Assess your cybersecurity posture for better protection
In August 2023, the Las Vegas, Nevada properties for MGM Resorts International and Caesars Entertainment made headlines when they reported material cyber incidents. These incidents had significant operational, regulatory, financial, and reputational impacts on these 2 high-profile companies. Reports indicate that 2 separate but connected groups were involved—ALPHV/Black Cat and Scattered Spider.
Vendors of some of the impacted systems have been in contact with the impacted casinos and other customers to provide specific technical guidance and configuration assistance. The goal of this intervention is to prevent further attacks based on similar tactics, techniques, and procedures (TTPs).
Cyber incidents such as these are a timely reminder that all organizations, independent of size, industry, or current state should consider assessing their cybersecurity posture. As the threat landscape continues to evolve and mature, so should your cyber posture—and the best way for you to keep up is to continue assessing and adopting best practices.
Lessons learned: Keeping your organization safe
In light of these events, we’ve compiled a refresher on best practices and lessons learned, mapped to specific National Institute of Standards and Technology Cybersecurity Framework (NIST CF) elements and common cybersecurity risks.
The NIST CF is widely considered to be the gold standard for building a cybersecurity program. Many other notable frameworks have been mapped to it or have significant correlations and similarities. It breaks down the framework into key elements and the objectives related to each, including identifying, protecting, detecting, responding, recovering, and governing.
Next, we examine some of the most impactful actions your organization can take to remain secure against growing cyber threats based on 4 of the above key elements.
This covers identity management, awareness and training, technology infrastructure, resilience, and more.
To increase your protection, consider the following best practices:
- Limit the number of administrator accounts for your technology assets and limit access to administrative functions. If using company-issued mobile devices, limit who has access to provider portals and implement additional authentication for logins.
- Implement multifactor authentication (MFA) throughout your systems and networks. Use certified authenticators, like Microsoft or Google Authenticator, over SMS or call-based authentication.
- Train your helpdesk and security teams to validate call-in users who request account or password resets. Consider using passwords or passphrases to confirm user identity.
- Prioritize awareness and education. For example, warn your users to hang up and report any calls asking for an SMS code to be read back to them.
- Prioritize immutable data backups, which are files that can’t be altered in any way, so you can restore them regardless of what happens.
Includes continuous monitoring practices to stay aware of any potential or imminent cyber threats.
Improve your detection capabilities by:
- Geo-blocking all foreign countries if possible. This keeps them from inappropriately assessing your networks and understanding attack paths.
- Implementing a network layer solution that can monitor network traffic as threat actors attempt to intervene.
- Creating alerts and monitoring activities associated with critical security administrative functions, such as creating new accounts, restricting components, or modifying security parameters.
This encompasses incident recovery communications and actions to help your organization bounce back after an attack with as few disruptions as possible.
You can help your organization recover by developing holistic incident response plans. In addition to technical considerations, they should include public or media relations and risk communication strategies to keep the public informed and up to date. This helps increase your organization’s transparency and protect your reputation from false narratives.
Provides incident management guidance for your organization, helping you respond to a cyberattack without excessive or unnecessary interventions. Incident response plans and subsequent testing should ensure that incidents can be effectively isolated to minimize business impact. Alternative processes, such as manual controls, can also be incorporated into business continuity plans.
Getting started with a cybersecurity assessment
While it may seem like a lot of work, proactively taking action to assess and improve your cybersecurity posture can save your organization time, money, resources, and your reputation in the long run. If this puts too great of a strain on your internal teams, consider working with a trusted partner to assess your current posture and help you develop a roadmap for the future.
At CAI, we take a forward-thinking approach to preventing cybersecurity threats before they happen by assessing your current cybersecurity environment to find vulnerabilities and gaps. Then, we assist in cybersecurity assessment and management that includes threat detection, response, and post-breach remediation services.
If you’re interested in improving your cyber posture and decreasing your risk, contact us for experienced expert guidance today.