Here's to a (cyber)secure 2023!
Here's to a (cyber)secure 2023!
Unfortunately, the Holidays were not only a time of being together with friends and family but also a festive time for cybercriminals. They took advantage of the distraction and lower utilization rate to make their move. Our security specialist provides a few tips on how to deal with the most important risks, not only during the Holidays, but all year round. Did you know that this can prevent 99% of cyberattacks?
Creation date : Ter, 2023-01-24 13:45
By Koen Tamsyn, Solution Manager Cybersecurity, Inetum-Realdolmen
“They got off to a very early start in December,” says Koen Tamsyn, Cybersecurity Solution Manager at Inetum-Realdolmen. "In the last weeks and days of 2022, the hacks followed in quick succession, receiving nearly daily media coverage. During the Holidays, fewer IT personnel are working, so by default less attention is paid to monitoring and alerting. Digital breaches are more likely to go undetected, and cybercriminals like to take advantage of that."
We look on this with frustration. Is there nothing that can be done about it then? “Of course, there is,” continues Koen, “but for the average organization it’s complicated. Where do you start and where do you end?" Putting out some fires here and there isn’t going to cut it. Every organization needs a well-considered security strategy based on risk management in order to develop a concrete step-by-step plan to avoid the most important risks in the short, medium and long term.
Some quick tips and recommendations
Can't we do something quick to cover our biggest risks? Yes, definitely! According to Koen, various studies and his own experiences have shown that a number of basic implementations can prevent 99% of cyberattacks. Below is a brief overview.
- Multifactor Authentication (MFA): a password alone, no matter how strong, is no longer enough. Every external connection must be secured using multifactor authentication, no exceptions: Microsoft 365, VPN, RDP servers, etc. All public connections must be equipped with MFA. And no exceptions for users either: everyone must use MFA.
- Vulnerability Management: The most recent attacks have also shown that vulnerabilities or weaknesses in software or systems are one of the main causes of breaches today. That’s why it’s important to have an overview of your vulnerabilities at all times, ranked according to their severity. Based on these insights, you can then patch the most critical vulnerabilities correctly and in time.
- User awareness: It’s a cliché, but people remain the weakest link. Train your people, do phishing simulations, teach them why MFA is important and how to handle sensitive data.
- Backup: “Assume breach”, it’s not a question of whether you’re going to be attacked, but when. And when things do go wrong, your backups are your last resort. Make sure you have a good backup strategy, not only for your data center but also for all your data in Microsoft 365.
Together, we’ll make it work!
Are you ready to put some recommendations into practice quickly, but don't know how to get started? Or are you still unsure about how exactly you should proceed?
In either case, you can come to us: for a priority assessment to a full security roadmap that will get you started on the path to a zero trust architecture or for a simple point solution to a total turnkey service. For a brief overview on how to cyber-securely equip your environment, click here. Please do not hesitate to contact firstname.lastname@example.org if you have questions or would like more information.