At ILTACON 2018, security is a hot topic. I had the great privilege of being a speaker on the panel for part 1 of this 3 part series - PREVENTION. There is so much ground to cover with security initiatives, but you have to start somewhere. Prevention is intended to keep bad things from happening in the first place.
As the world changes, so must our security methods for prevention. Strong password security, multi-factor authentication (MFA) for remote access, and logins that are running as "user" and not "administrator" are old news. If you're not doing this already, stop reading this and get these things in place. But in today's world, you have to think bigger and farther. We now must consider our cloud account security and all of the end points associated with accounts that are part of your business environment. We now must learn the lessons from egregious attacks like NotPetya and begin an active strategy to address patches and other vulnerabilities to protect against lateral movement of attacks in our organization.
But we can't stop there. We must also recognize that the perimeter we are to defend has changed. Microsoft and others have been saying for a while now that the new perimeter defense is not our network infrastructure, but rather IDENTITY. This brings in the importance of addressing the people side of security. Awareness is key! People are the number one way into an organization. People are hacked more than systems every day. People have to be a big part of your Prevention strategy. Regular, ongoing, immersive awareness communication and education is at the heart of this strategy. Keep people informed. Keep them involved. Keep them aware of the reasons why they should care. Keep them updated on the changes going on around them. Security is EVERYONE'S job, and people can be your biggest asset in your prevention efforts.
Stay tuned for the next Blog in this series: DETECTION.