IT Department Expectations In Relation To Cyber Security
Head of IT and Security Specialist at the Practical Vision Network, Jennifer Williams, is passionate about helping businesses beat the cyber criminals. She talks about the expectations of IT departments in relation to cyber security and why the responsibility does not solely lie within the IT Team….
UK law firms are now starting to realise that responsibility for Cyber Security doesn’t just lie within the IT team and that technical controls alone can’t protect a business from today’s attacks. I often see the phrase ‘Cyber Security is a People Issue not an IT issue’. It’s true that this needs to be a shared responsibility but there are some basic things that you should expect your technical team to do to minimise the risks.
Know your infrastructure
It takes an average of 206 days to detect a cyber-attack. This means that a successful intrusion into your network goes undetected for a significant length of time. Your IT team should know normal patterns of behaviour for your network. The only way to do this is to get to know the heartbeat of your infrastructure. Early detection of unusual patterns of traffic such as overseas IPs, unusually large amounts of data transfer could help to spot a breach early and minimise the damage, but this is only possible if your team know what is normal behaviour.
The same applies to users. Whilst user monitoring is often a controversial issue, it’s always advisable to know what regular login times are, email volumes etc for your users. Anomalies in this could highlight the work of a malicious insider or a user whose credentials have been compromised.
Be smart with DNS
Basic email security is essential. User training is crucial, but every IT department should have implemented basic DNS protections for your domain. This should be a combination of SPF, DKIM and DMARC as a bare minimum. DMARC is recommended by the National Centre for Cyber Security and there are some really good tools around to help with config so there should be no excuses here.
If not the most basic yet vital protection. The WannaCry ransomware attack of 2017 spread so rapidly due to unpatched operating systems. Under no circumstances should a firm be using legacy systems that are unsupported by the vendor. Make sure your team are applying patches as soon as they are released and keeping logs of when systems and software are patched. Its particularly important to regularly patch particularly vulnerable software such as Adobe, Java and Wordpress.
I have lost count of the number of times that I’m asked to provide temporary admin access, make an exception to a control for the benefit of speed etc. Access control processes are there for a reason. If they are often bypassed, they become not worth the paper they’re written on and can leave a firm open to attacks through elevated permissions. These attacks need not be malicious but more so a careless action by an employee.
Keep up to date
IT departments should keep up to date with industry and global Cyber Security trends. I would expect my team to be familiar with the latest attacks and to make recommendations to prevent similar happening to us. Although this research and reading takes time, it’s a worthy investment.