Most systems evolve over time, especially when it comes to subscriptions to services such as Microsoft 365 and Azure Active Directory. These often release new updates and features which are rolled out to customers, and can be easily integrated with your systems. Their ease of use makes them more accessible to small-to-medium enterprises, but over time, if left unchecked, they could result in vulnerabilities in your system, which are waiting to be exploited by cyber criminals. It’s important to make sure any gaps in your defences are dealt with, and if you don’t know what to look for, a Cyber Assessment could help you address any risks. In short: a Cyber Assessment could be what prevents a data breach happening within your organisation.
Why is a cyber assessment necessary?
The Cybersecurity and Infrastructure Security Agency (CISA) recently issued a warning regarding the current risks to critical infrastructure from state-sponsored malicious actors, particularly from Russian cyber criminals. Ransomware attacks are also on the rise in every sector, with almost any organisation proving to be a ripe target, no matter the size of the business. In recent months there have been announcements of attacks on the tire manufacturer Bridgestone, the workforce management firm Kronos and Strix Group, a manufacturer of temperature controllers for small appliances such as kettles based on the Isle of Man.
What does an assessment entail?
During an assessment, a Cyber Security Consultant will introduce themselves, via a video call with all of the stakeholders in the assessment. Depending on the type of assessment, there may be a requirement to record interviews with individuals. Next, they will ask that a document be completed with an outline of your business’ current network configuration and user accounts.
Whilst best practice is to ensure that documentation like this is continually updated to reflect configuration changes, many IT departments, where a small team may hold the responsibility for all IT operations, find this difficult to maintain in practice. The consultant will then perform an audit. Not only will they attempt to confirm that the provided configuration outline is accurate, but any configuration issues will also be noted (especially when systems interact, or settings are left in the default position - security risks can and do emerge).
What to be on the lookout for
A common entry point for malicious actors is via user accounts. For example, a phishing email containing a credential harvester or an attack such as password spraying. Once initial access is established, this could potentially be used to pivot, with the criminal either taking over or creating an account with high privileges to achieve persistence. Many ransomware attacks start this way, with the malicious actor maintaining an undetected presence for weeks or months before taking any action, making this step particularly important given the current cybersecurity threat landscape.
Any accounts that are not strictly needed should be disabled and deleted by a dedicated administrator as soon as possible. For example, when a member of staff leaves, their account should be terminated during the exit interview. A dedicated administrator account should be in place to perform critical tasks such as account creation and deletion, and this account should be used solely for this purpose - this makes tracking the activity of privileged accounts much more efficient.
Privileged accounts and permissions should be audited regularly in order to prevent privilege creep (this happens when a user previously required access to a system, but doesn’t any longer – their access should be revoked as soon as it’s no longer necessary), and organisations should also ensure that role-based access control is implemented.
The steps to take after an assessment
Commissioning a Cyber Assessment has a monetary cost. However, it offers an excellent return on investment, as the cost is far cheaper than the price you’d have to pay following a successful attack. It is rare for the resulting report to contain no recommendations – even if this does happen, though, an assessment is still worthwhile to do for peace of mind. Effectively, it would show that your organisation’s systems are already optimally configured and secured, a fact you will have confirmed by a cyber security analyst.
The post-assessment report is a comprehensive document, outlining the consultant’s findings with an executive summary, followed by a detailed technical breakdown for IT administrators. Cyber security recommendations are then presented, on a scale from ‘Critica’ to ‘Low Risk.’ This allows the organisation to prioritise the recommended actions required to strengthen their cyber defences against the risks found during the assessment. If needed, a cyber security consultant can undertake the recommended mitigations for you.
At Cyber Security Associates, we offer a range of assessments to help you mitigate against security risks, including: Microsoft 365, IT infrastructure, Maturity and Gap Analysis of Data Security against frameworks such as NIST, and ISO 27001 policies. We’re also a Cyber Essentials Certified Provider, and can help you and your business show your commitment to cyber security by obtaining the certification. Don’t hesitate to get in touch with us today to find out how we can help.