Most systems evolve over time, especially when it comes to subscriptions to services such as Microsoft 365 or Azure Active Directory. These often release new updates and features which are rolled out to customers, and can be easily integrated with your systems. Their ease of use makes them more accessible to small-to-medium enterprises - however, if left unchecked, they could result in vulnerabilities in your system. It’s important to deal with any gaps in your defences, and if you don’t know what to look for, a cyber assessment could help you address any risks and prevent a data breach from happening within your organisation.
Why is a cyber assessment necessary?
The Cybersecurity and Infrastructure Security Agency (CISA) issued a warning regarding the current risks to critical infrastructure from state-sponsored malicious actors, particularly from Russian cyber criminals. Ransomware attacks are also on the rise in every sector, with almost any organisation proving to be a ripe target, no matter the size of the business. In recent months there have been announcements of attacks on the Indian airline Spicejet and the German wind turbine specialist Deutsche Windtechnik AG - and crippling ransomware attacks have seen the government of Costa Rica forced to declare a state of national emergency.
What does an assessment entail?
During an assessment, a Cyber Security Consultant will introduce themselves, usually via a video call with all of the stakeholders involved in the assessment. Depending on the type of assessment, there may be a requirement to record interviews with individuals. Next, they’ll ask that a document be completed outlining your business’ current network configuration and user accounts.
Whilst best practice is to ensure that documentation like this is continually updated to reflect configuration changes, it isn’t always the case. In some businesses, where a small IT department is responsible for all IT operations, they may find this difficult to maintain in practice. During a cyber assessment, the consultant will perform an audit. Not only will they attempt to confirm that the provided configuration outline is accurate, but any configuration issues will also be noted (especially when systems interact, or settings are left in the default position - security risks can and do emerge).
What to be on the lookout for
A common entry point for malicious actors is via user accounts. For example, a phishing email containing a credential harvester or an attack such as password spraying. Once initial access is established, this could potentially be used to pivot, with the criminal either taking over or creating an account with high privileges to achieve persistence. Many ransomware attacks start this way, with the malicious actor maintaining an undetected presence for weeks or months before taking any action, making this step particularly important given the current cybersecurity threat landscape.
Any accounts that are not strictly needed should be disabled and deleted by a dedicated administrator as soon as possible. For example, when a member of staff leaves, their account should be terminated during the exit interview. A dedicated administrator account should be in place to perform critical tasks such as account creation and deletion, and this account should be used solely for this purpose - this makes tracking the activity of privileged accounts much more efficient.
Privileged accounts and permissions should be audited regularly in order to prevent privilege creep (this happens when a user previously required access to a system, but doesn’t any longer – their access should be revoked as soon as it’s no longer necessary), and organisations should also ensure that role-based access control is implemented.
The steps to take after an assessment
Of course, commissioning a cyber assessment costs money. However, it offers an excellent return on investment, as the cost is far cheaper than the price you’d have to pay following a successful attack. It is rare for the resulting report to contain no recommendations – even if this does happen, though, an assessment is still worthwhile to do for peace of mind. Effectively, it would show that your organisation’s systems are already optimally configured and secured, a fact you will have confirmed by a cyber security analyst.
The post-assessment report is a comprehensive document, outlining the consultant’s findings with an executive summary, followed by a detailed technical breakdown for IT administrators. Cyber security recommendations are then presented on a scale from ‘Critical’ to ‘Low Risk.’ This allows the organisation to prioritise the recommended actions required to strengthen their cyber defences against the risks found during the assessment. If needed, a cyber security consultant can undertake the recommended mitigations for you.
Our cyber expert partners at Cyber Security Associates offer a range of assessments to help you mitigate against security risks, including: Microsoft 365, IT infrastructure, Maturity and Gap Analysis of Data Security against frameworks such as NIST, and ISO 27001 policies. They’re also a Cyber Essentials Certified Provider, which means that they can help you and your business demonstrate your commitment to cyber security by obtaining either the Cyber Essentials or Cyber Essentials Plus certifications.
A cyber assessment is the best way for you to understand the biggest cyber threats to your business, and locate any security vulnerabilities before they can be exploited.
For more information on how a cyber assessment could help you, or how to go about undertaking one, don’t hesitate to get in touch with us, and we can work on a plan to suit your needs.