Topics In Demand
Notification
New

No notification found.

Current best practices for proactive cyber hygiene and threat monitoring
Current best practices for proactive cyber hygiene and threat monitoring

1129

0

Countries worldwide are increasingly relying on digital infrastructure. India is also the world’s largest digital democracy, with its internet landscape projected to reach over 900 million users by 2025. Unfortunately, the growing adoption of digitization has led to the heightened risk of cyberthreats, some of which are state-sponsored attacks and cyber terrorism across borders, posing a significant threat to national security.  Such attacks, especially executed during the intense geopolitical tensions, are aimed at bringing down India's mission-critical infrastructure while causing severe disruption, impacting essential services.

With the vital systems and assets becoming the target during such times, proactive cybersecurity best practices and threat monitoring become crucial.  

This article explores the best practices that organizations and governments must adopt to protect key infrastructure networks and digital systems against state-sponsored attacks.

  • Comprehensive Asset Inventory and Risk Assessment  

Maintain an up-to-date, accurate asset inventory to track and manage all physical and virtual assets within the organization’s IT environment and ensure all assets are accounted for in the security plan. Cybersecurity asset management covers capturing inventory records, tracking assets to monitor their behavior, and ensuring they are in good working condition. It is equally important to conduct risk assessments to identify, evaluate, and prioritize the most critical assets, systems, data, potential threats, and vulnerabilities to mitigate risks.

 

  • Robust Access Controls

The process of securing and managing access control prevents unauthorized access, minimizes security risks, and protects sensitive information and systems. The steps involved in this process include password-based or biometric-based authentication, authorization that maintains the principle of least privilege, managing by updating the system, and conducting regular audits.  Role-based Access Control, Policy-based Access Control, and Password-less Authentication are some of the key technical approaches to manage access control.

 

  • Network Segmentation and Security

Network segmentation, which is an architectural approach to divide a network into smaller, isolated segments or subnets, will enhance security by preventing attacks from spreading across and infiltrating unprotected devices while providing better visibility into the activity within the network. This can be achieved with physical segmentation with hardware or virtual segmentation by leveraging software, and is also an effective strategy for network security. This approach makes the network more resilient, improves its performance and security by containing security incidents in one section, and prevents them from spilling into others.

 

  • Continuous Monitoring, Detection, and Incident Response

Even in the aftermath of a previous attack, organizations are vulnerable to secondary attacks, compelling organizations to continuously monitor for attackers’ tactics, techniques, and procedures (TTP) over 6 months to detect hidden threats.  Integrating threat intelligence can provide clarity on any ongoing threats and potential risks and help to accurately detect and assess incidents. These are an integral part of active defense measures that help in establishing a robust incident response.  An effective incident response plan consists of an incident response playbook, security solutions, communications and business continuity plans, and disaster recovery procedures. The incident response plan has to be regularly reviewed for further improvement.

 

  • Build a Zero-Trust Framework

Zero-Trust framework supports verifying access requests rather than blindly trusting users and devices within a network.  It operates on the principle of ‘never trust, always verify’. Key components to build a Zero Trust Framework include authenticating all connections, implementing zero trust policies, and enforcing policy-based access. It also requires deploying Identity and Access Management, Multi-Factor Authentication solutions, and Security Analytics tools such as SIEM, UEBA, while implementing the principle of least privilege. Data protection measures, such as encryption, should also be applied to data both in transit and at rest.

 

  • Effective Patch Management Strategy

Beyond security, patch management enables the smooth running of the critical infrastructure and involves the application of vendor-issued updates to software, operating systems, and devices. These patches are built to address vulnerabilities, enable bug fixes, improve the functionality, stability, reliability, and performance of the system.  A strong patch management process acts as a proactive defense against any cyber threats. The process of patch management includes patch monitoring, patch prioritization, patch testing, patch deployment, and patch documentation and review. Automating the patch management process reduces the occurrences of human error, while the security teams can focus on more strategic tasks rather than spending a significant amount of time on applying manual updates.

 

  • Collaboration and Intelligence Sharing

International collaboration is crucial to address the challenges of security gaps, putting national security at risk.  By sharing threat intelligence, implementing joint initiatives, and developing standardized security protocols, countries can establish robust defense mechanisms against malicious attacks. Threat intelligence sharing refers to the exchange of critical information about potential or active threats, including TTPs used by attackers, and the prevention of future cyber incidents. It fosters a proactive approach to cybersecurity while improving their ability to identify and respond to threats at a quicker pace and improving resource efficiency.   

 

  • Raising Public Awareness

By the government raising awareness on cyber-related threats through relevant initiatives, citizens are empowered with the knowledge to adopt safer and more secure practices. They will have a good understanding of the dangers of clicking on a malicious link and downloading an infected file. They can be educated about the tools and methods employed by cyber criminals and prevent them from falling victim to cyber threats. Any cybersecurity awareness program should stress phishing and social engineering tactics, ransomware, and malware in addition to browser, password, and email security.

 

Authored By: Chetan Jain, Managing Director, Inspira Enterprise


That the contents of third-party articles/blogs published here on the website, and the interpretation of all information in the article/blogs such as data, maps, numbers, opinions etc. displayed in the article/blogs and views or the opinions expressed within the content are solely of the author's; and do not reflect the opinions and beliefs of NASSCOM or its affiliates in any manner. NASSCOM does not take any liability w.r.t. content in any manner and will not be liable in any manner whatsoever for any kind of liability arising out of any act, error or omission. The contents of third-party article/blogs published, are provided solely as convenience; and the presence of these articles/blogs should not, under any circumstances, be considered as an endorsement of the contents by NASSCOM in any manner; and if you chose to access these articles/blogs , you do so at your own risk.


images
Chetan Jain
Managing Director, Inspira Enterprise

© Copyright nasscom. All Rights Reserved.