By putting the right people, processes and technology controls in place, you can close many of the gaps often exploited in cyber attacks, such as software vulnerabilities, remote desktop protocol and other common ransomware attack vectors.
A resilient cyber risk mitigation strategy is multifaceted and includes:
- Perimeter defenses, such as network firewalls, web proxies, content checks and web filters, can block access to malicious domains.
- Automated patch management keeps critical operating systems and software up to date. Risk-based systems can help organizations dynamically prioritize system and software use.
- User access controls limit insider threats and stymie attackers using hijacked credentials. Applying the principle of least privilege will help lock down unauthorized access.
- Password management, to ensure that every credential is unique and strong. Enable risk-based multi-factor authentication where possible.
- User training and awareness, to help create a strong defense against phishing, as it will reduce the risk of human error. Misdelivered emails and cloud misconfiguration were the top error varieties in public sector breaches in 2020.
- Secure system configuration, for bringing security gaps, preventing data leaks and ransomware attacks.
- DDoS mitigation, delivered through cloud-based protection services can block traffic from suspicious IP addresses.
As important as it is to make these checks in your organization, it is also vital to vet your suppliers, as supply chain attacks are an increasingly popular way to attack government targets.