CYBERSECURITY

ESSENTIALS
FOR BUSINESS
OWNERS

www.guardyne.com

OW N I T. S E C U R E I T. P R O T E C T I T.
2
 Contents
Introduction 4
Threats 6
Notable Facts 12
NIST Security Framework 16
CIS Controls 17
CIS Implementation Groups 18
The Controls 20
How We Can Help 39

www.guardyne.com

OWN IT.
SECURE IT.
PROTECT IT.
3
 Introduction
Cybercrime and Cyber-Attacks are
becoming more prevalent with
each passing day. Over half of small
and medium businesses (SMB)
have reported being the victims of
cybercrimes. Every day, there are
new headlines about data breaches,
hackings, Cyber-Attacks, and various
forms of crimes against businesses.
In a survey, over two-thirds of the
participating businesses had suffered at
least one cyber attack, while one-third
had experienced the same in the last
12-months.
66% of small
businesses are very
concerned about
cyber security risk.
Cybercrime is a significant threat to
businesses. It can lead to disruption
of operations, breach of business and
customer data, unauthorized access to
networks, and more. The average cost
of a data breach for a small-to-medium
business is a staggering $149,000. On
top of that, 80% of SMBs worry about
becoming the target of cybercrime in
the next six months.
Additionally, Cyber-Attacks remain a
worry whether we are talking about
4
the cloud or through emails.
Many governments have moved to the 51% of small
cloud but are looking for better ways
to protect their data. A part of that businesses say they
is to increase collaboration between
intelligence and law enforcement
are not allocating
agencies worldwide to tackle crime. any budget to cyber
The popularity of smartphones and security.
the increased use of apps also pose
a significant risk to mobile security.
Consumers use apps to input sensitive
information like personal, financial and applications are moving to the cloud,
banking information. These apps will malicious actors are getting better at
need to evolve with new technologies evading detection by standard security
to continually find new ways to resist measures and protocols. The act of
attacks and data leaks. distributing ransomware and holding
sensitive data is on the increase as
Additionally, as more and more organizational data is going beyond the
control of the company.
Percentage of Organizations
who DO NOT HAVE these critical Evolving from simple malware,
Cyber Security Solutions in place. ransomware has become more
sophisticated and efficient.
56% Specific cyber security “experts” in the organization
Cybercriminals are now targeting the
local backups, which foil the efforts of
52% Incidence response planning
the security staff to restore encrypted
51% Cyber security insurance data.
45% Document Management This threat is no longer limited to local
networks, ransomware attacks remain a
43% Endpoint protection
problem in cloud environments.
40% Security awareness training
Email remains the most favored method
of cybercriminals. Over 91% of attacks
37% Network protection
are initiated by email. Traditional
31% Email security antivirus programs cannot identify the
phishing attacks employed by hackers.

Organizations’ use
of an MSP
USE A
%
NM P
81
S
14% 5%
DO NOT USE
BUT PLAN TO
DO NOT USE AND
DO NOT PLAN TO
Malware can be delivered and initiated
on a system without the user’s
knowledge, possibly for a long time.
One example of such an attack was the
one dealing with the US Democratic
National Party, where cybercriminals
took control of their system.
There is a need to increase the pace
of development for holistic solutions
to cybercrime. 75% of businesses in
the survey above feel they need to
put more emphasis on cybercrime
prevention.
However, there is a large gap
between reality and expectation. Most
businesses are under educated when
it comes to the nuances of cybercrime.
This creates an adverse situation as the
organizations are not able to protect
themselves from cybercriminals.
Without a plan, organizations don’t
5
know how to react and what steps to
take when their network and systems
are compromised.
Here the role of managed IT service
providers (MSPs) becomes crucial.
MSPs can guide SMBs on the right path
and help them stay protected from
the increased incidents of cybercrime.
MSPs can educate clients about the
need for a holistic security solution and
the evolving cybercrime landscape.
MSPs should also provide SMBs with a
complete collection of security solutions
so that they can stay protected and
minimize risk.
MSPs can help bridge the gap between
the current level of protection and the
optimum level desired by businesses.
Enterprises are recognizing this fact and
joining hands with MSPs to eliminate
and prevent Cyber-Attacks and threats.
Eight out of ten surveyed SMBs are
working with an MSP, and four of them
want to keep working with their current
security partners. Three companies out
9 in 10 employees say their
organization would consider
switching to a new MSP if
they offered a solution that
met their needs.
of ten plan to switch to a different MSP
in the coming months. 12% SMBs that
don’t work with an MSP plan to partner
up with one within the next twelve
months.
When asked what
benefit they expected
to see from using an
MSP, fifty percent of
SMBs said increased
security, even if they
had outsourced their
Cyber Security.
MSPs can be the ideal partner of
SMBs to fight cybercrime, as 62% of
companies don’t have the required
in-house skills. Managed IT teams
can develop and implement security
measures and even layout a recovery
plan for probable attacks. The MSP
helps the organization stay on top of
Cybersecurity trends, and enables it to
counter evolving cyber threats with full
confidence.
Working with an MSP (or MSSP) can
help protect a Business or Organization
from threats or attacks and is often
the best option for Small to Medium
Businesses so they can focus more time
on Innovation + Growth and less time
on IT & Cybersecurity.
 PHISHING & SPEAR
THREATS PHISHING
SPEAR PHISHING PHISHING
Spear phishing or phishing involves
sending emails with malicious
attachments designed to steal APPROACH
personal information. The phishing
attack can also lead the victim to Spray & Pray Targeted Attack
an illegitimate website that steals
passwords, credit card details, TARGETING
business information, and other
sensitive data. A phishing attack Broad & Specific employee
uses technical trickery and social Automated and/or company
engineering to achieve its goals.
Attackers employing phishing
choose their targets carefully and HACKING LEVEL
take on the guise of a trusted
source that victims are less likely
Not Very Requires Advanced
to question. The attackers also Sophisticated Techniques
use personalized messages that
make the emails look relevant and THE ATTACK
trustworthy. As a result, SMBs
might find it challenging to protect Usually Obvious Harder to Detect
themselves from spear phishing
attacks.
Phishing is one of the most common
WHAT THEY’RE AFTER
forms of cyber threats. Usernames, Passwords, Confidential Information,
Credit Card Details, etc. Business Secrets, etc.

