Stopping data compromise now and in the future

Prevention of security breaches is always the cheaper and less painful option than the expensive panic involved in addressing a breach.

FacebookTwitterLinkedIn
Stopping data compromise now and in the future

 

The sophistication of security threats has evolved to the point where several CIOs believe that it’s a matter of when — not if — they will be breached. Nevertheless, prevention of security breaches is always the cheaper and less painful option than the expensive panic involved in addressing a breach.

Here is a 9-point checklist of security measures recommended by investigators from Trustwave, a Singtel company, that security teams and CISOs can take to help mitigate security risks while maintaining a robust security posture in the face of the rapidly-evolving threat landscape:

1. Firewall configuration

Access into and out of the network should be closely monitored; entry into the network should be limited to services and ports that are designated for use. Outbound traffic should also be regulated such that only whitelisted IP addresses and sites are accessible. Payment processing environments should operate in lockdown mode, isolated from insecure network segments and certainly apart from the general internet. Hardware-based firewalls are recommended for tighter security and greater effectiveness, as they require minimal configuration and are harder to bypass.

2. Passwords

Enforcing password complexity is a simple but important step in ensuring that staff across the enterprise do not inadvertently leave systems vulnerable to hacking attempts. Regular enforced change of passwords (once every three months) and strong encryption protocols are also highly recommended. Tracking user activity and usage requires robust account management, as well as ensuring that all passwords and access rights are revoked once an employee leaves the organisation.

3. System configuration

IT governance plays a key role in ensuring that systems are fully protected against potential threats. Adhering to strict guidelines put in place by the security team according to industry standards is essential. Sharing of best practices is now commonplace in the enterprise security space, which can help greatly in optimising system configurations. Shadow IT and unofficial modifications to systems can open the door to attackers, while poor logging and tracking of changes can result in hidden vulnerabilities that are difficult to pinpoint.

4. Remote-access solution

Two-factor authentication (2FA) is always recommended for access to critical systems, but it is doubly important when it comes to remote access into a protected or sensitive environment. Tokens, certificates and even biometric tools can increase the resilience of a system many fold, ensuring that brute-force password crackers do not compromise a system. Logging of third-party remote access needs to be meticulous and comprehensive; ideally, third-party remote access should be turned off by default and activated only when necessary.

5. Malware removal

Malware can embed itself deeply into a system, making isolation and surgical removal impossible. In such cases, the only recourse is to rebuild the system from the ground up, ensuring that the threat is entirely eliminated. The anti-virus software’s role is critical in malware removal, and care should be taken to ensure that it is up to date and properly configured to the enterprise’s needs.

6. Logging and monitoring

Logging is critical not only for auditing purposes but also for internal forensics and tracking. It is recommended that security, application and system events are captured and easily searchable for at least three months, and maintained offline for at least one year. Daily reviews should be conducted of logs across devices and endpoints, and anomalies should be reviewed according to rules-based procedures set in place by the security team. Intrusion detection systems (IDS) and file-integrity monitoring (FIM) software can make the team’s job easier by alerting analysts in case of breaches.

7. Patch management

It is recommended that operating systems and applications should be patched within a month of the vendor releasing patches and updates. Web applications (particular open-source Content Management Systems (CMS) such as Wordpress, Joomla and Drupal) are especially vulnerable to patch-related exploits, as hackers and malicious actors have full access to the source code. While cloud-based software has security patches pushed out and auto-updated on a regular basis, on-premise legacy software can prove to be a major source of risk and point of entry for attackers.

8. External and internal scanning

In-house testing and scanning can identify, locate and remediate vulnerabilities far before the bad guys have a chance to exploit them; a regular scanning schedule is a must, especially after major upgrades or system modifications. Insecure server configurations, which can increase the risk of an attack dramatically, are addressed directly through regular scans.

Additionally, penetration testing — a simulated “attack” that attempts to identify vulnerabilities — allows for comprehensive risk assessment. Penetration tests constitute a crucial component of security audits, which enterprises are increasingly resorting to in order to minimise breach risks.

9. Policy and procedures

Information security is not limited to the domain of the IT department: it is an enterprise-wide concern that needs to involve stakeholders from all departments and job scopes. Conducting awareness programmes and training at least once a year is essential in ensuring that standard operating procedures are followed by staff across the enterprise. Password management, consistent device policies and strong information and data governance frameworks can go a long way in securing the enterprise against external threats and internal lapses.

If you wish to learn more about the types of the data compromises and how to mitigate risks from data compromise, download this Trustwave infographic and the accompanying Trustwave Global Security Pressures Report. Or contact us for a chat.

Download Now

You may also like

Bridging the cyber talent gap: Why training matters as much as hiringShare
Apr 2025 | -
cyber security
Bridging the cyber talent gap
Singapore is tackling the cyber talent shortage by creating new ways for people to enter and grow in the field—no tech background needed. With industry-led training and support from key industry players, these programmes focus on real-world skills and practical readiness, helping build a stronger, more resilient cyber security workforce for the nation’s digital future.
Shield against cyber scams through preparedness programmeShare
Mar 2025 | -
cyber security
Shield against cyber scams through preparedness programme
Cyber scams are evolving, exploiting both technology and human psychology, making cyber security training essential for organisations. Frost & Sullivan explores how Singtel’s CSI offers a comprehensive Cyber Scam Preparedness programme, emphasising shared responsibility and victim empathy to equip frontline employees as the first line of defence against cyber threats.
Organisations with managed connectivity and cloud-delivered SSEShare
Mar 2025 | -
cyber security
Securing organisations with managed connectivity and SSE
This infobrief explores how managed connectivity and cloud-delivered Secure Service Edge (SSE) can protect IoT and mobile-enabled organisations, highlighting the importance of robust security solutions to safeguard devices, data, and networks in an increasingly connected world.