“Everyone needs to know a little about security and privacy in the modern business environment. You don’t want to be known as that company that can’t be trusted with sensitive customer data,” noted Kiemele: “Loss of confidence leads to loss of business.”
Identity management tools, such as multi-factor authentication and single sign-on, and endpoint protections, such as EDR, MDR, and XDR, are also extremely valuable ways to mitigate risk.
In some cases, with macOS, for example, security tools are built into the operating system. Ashenbrenner talked about a few of these built-in tools on Thursday with an in-depth look at how they check, block, and remediate potential threats.
- Check: Gatekeeper is a built-in tool on macOS that works in tandem with File Quarantine to run when newly downloaded apps are first clicked. These tools prevent a new app from being opened until the user confirms that they want to open the app.
- To block: Another macOS tool prevents users from accessing files or applications that may contain malware or harm their system. “If we try to access this file, and not execute it, we’ll see that XProtect is actually saying, ‘This will damage your computer,'” Ashenbrenner demonstrated.
- To correct : The Malicious Software Removal Tool is the macOS tool to remedy by looking at different file paths. “MRT runs silently, like when a user logs in or when the machine reboots,” he said.
Use frameworks to create protection, detection, and recovery plans
Organizations can use existing frameworks to model their own cybersecurity measures. “The NIST Cybersecurity Framework is a core model used to describe best practices and standards for managing security risks. SOC 2 is a baseline measure of security maturity. ISO 27001 is a measure of your information security management system. Many of these frameworks can give you clues on how to proceed,” Kiemele said.
Using these frameworks as a baseline, IT administrators can determine how they will mitigate risk through improved protection, detection, and recovery.
Protection identifies security tools and processes that prevent an attack. Integrated macOS tools, identity management solutions and staff cybersecurity training are all means of prevention.
LEARN MORE: How does zero trust protect data against the most serious security threats?
Detection, on the other hand, focuses on how long it takes an organization to notice an attack. “It’s about containing impact, response planning, communication, forensic analysis; most importantly, perhaps learning from the detections and incorporating them into your planning,” Kiemele said.
Recovery allows businesses to get back to business after an attack. To improve recovery, IT administrators should develop resiliency plans and workflows to restore impacted systems in the event of a disaster.
“It’s impossible to eliminate risk,” Kiemele said. “It’s impossible to stop 100% of incidents, but doing nothing is not sustainable either.”