In 2020, phishing
was responsible for
more than 80% of
reported security
incidents.

6
 DISTRIBUTED
THREATS
DENIAL-OF-
SERVICE (DDOS)
Distributed Denial-of-service
(DDoS) is an attack which targets
the resources of a server, network,
website, or computer to take it
Hackers Activate Zombies
on Innocent Computers down or disrupt services. DDoS
attacks generally have a host system
that infects other computers or
servers connected to the network.
DDoS attacks overload a system
AS AS
with constant flooding of connection
requests, notifications and traffic. As
a result, the system denies service
Peering ISP Backbone requests by legitimate users. DDoS
Point Infrastructure-Level
DDoS Attacks attacks don’t benefit the attacker
directly as they don’t steal any
information, it just compromises
the systems so they can’t function
Bandwidth-Level properly. Nonetheless, DDoS attacks
DDoS Attacks
can be damaging for businesses as
Web it can halt operations and result in
Server
Server-level damages often as high as 100’s of
Enterprise
AS DDoS Attacks thousands of dollars via things like
Incl. HTTP, DNS, etc.
lost revenue, lost productivity and
Attacked reputational damage.
Server

Between January
2020 and March
2021, DDoS attacks
increased by 55%

7
 MAN-IN-THE- STEP 1: Hijacking the Session
THREATS
MIDDLE (MITM)
ATTACK Session
A MitM attack occurs when a hacker
inserts themselves between the
communications of a client and a
SNIFFING
server. Here are some common VICTIM SERVER
192.168.1.23
types of man-in-the-middle attacks:

Session Hijacking
Cybercriminals use session hijacking
to gain control of the victim’s
sessions and get access to resources
ATTACKER
or data. The most common method
is IP spoofing, where the hijacker
uses the IP of the trusted client to
avail unauthorized services from a
server or application.

STEP 2: Assuming the Victim’s IP Address

VICTIM
Disconnected

More than one SERVER

in four small Compromised or

Copied Traffic

businesses have no
security plan at all. ATTACKER
192.168.1.23

8
 MALWARE
THREATS
Macro viruses File infectors
Macro viruses target the initialization
sequence of an application to
File infectors find their way in your
system through executable codes like ATTACK
compromise programs such as Microsoft .exe extensions. The infector becomes Malware or malicious software
Excel or Word. active when you access the .exe file or is designed for compromising a
the executable code. system for a purpose. A user can
Trojans unknowingly download malware
Logic bombs that infects a system and replicates
Trojans are non-replicating viruses that itself. Malware can be designed to
Logic bombs are pieces of malicious
gain unauthorized access to a system.
codes that get initialized when act in many ways, just like software.
Trojans often camouflage themselves in
the form of legitimate software.
predefined conditions are met. Attackers Some popular types of malware
can program logic bombs to serve a include:
range of purposes.
System or 1. Macro viruses
boot-record infectors Worms 2. Trojans
These infectors attach to executable Worms don’t need a host file to 3. System or boot-record infectors
codes residing in parts of a disc. Boot- propagate themselves on a network or 4. Polymorphic viruses
record infectors can connect to a hard system. They are self- contained forms 5. Stealth viruses
disk’s Master Boot Records and even of viruses.
6. File infectors
boot sectors of USB flash drives. The
7. Logic bombs
infectors are initialized when someone Droppers 8. Worms
boots using the compromised disk or
Droppers help viruses find their way into 9. Droppers
drive.
your networks and systems. Most often, 10. Ransomware
your antivirus will not detect droppers
Polymorphic viruses as they don’t contain the malicious code-
Polymorphic viruses replicate endlessly they just lead to it!
to sabotage systems. They use dynamic
encryption keys every time to avoid Ransomware
detection.
Ransomware can take the form of any
virus that holds a victim’s data hostage
Stealth viruses for ransom. Ransomware attacks often
Stealth viruses hide under the guise of encrypt data or files and demand money
system functions. They also infect your in exchange for decryption keys.
computer’s defenses to stay undetected.

