The latest from NSBA's newest corporate partner CIS Controls.
We've all heard the term “cyber hygiene” before. It's been around for at least a couple of decades. The idea is that poor cyber hygiene is behind most cyber attacks.
Reality has shown this notion to be true. Today, almost all successful attacks exploit instances of “poor cyber hygiene,” including:
· Failure to patch known vulnerabilities
· Poor configuration management
· Inefficient management of administrative privilege
In this article, we'll examine what's behind these instances of poor cyber hygiene and explain how you can use security best practices at the Center for Internet Security (CIS) to counteract them.
Understanding Poor Cyber Hygiene
Poor cyber hygiene doesn't mean that system operators and users are lazy or don’t care. Rather, it's that they're overwhelmed.
First, they're tasked with navigating new technology, marketplace claims, and oversight/regulations that affect your environment. All of these forces make their jobs more confusing and difficult, which affects their ability to prevent, detect, and respond to cyber threats.
Second, they're dealing with cyber threat actors who are developing sophisticated methodologies to take advantage of this confusion. For example, they're seeing a rise in attempts to exploit legitimate functionality within your systems for the purpose of evading detection. Again, this complicates all stages of cyber defense.
Clearly, your system operators and users need help without complexity. Any large-scale security improvement program needs a way to bring focus and attention to the most effective and fundamental things that need to be done.
Understanding Essential Cyber Hygiene
CIS goes beyond "cyber hygiene" as a tagline. It does this by aligning what it calls "essential cyber hygiene" to Implementation Group 1 (IG1) of the CIS Critical Security Controls (CIS Controls).
IG1 is a subset of the CIS Controls, which are prioritized, prescriptive, and simplified security best practices that can help you improve your cyber defenses. By enacting IG1, you implement simple, baseline actions that strengthen your enterprise's cyber defenses against ransomware, malware, and other common cyber threats. You also build a foundation for adapting to new technologies and changes in the cyber threat landscape.
Community and Cyber Defense
Cybersecurity defenders are already flooded with information about attackers, vulnerabilities, and malware. Most of them don’t have the time, expertise, or interest to stay up to date with the latest cyber threat research. They just want a way to focus on simple, impactful action. Through the consensus-based security best practices of IG1 and the rest of the CIS Controls, you can focus on the most important things to secure your enterprise, to support your system operators and users, and to effectively respond to a changing world.
Don't delay: Download the CIS Controls