2020-07-23T11:13:00Z

What are some of the biggest mistakes that businesses make when it comes to monitoring cyber threats?

Rony_Sklar - PeerSpot reviewer
  • 2
  • 56
PeerSpot user
2

2 Answers

AS
Real User
2020-07-27T14:31:58Z
Jul 27, 2020

The biggest single mistake I see businesses making in monitoring cyber threats is relying on humans to check these threats manually. This is a big mistake and a waste of human capital. Humans are prone to error, and the large number of threat warnings that inevitably show up with these tools make it too dificult to sort through and find the significant threats.


Automation is the key. Cyber security teams need to turn on all available automation so as to allow humans to keep track of bigger picture items. Another mistake is to not turn on automatic drop or reset of packets that contain threat vectors. NGFWs such as Palo Alto can do this automatically. Critical and High level threat packets should be automatically dropped.


Defense is depth is often ignored. You need boundary security (firewalls), endpoint security (antivirus and vulnerability tools) and network access security (NAC tools) among others. Syslog collection and montoring tools can perform anomaly detection as well. 


Another thing people tend to ignore is database security. Every read should be monitored and only allowed to specific users. That way you can alert on an intruder reading databases for exfil.

Search for a product comparison in Threat Intelligence Platforms
MehboobQureshi - PeerSpot reviewer
Real User
Top 5
2020-07-28T06:19:12Z
Jul 28, 2020

We know that cyber security is an important concern for every organisation. The management of any organisation face the task of ensuring that their organisations understand the threat and set the right priorities. The management of any organisation face the task of ensuring that their organisations understand the threat and set the right priorities.


The management of any organisation face the task of ensuring that their organisations understand the threat and set the right priorities. The management of any organisation face the task of ensuring that their organisations understand the threat and set the right priorities.


To many, cyber security is a bit of a mystery. This is probably one of the reasons why it is not always approached appropriately.


Lacking knowledge of cybersecurity.


Mistake: “We have to achieve 100% security”


Reality: 100% security is neither feasible nor the appropriate goal


Developing the awareness that 100% protection against cyber crime is neither a feasible nor an appropriate goal is already an important step towards a more effective policy, because it allows you to make choices about your defensive posture. A good defense posture is based on understanding the threat (i.e. the criminal) relative to organisational vulnerability (prevention), establishing mechanisms to detect an imminent or actual breach (detection) and establishing a capability that immediately deals with incidents (response) to minimize loss.


Mistake: “When we invest in best- of-class technical tools, we are safe”


Reality: Effective cyber security is less dependent on technology than you think.


Good security starts with developing a robust cyber defense capability.


Although this is generally led by the IT department (who should be aware of the importance of cyber security), the knowledge and awareness of the end user is critical.


Mistake: Neglecting Security Testing


These require regular testing through both automated vulnerability scanning and deep-dive penetration testing.


Mistake: Concentrating Too Much on the Perimeter.


Mistake: Disregarding Security Awareness Training.


Train your staff in everything from laptop protection to social engineering identification. And don't forget to retrain because the scams continue to get sneakier.



  • Sending valuable data to incorrect recipients via email

  • Accidentally emailing documents with sensitive data

  • Publishing confidential data on public websites by mistake

  • Misconfiguring assets to allow for unwanted access

  • Mistake: Believing a Breach Won't Happen to You.


They have to follow the below Cyber trends and the future model


Summary of techniques and vulnerabilities focused by threat actions.


Who are the actors?


How do they function?


What techniques do they use?


How do they get in to your environment?


How do they exploit corporate challenges?


What potential impact can they cause?


These issues coupled with common other mistakes – failure to plan, failure to define scope and being overly optimistic in scoping – were the pitfalls of SIEM implementations. This has not stopped CIOs and CISOs aggressively positioning SIEM as a silver bullet, to the extent of engaging 3rd party service providers to assist in monitoring.

Find out what your peers are saying about Recorded Future, Check Point Software Technologies, Microsoft and others in Threat Intelligence Platforms. Updated: March 2024.
765,386 professionals have used our research since 2012.
Threat Intelligence Platforms
A Threat Intelligence Platform (TIP) is a solution that collects, analyzes, and distributes threat intelligence data. TIPs can help organizations to identify and mitigate cyber threats by providing them with insights into known and emerging threats.
Download Threat Intelligence Platforms ReportRead more

Related articles

Threat Intelligence Platforms experts

Adrian Cambronero - PeerSpot reviewer
Diana Alvarado - PeerSpot reviewer
Jonathan Ramos G. - PeerSpot reviewer
Hugo Alexis Espinoza Naranjo - PeerSpot reviewer
Edwin Solano Salmeron - PeerSpot reviewer
Hazel Zuñiga Rojas - PeerSpot reviewer
Bharath Kumar Gajula - PeerSpot reviewer
LD