600%
66 Days Increase in Cyber
The number of days to discover a Cyber-Attack Crime DueTo
COVID-19 Pandemic
9
 DRIVE-BY
THREATS
VICTIM
ATTACK Visit Malicious Website
Drive-by attacks use various online
resources to compromise a user’s
system. The malicious code can be
inserted in internet ads, HTTP or Re
dire WEB SERVER
ct
PHP codes on websites, or even Reverse Shell
to
M (Compromised)
alw
applications. Contrary to other forms to Attacker Ex
p loi
are
Se
tB rve
of Cyber-Attacks, a user doesn’t row
ser
r

have to do anything to initialize

the malicious software or virus. A
single click on a pop-up window or
website link can do the job!
Drive-by attacks are increasingly
used to spread viruses and malware. ATTACKER MALWARE
The attacks take advantage of SERVER
security vulnerabilities in apps or
websites to exploit victim systems.
These include not updating the app,
flaws in security patches, bugs, and

92 PERCENT
more.
The attacks also run in the
background and are not visible
to the user. As a result, you can’t
take any concrete steps to identify
incorrect codes. Only being proactive
of Malware is Delivered by Email.
can help businesses protect
themselves from drive-by attacks.

ONE HALF
of all Cyber-Attacks
Specifically Target
Small Businesses.

10
 IN 2018 HACKERS STOLE PASSWORD
THREATS
ATTACK

160 000 000

Password attacks enable
cybercriminals to gain unauthorized
access to user accounts and
networks. Someone in your office

PERSONAL RECORDS. can just guess or look around your

desk to steal your password. That’s
why it’s always recommended not
to write down your passwords.
Attackers may also spy on your
network, use decryption tools,
and use brute force to break your
passwords.
A range of precautions can help
save you from password attacks.
You can program your system to
lock accounts after a few wrong
passwords. Using two-step
authentication is also an excellent
way to keep your accounts safe
from prying eyes.

98 PERCENT
73 PERCENT of Cyber-Attacks rely
on Social Engineering.
of Passwords are Duplicates.

11
NOTABLE FACTS
WHO FALLS FOR PHISHING? RANSOM RESPONSE BY SECTOR
Average Failure Rate, By Department 23% of Response Work is Insurance

23%
17%

17%
14% 16%

12%
11% 11%
10%
9%
8% 7% 7%
7%

High-Tech

Insurance
Natural Resources

Life Sciences

Travel & Hospitality

Industrial

Telecommunications

Consumer Goods
& Services
Purchasing IT Finance Marketing Quality Facilities

RATES OF PASSWORD REUSE CYBER INSURANCE PAYMENTS

Reported Password Reuse of Employees Per Sector Insurance Typically Covers 59% of Ransom, If Paid

91% 94%
83%
77%

Not Covered
Covered by by Insurer
Insurer
41%
59%

Software and Public Services Education Healthcare

Technology

12
NOTABLE FACTS WHO WAS BREACHED IN 2021? AVERAGE RANSOM PAYMENTS
Top 6 Sectors Breached so far in 2021 82% Growth in 2021 in Typical Amount Actually Paid

Healthcare 238

Finance & Insurance 194

Information 180

Professional/Scientific 171

Manufacturing 169

Public Administration 169

CLOUD SECURITY
73% of Firms are Very to Extremely Concerned

41%

23% 32%
3%
1%
Not at all Concerned Extremely Concerned

Not at all Concerned Slightly Concerned Moderately Concerned Very Concerned Extremely Concerned

13
 5 Crucial Elements of an
Effective Cyber Security
Program:
1. Offence Informs Defense
Learning and acquiring knowledge from
actual attacks that compromised your system
can lead to effective and practical defenses.
Your defense should be built only on controls
that have proven successful in preventing
real-world attacks for the best results.

2. Prioritization
Businesses should only focus on controls that
can reduce risk most effectively and protect
the organization from dangerous cyber
threats. Also, the control should be feasible
enough to be implemented in your computing
environment.

