Cybersecurity: Organizations Must Remain Vigilant

ImageQuestBusinesses should not let down their guard when it comes to cybersecurity. Cybercriminals persist in sending malicious attachments, links to fraudulent websites, and scams related to Covid-19, with the intent of deceiving people into sending confidential information or into donating money to supposedly charitable causes.

Recently observed cyber attacks include phishing, wherein an email is sent by a supposedly reputable source, but it actually leads to a bogus site; the goal is to obtain valuable information such as user credentials and profit from it.

Fortunately, businesses can mitigate cybersecurity risks by implementing the following steps.

Create a cybersecurity resilience plan

Organizations need a cybersecurity plan that allows them to:

  • Disconnect systems from the internet that do not need internet connectivity to ensure secure operations.  Controls must be in place in the event that connectivity cannot be removed.
  • Plan for manual process operations should systems become unavailable.
  • Identify system and operational dependencies.
  • Immediately restore devices and services.
  • Backup critical resources, such as firmware, software, ladder logic, service contracts, product licenses, product keys, and configuration information. These resources must be stored off-network, with a duplicate copy secured in a safe location.
  • Test and validate data backups and processes should data be lost because of cybersecurity attacks. 

Simulate your plan

Businesses should have an incident response plan in place to mitigate security risks.

  • All personnel, including the management team, must have a walkthrough of this incident response plan.
  • Key decision points must be discussed. The team has to identify who has the authority to make important decisions and under what circumstances.
  • Partner with a reliable Managed IT Services provider for support. Review service contracts for emergency incident response and recovery support.

Strengthen network security

  • Remove access from networks, such as overseas IP addresses, if applicable, that do not have legitimate business reasons to communicate with the system.
  • Mitigate internet-accessible connections immediately. Best practices include:
    • Patching all internet-accessible systems.
    • Deploying modular networks to protect workstations from direct internet exposure.
    • Ensuring all communications to remote devices use a strongly encrypted VPN, which is protected by multifactor authentication. 
    • Filtering network traffic to only allow known IP addresses. Consider geo-blocking where appropriate.
    • Connecting remote workstations to network intrusion detection systems where feasible.
    • Capturing and reviewing access logs from these systems.
  • Investigate which devices are internet-accessible and connect to business, telecommunications, or wireless networks.
  • Secure all required and approved remote access points and user accounts.
    • Discourage the use of default passwords on all devices.
    • Remove, disable, or rename any default system accounts wherever possible.
    • Implement a stringent password security policy (e.g., length, complexity).
    • Require users to change passwords periodically.
    • Plan to implement two-factor authentication for all remote connections wherever possible.
  • Disable unnecessary features and services (e.g., discovery services, remote management services, remote desktop services, etc.).

Advocate for consistent systems monitoring

A vigilant monitoring program detects anomalies in the system, including many malicious cyber tactics.

  • Log and review all authorized external access connections for misuse or unusual activity.
  • Monitor for unauthorized controller change attempts.
    • Implement integrity checks of controller process logic against a known good baseline.
    • Where possible, ensure process controllers are prevented from remaining in remote program mode while in operation.
    • Lock or limit set points in control processes to reduce the consequences of unauthorized controller access.

Founded in 2007, ImageQuest LLC offers managed IT services for companies in Nashville, TN; Louisville, KY; and Bowling Green, KY. Technology solutions include consulting, infrastructure, data compliance, cybersecurity services, and regulatory IT audit assistance. For more information, contact ImageQuest at 888.979.2679.