The trick is to focus on self-running, tried-and-tested ways to secure assets and increase their value regularly — like building passive income
Spending on cybersecurity is not that different from saving for retirement: while financial prudence needs to be tight, securing the future is imperative.
Similarly, while funds for cybersecurity investments could be viewed as resources that could be invested elsewhere, securing the future is imperative, so a wise strategy would be to make the cyber “investments” continually generate interest — via time saved, increased peace of mind, and reduced resource utilization. How?
Making cybersecurity investments less painful and interest-bearing (i.e., offering high returns on investments) hinges on identifying the focal points with the highest concentration of risk; establishing smart, monitored rules to minimize or eliminate the attack surfaces around them; and keeping the organization free from costly or even devastating business disruptions and regulatory fines.
Following are four cybersecurity focal points that offer strong returns on investment when secured and grown like how we value our retirement savings:
1. Foiling common exploits
Malicious actors today explicitly target numerous exploits such as software bugs, vulnerabilities, or legitimate functions to manipulate unsuspecting individuals. The caveat is that they would need to convince a potential victim to execute a command/malware or open a file — the first step of unleashing a cascade of malicious activity inside and outside of the network. Therefore, what needs to be stopped is a situation when an application ever gets a chance to spawn another application in an elevated mode, otherwise known as child-and-parent process control. This vigilance will protect against various exploits that target PowerShell, MS Office, Adobe Acrobat and many other phishing/trojan horse schemes.2. Securing browsers
Session hijacking is a weapon of choice for some attackers. This beautifully simplistic method stealthily allows malicious actors to take control of active sessions and can lead to unauthorized access and misuse of accounts. This is done by simply stealing a tiny text file (also known as a browser cookie or session token) from the target’s device to gain entry to the victim’s email, documents, or cloud configuration consoles. Particularly alarming is that session hijacking can circumvent intricate user authentication systems implemented by IT, including robust security measures like multi-factor authentication. The browser is the combat theater here, and the defense would be to restrict access to the browser’s memory and cookies with privilege threat protection to prevent a successful attack. Session hijacking can be thwarted by preventing cookie stealing, regardless of the attacker’s actions.3. Managing endpoint privileges
Threat actors are known to try and gain unauthorized access to establish persistence, move laterally, escalate privileges, and cause damage. Blocking access to different credential stores within the operating system and third-party applications is an effective, low-maintenance measure. This can be achieved using an “endpoint privilege manager” that implements diverse rules to prevent credential and security token theft. Moreover, new rules are consistently added and dynamically delivered to endpoints to keep access controls up to date. For instance, a new rule for workstations and servers may be introduced to safeguard communication platforms like Discord from various data theft methods, thereby helping prevent data breaches.
4. Stopping abuse of user privileges
Despite widespread recognition that no user should work under local admin privileges, many organizations continue to allow users to continue doing so. This is why endpoint privilege managers can be useful to secure users that need elevated privileges for specific tasks. In situations where policies are too inflexible to allow automatic elevation, various prompt resolutions, such as just-in-time policies and offline authorization, are available for any conceivable scenario. Organizations can, therefore, react significantly faster than relying on a system administrator to connect remotely to a machine.
The above focal points are critical battlefields for effective cybersecurity management.
Fortunately, with the right tools, addressing them is a straightforward and streamlined process: a true “set-and-forget” approach that justifies and grows cyber investments’ long term value.