You can identify Sub-Controls to implement

by visiting the CIS Implementation Groups.

3. Measurements and Metrics

You should have standard metrics or KPIs
in place so that all stakeholders like IT,
executives, officers, and auditors can stay on
the same page. Metrics are also necessary
to monitor the effectiveness of your security
measures and make improvements.

4. Continuous Diagnostics and Mitigation

You should always be proactive and monitor
your security measures’ effectiveness. Any
issues should be resolved as soon as possible
to ensure the integrity of the following
actions.

5. Automation
Automation helps businesses ensure
compliance with controls and gain a scalable
and reliable way to fight off cyber threats.
Automation also increases efficiencies and
saves both time and labour.

14
 The CIS Controls™ is a set of
security best practices that
help businesses mitigate and
protect themselves against the
most common Cyber-Attacks
and Threats out there.

These were developed and are

maintained by IT and Security
Experts at the Center for
Internet Security (CIS) and are
recognized by Businesses and
Governments globally.

The List of Controls P20

15
 NIST Cybersecurity Framework
The NIST Cybersecurity Framework enables
businesses and enterprises to evaluate
the risks they encounter. The framework
consists of three parts.
The Framework Core presents a range
of references, outcomes, and activities
associated with aspects and approaches
to cyber defense. The Framework
Implementation Tiers help organizations
establish their approach to cybersecurity
and clarify their stance to all stakeholders.
The tier also portrays the degree of
sophistication of the management
approach. The Framework Profile
contains a collection of outcomes the
enterprise picked from the categories and
subcategories based on its risk evaluation
and requirements.
Organizations can create a “Current Profile”
based on the framework that includes
the cybersecurity activities and goals the
company aims for. Then it can develop
a “Target Profile” or go for a baseline
profile that meets the organization’s
specific industry needs. Ultimately, the
organization can craft actionable steps to
achieve the target profile.

IDENTIFY PROTECT DETECT RESPOND RECOVER

PROACTIVE REACTIVE

Asset Access Control Anomalies and Response Recovery Planning

Management Events Planning

Awareness and Improvements

Business Training Security Communications
Environment Continuous
Monitoring Communications
Data Security Analysis
Governance
Detection
Information Processes Mitigation
Risk Assessment Protection and
Procedures
Improvements
Risk Management
Strategy Maintenance

Proactive
Technology

16
 CIS ControlsTM
The CIS Controls™ is a set of 18 actions that
make up the best practices to tackle major
attacks against systems and networks. The
best practices are developed by a bunch
of IT experts with years of experience in
Cybersecurity. They come from a range of
industries, including government, defense,
healthcare, education, retail, manufacturing,
and others. The CIS Controls are considered
to be an international-level collection of best
security practices.
Over the years, various forms of Cyber-
Attacks have targeted businesses. They
include data breaches, stealing of credit card
information, theft of identity and intellectual
property, denials of service, privacy
breaches, and much more. Experts have
developed a range of security protocols to
address these cyber threats, which is termed
as Cyber Defense.
The IT Industry uses a plethora of resources
and tools to counter Cyber Threats.
We also have different technologies,
security controls, vulnerability databases,
certifications, training material, and security
checklists too. We have access to studies
and reports, tools, notification services, and
more to keep us protected from any form of
Cyber Threat. The IT Industry also depends
on a number of regulations, risk assessment
frameworks, and security requirements to
keep themselves safe from cybercrime.
However, this overload of information and
technology often leads to confusion. The
competing security measures and options
can paralyze an organization from taking the
required step to counter Cybercrime. In the
present day, the business process has grown
17
more complex along with the proliferation of
mobile devices and expanding dependencies.
The advance in technology has led to the
distribution of data across several channels,
even outside the organization. As a result,
security has transformed from a standalone
problem to a multi-faceted threat in this
interconnected world.
The average cost of
a ransomware attack
on businesses was
$133,000.
The situation brings up the need to act as
a community and come up with solutions
and support for different industries, sectors,
and partnerships. We need to use our
knowledge and advancing technology
to create solutions that address the
crucial aspects of an organization’s risk
management approach. Such an approach
will be a step in the right direction and help
enterprises take the proper steps to resolve
security issues. The best way to do this is to
follow a roadmap of fundamentals that help
organizations develop their Cyber Defense
and security protocols.
The CIS ControlsTM were developed
based on the above principles to help
organizations take a holistic approach
towards Cybersecurity. They were originally
created as a grass-roots program to help
cut down the confusion and focus on
fundamental actions that enable a business
to overcome cyber threats. The controls are
intrinsically valuable and provide the data
and knowledge to organizations for staying
alert, responding, and preventing Cyber-
Attacks.
The CIS ControlsTM are led by CIS®, a global
community that offers the following:
• Shared insight into Cybercrimes, Cyber-
Attacks, and threats to get to the root
cause of problems and come up with
appropriate measures.
• Documentation of all required
approvals and distribution of critical
tools.
• Tracking of the nuances of a threat,
including growth, severity, and
intrusiveness.
• Highlighting of the importance of
CIS ControlsTM to help make them
compliant with regulatory frameworks.
• Sharing of knowledge, tools, working
aids, translations, and more.
• Tackling the common threats before
they become serious and implement
roadmaps to solve them as a
community.
The CIS Controls are made up of a highly-
actionable collection of actions that
organizations can implement, use, and
scale. The controls also comply with most
applicable laws and security safeguards and
are backed by the IT Community.
We help our Clients align with the CIS
ControlsTM to help Safeguard their business.
 THE
IMPLEMENTATION
GROUPS
Doctrines of Effective
Cyber Defense
As we already discussed, there are
five tenets to a reliable Cybersecurity
program:

