As the CTO or network administrator, you focus your valuable time on the health and integrity of the network so your staff and students can focus on their work. This may or may not allow you to spend the necessary time required to protect the network from intrusions, malware, and other cybersecurity threats. If you find yourself wishing for more time and resources to devote to security, you’re not alone.
Perhaps you need a new security mindset – one that can focus the resources you do have on what really matters. Here’s a suggestion: start looking at security from the inside out. It begins, strangely enough, with the assumption that you have been breached and now you must begin the forensic analysis of how it happened and what was lost.
A New Security Mindset
How would starting with the assumption you were breached change your overall philosophy about network security? First, you would know there was a serious problem to solve in your network, which would help to shape your thinking in terms of how to protect it, how you’d recover, and the tools you would need to do the job. The focus becomes “what is the most important thing on my network?” What are the crown jewels, so to speak, of your data and physical assets that could be most harmful to your district if they were compromised?
And if they were – despite all the security you have in place – how could it have happened? Looking at those scenarios will help you to determine two things. First, if there might be any weaknesses in your defenses after all. And second, if all else failed, how would you protect those vital assets? Maybe your highest priority would become network segmentation, reliable backups, a well-thought-out disaster recovery plan, or a more proactive prevention approach, backed by sophisticated threat intelligence.
Going Further
Assuming you’ve been breached is actually one of seven security mindsets that are the key to successful defense. Network security, after all, is not just about devices or hardware and security tools. Those all change over time. The right mindsets are what will keep you on track. And here they are, briefly:
1. It’s all about the people.
This one comes first for good reason. Awareness has improved over the years, but most security breaches still start with someone clicking on a bad link or falling for a phishing email. User training, including the basics of a strong password, and the implementation of 2FA might be the best investment of your time and resources, and the one with the greatest payoff.
2. There’s a new way to layer security.
It goes beyond protecting the perimeter and putting antivirus protection on endpoints. It’s about active threat intelligence that provides protection and visibility, a way to see and record network traffic for analysis and for detecting threats as early as possible.
3. Know what’s normal.
Establishing a baseline for your network enables you to detect when something may be wrong. Reviewing the “Basic” CIS Controls is always a good start here, and Network Security Monitoring (NSM) tools can be an inexpensive alternative to complicated SIEM devices for setting that baseline and monitoring your network traffic.
4. Take action when things aren’t normal.
When you have the relevant data and can spot threats before they develop into something serious, you can be more proactive. An effective back-up solution falls under this category, too. Your awareness of what is normal and what isn’t becomes a huge advantage.
5. Don’t underestimate the importance of threat intelligence.
The more you know, the better you can defend. Taking advantage of threat intelligence vendors’ services, or of the many other available sources of information about security threats, sharpens your defenses. This helps correlate and make sense of the data you see going across your network. As a bonus, active threat intelligence can be applied on the network to block threats before they get a chance to get a foothold.
6. Stay current.
Don’t wait for some professional group or government organization to announce an emerging threat. Join industry groups that share threat information. And get connected via social media, following top network security professionals and journalists on Twitter, for instance.
7. Assume you’ve been breached.
Again, this mindset helps you prepare for the worst, recognizing not only your weaknesses, but moving to put solid plans into place for prevention and recovery.
This blog is based on Ted Gruenloh’s presentation at the TCEA 2019 System Administrator and Technical Support Conference. For a comprehensive explanation of these security mindsets, check out the eBook 7 Security Mindsets to Adopt Today.
Photo: Taskin Ashiq