As a chief information security officer, an entire organization counts on you to create safe spaces for the use of valuable technology. This makes it essential for you to know how you can start protecting your network. A single breach or malicious attack can take down critical services. This can result in immediate lost revenue and leave a lasting negative effect on the company’s reputation.
The mindset of a CISO must have a 360-degree approach to technology, looking for potential threats and vulnerabilities from all angles. He must also stay up to date on the latest emerging technologies, both those that could harm their business and those which could help to protect it.
Below is a set of advice for the modern CISO on how you can start protecting your network and organization from the most dangerous forms of cybercrime and cyber attacks.
Decrease Software Risk
A simple web or mobile application can require millions of lines of code. And all it takes is one security flaw for the company to be at risk of losing data, time, and money.
These days, hackers will try to infiltrate public web sites through SQL injections and cross-site scripting (XSS) attacks. Their goal is to corrupt or expose the information stored on back-end servers.
As a leader in the technology organization, the CISO must make cybersecurity a key pillar of the overall corporate strategy. This approach needs to be flowed down to all engineering managers and reinforced to developers as well.
Significant investments should be made in the area of quality assurance. However, one should keep in mind that even the best code testers will not uncover every bug or security gap.
Watch for Insider Threats
You typically picture a hacker as a shady criminal working with a rogue government or other unsanctioned organization. And while those types of individuals certainly do pose a threat to companies, the reality is that many of the worst data breaches in recent history have come about because of insider threats.
Depending on their role and level of access, disgruntled employees can cause severe damage to hardware, software, and the corporate network itself. These types of incidents can be incredibly hard to predict or trace until it’s too late.
To start, the CISO needs to preach a belief in minimal access permissions. This means that individual employees should only have access to the systems and data their job requires. No one should ever have an administrative account to databases that store personal or confidential information.
A CISO cannot feel guilty about spying on his or her team. Insider threats can only be discovered and stopped if there are abundant logging and monitoring on internal systems.
Stop WebRTC Leaks
All secure corporations will have a remote access policy that requires employees to use a virtual private network (VPN). They are to use it when connecting to corporate resources from outside the network. However, an encrypted connection is not always enough to keep servers and databases secure.
The trend of WebRTC leaks has risen in recent years. A leak occurs when a web browser inadvertently includes identifying information, such as local IP addresses, in HTTP requests to external websites. That type of breach might not seem like a huge risk, but even that’s enough to put a company’s cybersecurity in jeopardy.
As CISO, you should research which VPN services protect against WebRTC leaks. Then, only invest in one of those as your corporate solution. There is a range of third-party browser tools available to allow you to test out your vulnerability to these types of breaches. If left unprotected, a hacker can actually carry out an XSS attack with information stolen through a WebRTC leak.
Secure Mobile Devices
Gone are the days when all of a company’s IT transactions would occur on desktop and laptop computers. Now, most employees use their tablets and smartphones for common work activities such as email, instant messaging, and data sharing. This, of course, creates a new range of risks that a CISO must protect against.
First, as CISO you must outline a mobile device policy for the organization as a whole. Some companies still distribute locked-down phones and tablets to their staff. However, most have switched to a bring your own device (BYOD) system. Employees typically prefer to use their own phone and tablet at the workplace for convenience. However, it makes the CISO’s job much harder.
Uncontrolled mobile devices create threats in multiple ways. If they are allowed to join the local Wi-Fi network, then they could potentially introduce viruses or malware into the organization. In addition, allowing email and other data servers to connect to outside mobile devices can result in more opportunities for hacking.
Mobile devices on the corporate network should be tracked just like every other piece of hardware. By logging the activity from each physical MAC address, the security group can identify when a phone or tablet has gone rogue or disappeared. In such an event, the owner’s account should be immediately locked to reduce the risk.
Leverage Automation and Machine Learning
Humans are fallible in every mode of daily life. This is particularly true in protecting their digital identity and data. For this reason, a CISO should look beyond their team and make significant investments into tools and solutions that can automate cybersecurity.
An emerging trend is the wave of machine learning in network and application protection. CISOs can now install smart software on their firewall systems that will not only track network activity but also identify potential threats and thwart those attacks without any manual intervention required.
Machine learning is also applicable to software testing and analysis. A single tool can automate the work of a dozen quality assurance engineers. It can also locate potential code flaws that might never have been discovered.
For a CISO, the challenge is convincing the people in the organization to trust this artificial intelligence. They should know how to use it to strengthen the security of what they’re building together.