Offence informs defense: Build more

effective security measures learning
from past attacks and threats. Only
controls proven to be effective should
be considered.
Prioritization: Prioritize the controls
that have been effective in the
real-world against threats. The ease
of implementation should also be a
consideration.
Measurements and metrics:
Measurements and metrics are
essential to assess the effectiveness
of your security measures. They also
enable all stakeholders in your security
team to speak the same language.
Continuous diagnostics and
mitigation: Test and assess your
security protocols regularly to help
implement the next steps.
Automation: Automate your
cybersecurity activities to ensure
compliance and gain a reliable and
scalable cyber defense.
The CIS Controls best practices
help enterprises to counter and
prevent Cyber-Attacks and threats.
The controls are divided into three
categories- basic, foundational, and
organizational controls.
The CIS understands that not every Business or
Organization will have the means, budget or requirement
to properly implement all the Safeguards that they
recommend.
To combat this, all of the Safeguards underneath each
Control are categorized into Implementation Groups.
Each Implementation Group builds on the one before
it, so IG2 includes all the Safeguards from IG1 and IG3
includes all the Safeguards from both IG1 and IG2.
A good goal for an organization or business of any size is
to start with implementing everything that as a part of
Implementation Group 1 (IG1).
Once they have implemented all IG1 Safeguards
Depending on requirements and budget, they can then
start to implement Safeguards from Implementation
Group 2 (IG2).
Finally, again depending on requirements and budget,
they can then start to implement Safeguards from
Implementation Group 3 (IG3).

18
 Each of the 18 CIS Controls has a number of Safeguards that form a part of it.
There are 153 in total. These 153 Safeguards are categorized into three (3) groups:
Implementation Group 1 (IG1) has 56, Implementation Group 2 (IG2) has 74 &
Implementation Group 3 (IG3) has an additional 23 Safeguards.

Implementation Group 1 (IG1) - Basic Cyber Hygiene

In most cases, an IG1 enterprise is typically small to medium-sized with

limited IT and Cybersecurity expertise to dedicate towards protecting IT
assets and personnel. A common concern of these enterprises is to keep
the business operational, as they have a limited tolerance for downtime.

Implementation Group 2 (IG2)

An IG2 enterprise usually employs individuals or an external party such

as a Managed Service Provider (MSP) to help manage and protect IT
Infrastructure. These enterprises typically have multiple departments
with different risk profiles based on job function and mission.

Implementation Group 3 (IG3)

An IG3 Enterprise typically employs dedicated security experts that

specialize in the different facets of Cybersecurity. The Assets and Data
of an IG3 Enterprise typically contain sensitive information and they are
often subject to regulatory and compliance oversight.

19
 01 - Inventory and Control of THE SAFEGUARDS
CONTROL 01
Enterprise Assets 1.1 Establish and Maintain Detailed
Enterprise Asset Inventory
Safeguards Total 5 IG1 2/5 IG2 4/5 IG3 5/5 Devices Identify

1.2 Address Unauthorized Assets

Devices Respond
Actively manage (inventory, track, and correct) all enterprise assets
1.3 Utilize an Active Discovery Tool
(end-user devices, including portable and mobile; network devices; non- Devices Detect

computing/Internet of Things (IoT) devices; and servers) connected to 1.4 Use Dynamic Host
the infrastructure physically, virtually, remotely, and those within cloud Configuration Protocol (DHCP)
Logging to Update Enterprise
environments, to accurately know the totality of assets that need to be Asset Inventory
monitored and protected within the enterprise. This will also support Devices Identify

identifying unauthorized and unmanaged assets to remove or remediate. 1.5 Use a Passive Asset Discovery
Tool
Devices Detect

Why Is This CIS Control Critical?

