Cybersecurity: Mitigation Measures
There are many ways to prevent cybercrime—including tools, resources, best practices, and policies—that will help mitigate risks, experts point out.
First steps
Greg Gatzke, president of ZAG Technical Services, Inc., a San Jose, CA-based IT consulting firm and managed services provider, says the first step for any company is to realize it is, actually, a tech firm.
When there’s an incident, he says people often assume they’ll just go back to working on paper for a while, how they used to do it. But those days are gone. “Acknowledging this is the first, most critical, step,” he says.
Lisa Shasteen, a Tampa, FL-based attorney at Shasteen & Percy, PA, a law firm that specializes in cybersecurity, advises to start with a risk assessment.
“It will require not only having your tech systems tested, but for a comprehensive assessment we look at all the other things that introduce risk, like contracts,” she says.
After the risk assessment, a company needs to decide which risks it must eliminate, compared to what she terms as “residual risks.” This, she explains, includes what can be gotten rid of and insured against, as well as establishing an acceptable level of risk.
For Thomas LaMantia, CISSP (certified information systems security professional), based in Glen Ellyn, IL, the first step in mitigating risks is two words: zero trust.
“Supply chain ransomware attacks put every element of a business at risk, and the only reasonable solution is to create a zero-trust environment,” he says.
This means no device, user, workload, or system is trusted by default. Instead, each and all are protected by creating a micro-segmented environment.
“Micro-segmentation creates junctions and inspection points that block malicious or unauthorized lateral movement in a networking environment. If a security breach should happen, micro-segmentation isolates the threat at the source and keeps it from spreading.”
This protects the entire company and third-party stakeholders. Using standalone solutions for each element, however, is costly and daunting, LaMantia says, but there are all-in-one solutions.
“A zero-trust architecture provides all the essential security controls to implement micro-segmentation on demand, and streamlines deployment end-to-end from procurement to unified monitoring, management, administration, and service,” he explains.
Building a zero-trust system will most certainly cost less than a ransomware attack. “It’s just a cost of doing business in a connected world,” LaMantia says.
Source: Blue Book Services, Inc.