Security Plan – Your Approach to Cybersecurity Threats
All businesses have one thing in common; they will all face a cyber security threat at some point. It is critical to have a strategy and PLAN for this eventuality before it occurs in order to ensure minimal disruption to your business, enable the survivability of your technology platforms, support prompt data recovery and detail all legal and regulatory reporting mandates.
Security events include cybercrimes, internal sabotage, natural disasters, sustained power outages, telecom outages, human errors and more. A good plan will have not only the actions required for a cyber response, but the people who will take those actions and the sequence in which they will occur. An important part of the plan is identifying who the plan administrator is and who will orchestrate when and what sections of the plan will be executed (and communicate to all the participants). Remember, every task must have a primary and secondary person assigned in the event the primary is not available.
Everyone knows an effective emergency evacuation plan must be practiced regularly by the evacuees to have maximum effectiveness. Likewise, a cybersecurity response plan must be kept up to date with changes in the IT environment and then practiced on a regular basis during drills and simulations. Recovery processes must be tested on a regular schedule to ensure they can recover from complete IT loss as well as less catastrophic events.
A common oversight in creation of a cybersecurity incident response plan is that it is only part of a larger Business Continuity plan. A Business Continuity plan must include provisions for non-IT components AND your people. If your facility is destroyed, where will your staff work if your systems are back online at a remote facility? How will the workforce be managed if some of your key staff members are unavailable?
Catapult TEK can review your environments and expedite your customized plan to address proactive cyber-protection, real-time event detection, threat neutralization and platform/data recovery within your larger Business Continuity Plan.
PROTECT – Keeping Your Data and Network Safe
All technology assets and capabilities need end-to-end protection to avoid data theft and its consequences. These can include; loss of reputation, customer embarrassment, lawsuits and lost revenues. Unfortunately, vulnerabilities at any point in the technology continuum can be exploited to jeopardize the entire environment and all of its data. State of the art integrated products and services can protect your interconnected technology topography. Catapult TEK provides and supports 24/7/365 services and solutions including:
· Key Log File Monitoring
· Customized Security Profiles and Monitoring
· Risk Scoring and Alert Thresholds
· Advanced Profiling, Risk Scoring and Gap Identification
· URL Filtering of More Than 80 Categories
· Security Awareness Training
· Firewall Hardware, Software, Configuration and Security Updates
· Data and Email Encryption
· Advanced Email Filtering
· Realtime Malware Updates and Monitoring
· Automated Software Updates and Maintenance
· Restrictive System and Data Access Policies; Domain Services
· Password Policies including Multi-Factor Authentication
· Hardware Warranties and Predictive Failures
· Wireless Network Management
· Monitored Secure Data Backups and Business Continuity
· Monitored and Managed Equipment Rooms – Power, Motion, Temperature, Camera, Infrared
· 24/7 System Operations Center (SOC)
· SIEM Reporting
· DOD Equipment Disposal
DETECT – Alerting of Security Threats
Even the best preventive methods will NOT keep technology platforms safe 100% of the time. Just as people are not perfect, no technology is perfect. Additionally, cyberattacks are carried out by highly sophisticated, intelligent and motivated hackers who always try to stay one step ahead of the security industry. It is important to establish a normalized operating baseline of each technology component and constantly measure against that baseline to detect abnormal deviations that might indicate a security threat. Catapult TEK can provide products and services to detect possible cyberattacks and unusual behavior around the clock:
- AI (Artificial Intelligence) to recognize malicious behaviors
- Recognition of 1000’s of Virus and Malware Variants
- Quarantining of Corrupt Processes and System Settings
- SOC Analysis of Quarantined Application and Files
- Security Risk Thresholds
- Network Intrusion Detection
- DNS Hijacking
- Email Threats
- Unauthorized URLs
- Unauthorized New Account Setup
- Unauthorized Network Activity
- Firewall Logs
- Service Failures
- Abnormal Computer and Program Behavior
- Redirected Websites
- Physical Environment Intrusion and Failures
- Compliance Reporting
- And Much More
NEUTRALIZE – Stop the Threat
When a security event is detected, it must be confirmed as an actual threat or a phantom threat (sometimes known as scareware).
In either case, the source, scope and behavior of the threat must be determined to promptly facilitate neutralization, removal and future protection.
Here are immediate questions needing answers?
- When did the security event occur?
- Is this the 1st security event?
- What logs support the security event?
- What systems and data were compromised?
- Was authorized access compromised?
- Were unauthorized accounts established?
- Was data stolen or compromised? How?
- Was data published?
- Did malware infect primary and secondary hosts and/or data? How?
- Are the hosts able to self-heal and recover using their own resources?
- Is there a ransom demand?
- Were physical perimeters penetrated or compromised?
- What are the data and system restore points?
- Where is the incident response plan? Does it include legal and compliance notification requirements?
- Is the decision GO/NO GO on the incident response plan?
Once an active threat is understood, it must be quickly neutralized to stop the threat. Once neutralized, an in-depth review of the actual damage is required to execute a pre-established recovery plan. Catapult TEK provides top tier software solutions to stop threats and alert our 24/7 Security Operations Center, staffed by cybersecurity experts. Schedule your consultation to discuss your security concerns.
RECOVER – Get Back to Your Business
When the scope of the security interruption has been determined, the recovery sections of the incident response plan are executed to restore the technology environment to a known good state in order to support data and business functions. Each task in the plan is executed by the person responsible for completing that task, under management of the overall incident response coordinator.
IT recovery is only as fast and effective as the preparations for the recovery. It is imperative to NOT try to respond to an incident “on the fly”, or in crisis mode, but to follow a carefully considered prepared written plan.
Catapult TEK will participate in your recovery plan activities and will provide:
- Hardware and Software Repair or Replacement
- SOC Restoration Services
- Virtualization and Bare Metal Restores
- Automatic Rollback of Endpoints to Prior Safe States
- Data Recovery from Backups and Business Continuity Solutions
- Configuration of Cloud Recovery Environment
- Coordination with Other Providers
- Compliance Reporting
- And More
A critical part of any recovery is to develop “lessons learned” and incorporate those lessons into the overall Business Continuity Plan. This task needs to be formally assigned to someone (and a backup) to be completed when the crisis is over.