Enterprises cannot defend what they do
not know they have. Managed control of
all enterprise assets also plays a critical role
in security monitoring, incident response,
system backup, and recovery. Enterprises
should know what data is critical to them,
and proper asset management will help
identify those enterprise assets that hold
or manage this critical data, so
20
that appropriate security controls can be
applied.
External attackers are continuously
scanning the internet address space of
target enterprises, premise-based or in
the cloud, identifying possibly unprotected
assets attached to an enterprise’s network.
Attackers can take advantage of new
assets that are installed, yet not securely
configured and patched. Internally,
unidentified assets can also have weak
security configurations that can make
them vulnerable to web- or email-based
malware; and, adversaries can leverage
weak security configurations for traversing
the network, once they are inside.

Did You Know?

1 2 3 4 5

Asset Type Security Function

Nearly 66% of IT Managers have an incomplete record of their IT assets. Knowing what IT
Equipment you have and where is a critical function. We can help with an initial Asset Audit 1= Asset Type 4= Implementation Group 2
and ongoing Asset List Management. 2= Security Function 5= Implementation Group 3
3= Implementation Group 1
 THE SAFEGUARDS 02 - Inventory and Control of
CONTROL 02
2.1 Establish and Maintain a
Software Assets
Software Inventory
Applications Identify Safeguards Total 7 IG1 3/7 IG2 6/7 IG3 7/7
2.2 Ensure Authorized Software is
Currently Supported
Applications Identify
Actively manage (inventory, track, and correct) all software (operating
2.3 Address Unauthorized systems and applications) on the network so that only authorized software
Software is installed and can execute, and that unauthorized and unmanaged
Applications Respond
software is found and prevented from installation or execution.
2.4 Utilize Automated Software
Inventory Tools
Applications Detect

2.5 Allowlist Authorized Software Why Is This CIS Control Critical?

Applications Protect

2.6 Allowlist Authorized Libraries

Applications Protect
A complete software inventory is a
critical foundation for preventing attacks.
2.7 Allowlist Authorized Scripts
Attackers continuously scan target
Applications Protect
enterprises looking for vulnerable versions
of software that can be remotely exploited.
For example, if a user opens a malicious
website or attachment with a vulnerable
browser, an attacker can often install
backdoor programs and bots that give the
attacker long-term control of the system.
Attackers can also use this access to move
laterally through the network. One of
the key defenses against these attacks is
updating and patching software. However,
without a complete inventory of software
assets, an enterprise cannot determine if
they have vulnerable software, or if there
are potential licensing violations.
Even if a patch is not yet available, a
complete software inventory list allows an
21 enterprise to guard against known attacks
until the patch is released.
Some sophisticated attackers use “zero-
day exploits,” which take advantage of
previously unknown vulnerabilities that
have yet to have a patch released from
the software vendor. Depending on the
severity of the exploit, an enterprise can
implement temporary mitigation measures
to guard against attacks until the patch is
released.
Management of software assets is
also important to identify unnecessary
security risks. An enterprise should review
its software inventory to identify any
enterprise assets running software that
is not needed for business purposes. For
example, an enterprise asset may come
installed with default software that creates
a potential security risk and provides no
benefit to the enterprise. It is critical to
inventory, understand, assess, and manage
all software connected to an enterprise’s
infrastructure.

Did You Know?

1 2 3 4 5

Asset Type Security Function

56% verify asset location only once a year, while 10-15% verify only every five years. Regular
1= Asset Type 4= Implementation Group 2 asset & inventory maintenance is crucial to keeping accurate records. We can help you with
2= Security Function 5= Implementation Group 3 your Software Inventory and Control Management.
3= Implementation Group 1
 03 - Data Protection THE SAFEGUARDS
CONTROL 03
Safeguards Total 14 IG1 6/14 IG2 12/14 IG3 14/14
3.1 Establish and Maintain a Data
Management Process
Data Identify
Develop processes and technical controls to identify, classify, securely
3.2 Establish and Maintain a Data
handle, retain, and dispose of data. Inventory
Data Identify

3.3 Configure Data Access Control

Why Is This CIS Control Critical? Lists
Data Protect

3.4 Enforce Data Retention

Data is no longer only contained within through its entire life cycle. These privacy Data Protect
an enterprise’s border; it is in the cloud, rules can be complicated for multi-national 3.5 Securely Dispose of Data
on portable end-user devices where users enterprises of any size; however, there are Data Protect
work from home, and is often shared with fundamentals that can apply to all. 3.6 Encrypt Data on End-User
partners or online services that might Devices
have it anywhere in the world. In addition Once attackers have penetrated an
Data Protect
to sensitive data an enterprise holds enterprise’s infrastructure, one of their
first tasks is to find and exfiltrate data. 3.7 Establish and Maintain a Data
related to finances, intellectual property,
Enterprises might not be aware that Classification Scheme
and customer data, there also might be
numerous international regulations for sensitive data is leaving their environment Data Identify

protection of personal data. Data privacy because they are not monitoring data 3.8 Document Data Flows
has become increasingly important, and outflows. Data Identify

enterprises are learning that privacy 3.9 Encrypt Data on Removable

is about the appropriate use and Media
management of data, not just encryption. Data Protect

