response and Management
#1 – Institute Cybersecurity Awareness Training
Computer-based training has transformed the effectiveness of cybersecurity awareness training. This educational technology combines instruction, quizzes, gamification, and simulated phishing tests to turn your employees into human firewalls.
The curriculum is frequently lighthearted and humorous, which keeps users engaged.
Cybersecurity awareness is also available through webinars and panel discussions hosted by popular solution providers like Acronis, Arctic Wolf, Datto, Dell, Cisco, KnowBe4, Microsoft, Proofpoint, managed service providers, insurance companies, and more.
Cyber threats are here to stay, and everyone has a stake in the game.
Learn More: Cybersecurity Webinar
#2 – Implement Continuous Vulnerability Management
Ongoing vulnerability management is like personal healthcare. A physician examines a patient, scans for vulnerabilities, and takes preemptive measures to remediate and reduce the impact of adverse outcomes.
For instance, when an annual physical reveals a man in his fifties is 25 pounds overweight, has elevated cholesterol, and escalating blood pressure, the doctor will likely recommend dietary, exercise, and stress management modifications.
The same approach applies to preventing cyber weaknesses in your network from intensifying.
Product offerings in this space employ many of the following service categories:
- Adaptive Security
- Behavioral Anomaly Detection
- Cloud Compliance
- Endpoint Protection (EPP)
- Managed Detection & Response (MDR)
- Security Information and Event Management (SIEM)
Learn More: Continuous Vulnerability Management Providers
#3 – Refine and Limit Administrative Access Privileges
Tightening administrative access privileges is a fancy way of saying, “Don’t give multiple parties the keys to your house.”
In this instance, the house is your network. And only a few carefully vetted individuals should have permission to make system changes, add gatekeepers, or admit new, unwanted guests.
This IT project is more of a best practice and shouldn’t take long to complete.
Learn More: Administrative Access Best Practices
#4 – Maintain, Monitor, and Analyze Audit Logs
Every device in your digital estate requires maintenance, monitoring, and analysis. Why? Hardware, software, and cloud applications generate volumes of data.
That’s why you need advanced SIEM tools to capture this activity, decode trends, and transform this massive output into valuable insights.
LogRhythm, Splunk, Sumo Logic, Chronicle, and Azure Sentinel are leading SIEM providers. Each helps reduce management expenses for in-house IT departments.
Learn More: Audit Event Log Monitoring
#5 – Incorporate Incident Response and Management (IR)
Incident response and management solutions respond to security threats with preplanned, automated responses and follow-up incident reports.
IR platforms follow playbooks informed by policies and best practices for threat hunting, anomaly detection, and real-time remediation.
IR accelerates response time and minimizes the resources required by teams to identify and remove endpoint threats. Some prominent IR offerings include:
- Cofense Triage
- KnowBe4 PhishER
- Proofpoint Threat Response Auto-Pull
- VMware Carbon Black EDR
- Barracuda Forensics and Incident Response
Learn More: Incident Response
How do you decide which IT projects to do first?
Before implementing any of these IT project ideas, speak with your MSP about options. Some of these offerings are available with fixed-fee IT services at no additional charge.
Others are available as add-ons. For example, many MSPs white-label security services from Managed Security Service Providers (MSSPs) that bundle MDR, SIEM, Vulnerability Management, IR, and more into unified solutions.
This means three of the five CIS controls we reviewed may be available through your MSP, so you don’t have to purchase anything a la carte or go directly through an MSSP.
Arctic Wolf is a fantastic MSP partner, and its website is one of the best cybersecurity learning centers on the internet.
Learn More: Cyber Security Thought Leadership