Data must be appropriately managed 3.10 Encrypt Sensitive Data in

Transit
Data Protect

3.11 Encrypt Sensitive Data at Rest

Data Protect

3.12 Segment Data Processing and

Storage Based on Sensitivity
Data Protect

3.13 Deploy a Data Loss Prevention

Solution
22 Data Protect

3.14 Log Sensitive Data Access

Data Detect

Did You Know?

78 Percent of Small Businesses that store valuable or sensitive data do not encrypt their data
making it easy for hackers to gain access. There are tools and systems available now that can
cost-effectively manage data protection and encryption across organizations.
 THE SAFEGUARDS 04 - Secure Configuration of
CONTROL 04
4.1 Establish and Maintain a Secure
Enterprise Assets and Software
Configuration Process
Applications Protect Safeguards Total 12 IG1 7/12 IG2 11/12 IG3 12/12
4.2 Establish and Maintain a Secure
Configuration Process for
Network Infrastructure Establish and maintain the secure configuration of enterprise assets
Network Protect (end-user devices, including portable and mobile; network devices; non-
4.3 Configure Automatic Session computing/IoT devices; and servers) and software (operating systems and
Locking on Enterprise Assets
Users Protect
applications).
4.4 Implement and Manage a
Firewall on Servers
Devices Protect Why Is This CIS Control Critical?
4.5 Implement and Manage a
Firewall on End-User Devices
Devices Protect As delivered from manufacturers and devices, network devices, and cloud
4.6 Securely Manage Enterprise resellers, the default configurations environments.
Assets and Software for enterprise assets and software are
normally geared towards ease-of- Service providers play a key role in
Network Protect
deployment and ease-of-use rather than modern infrastructures, especially for
4.7 Manage Default Accounts on smaller enterprises. They often are not
security. Basic controls, open services and
Enterprise Assets and Software set up by default in the most secure
ports, default accounts or passwords, pre-
Users Protect configuration to provide flexibility for their
configured Domain Name System (DNS)
4.8 Uninstall or Disable settings, older (vulnerable) protocols, and customers to apply their own security
Unnecessary Services on pre-installation of unnecessary software policies. Therefore, the presence of default
Enterprise Assets and Software can all be exploitable if left in their default accounts or passwords, excessive access,
Devices Protect
state. Further, these security configuration or unnecessary services are common in
4.9 Configure Trusted DNS Servers updates need to be managed and default configurations.
on Enterprise Assets maintained over the life cycle of enterprise
Devices Protect assets and software. Configuration updates
4.10 Enforce Automatic Device need to be tracked and approved through
Lockout on Portable End-User configuration management workflow
Devices process to maintain a record that can
Devices Respond be reviewed for compliance, leveraged
4.11 Enforce Remote Wipe for incident response, and to support
Capability on Portable End- audits. This CIS Control is important to
23 User Devices on-premises devices, as well as remote
Devices Protect

4.12 Separate Enterprise

Workspaces on Mobile End-
User Devices
Did You Know?
Devices Protect Only 14% of small businesses rate their ability to mitigate cyber risks, vulnerabilities and
attacks as highly effective. Setting up and managing appropriate security and configuration
policies and procedures doesn’t have to take a lot of effort if you work with a professional.
 05 - Account Management THE SAFEGUARDS
CONTROL 05
Safeguards Total 6 IG1 4/6 IG2 6/6 IG3 6/6
5.1 Establish and Maintain an
Inventory of Accounts
Users Identify
Use processes and tools to assign and manage authorization to credentials
5.2 Use Unique Passwords
for user accounts, including administrator accounts, as well as service Users Protect

accounts, to enterprise assets and software. 5.3 Disable Dormant Accounts

Users Respond

5.4 Restrict Administrator

Why Is This CIS Control Critical? Privileges to Dedicated
Administrator Accounts
Users Protect

It is easier for an external or internal accounts embedded in applications for 5.5 Establish and Maintain an
threat actor to gain unauthorized access scripts, a user having the same password Inventory of Service Accounts
to enterprise assets or data through as one they use for an online account Users Identify

using valid user credentials than through
“hacking” the environment. There are
many ways to covertly obtain access to
user accounts, including: weak passwords,
accounts still valid after a user leaves
the enterprise, dormant or lingering test
accounts, shared accounts that have not
been changed in months or years, service
that has been compromised (in a public 5.6 Centralize Account
password dump), social engineering a user Management
to give their password, or using malware Users Protect
to capture passwords or tokens in memory
or over the network.
Administrative, or highly privileged,
accounts are a particular target, because
they allow attackers to add other accounts,
or make changes to assets that could
make them more vulnerable to other
attacks. Service accounts are also sensitive,
as they are often shared among teams,
internal and external to the enterprise, and
sometimes not known about, only to be
revealed in standard account management
audits.

Finally, account logging and monitoring is a

critical component of security operations.

24

Did You Know? 1 2

Asset Type Security Function

3 4 5

98% of Microsoft Windows critical vulnerabilities could be mitigated by removing

administrative rights from end-user systems. There’s amazing Zero Trust tools available to 1= Asset Type 4= Implementation Group 2
help make ongoing management of this much easier. 2= Security Function 5= Implementation Group 3
3= Implementation Group 1
 THE SAFEGUARDS 06 - Access Control Management
CONTROL 06
Safeguards Total 8 IG1 5/8 IG2 7/8 IG3 8/8
6.1 Establish an Access Granting
Process
Users Protect
Use processes and tools to create, assign, manage, and revoke access
6.2 Establish an Access Revoking
Process credentials and privileges for user, administrator, and service accounts for
Users Protect enterprise assets and software.
6.3 Require MFA for Externally-
Exposed Applications
Users Protect
Why Is This CIS Control Critical?
6.4 Require MFA for Remote
Network Access
Users Protect
Where CIS Control 5 deals specifically Developing consistent access rights for
6.5 Require MFA for Administrative with account management, CIS Control 6 each role and assigning roles to users is a
Access focuses on managing what access these best practice. Developing a program for
Users Protect accounts have, ensuring users only have complete provision and de-provisioning
6.6 Establish and Maintain an access to the data or enterprise assets access is also important. Centralizing this
Inventory of Authentication appropriate for their role, and ensuring function is ideal.
and Authorization Systems that there is strong authentication for
Users Identify critical or sensitive enterprise data or
6.7 Centralize Access Control functions. Accounts should only have the
Users Protect minimal authorization needed for the role.
6.8 Define and Maintain Role-
Based Access Control
Data Protect

25

1 2

Asset Type Security Function

3 4 5
1= Asset Type 4= Implementation Group 2
2= Security Function 5= Implementation Group 3
3= Implementation Group 1
Did You Know?
In early November 2020, Microsoft urged users to stop using phone-based MFA and
instead recommend using app-based authenticators and security keys. We can assist you to
implement an organization wide Enterprise Multi-Factor and Identity Management system.
 07 - Continuous Vulnerability THE SAFEGUARDS
CONTROL 07
Management 7.1 Establish and Maintain a
Vulnerability Management
Safeguards Total 7 IG1 4/7 IG2 7/7 IG3 7/7 Process
Applications Protect

7.2 Establish and Maintain a

Develop a plan to continuously assess and track vulnerabilities on all Remediation Process
enterprise assets within the enterprise’s infrastructure, in order to Applications Respond

remediate, and minimize, the window of opportunity for attackers. Monitor 7.3 Perform Automated Operating
System Patch Management
public and private industry sources for new threat and vulnerability Applications Protect
information. 7.4 Perform Automated
Application Patch Management
Applications Protect

Why Is This CIS Control Critical? 7.5 Perform Automated

Vulnerability Scans of Internal
Enterprise Assets
Cyber defenders are constantly being Applications Identify

challenged from attackers who are 7.6 Perform Automated

looking for vulnerabilities within their Vulnerability Scans of
infrastructure to exploit and gain access. Externally-Exposed Enterprise
Defenders must have timely threat Assets
information available to them about: Applications Identify
software updates, patches, security 7.7 Remediate Detected
advisories, threat bulletins, etc., and they Vulnerabilities
should regularly review their environment Applications Respond
to identify these vulnerabilities before the
attackers do. Understanding and managing
vulnerabilities is a continuous activity,
requiring focus of time, attention, and
resources.

Attackers have access to the same

information and can often take advantage
of vulnerabilities more quickly than an
enterprise can remediate.

26

Did You Know?

1 2 3 4 5

Asset Type Security Function

One of the main points of entry used by threat actors is to exploit unpatched vulnerabilities
within systems. According to one survey from the Ponemon Institute, 60% of breaches in 1= Asset Type 4= Implementation Group 2
2019 involved unpatched vulnerabilities. 2= Security Function 5= Implementation Group 3
3= Implementation Group 1
 THE SAFEGUARDS 08 - Audit Log Management
CONTROL 08
Safeguards Total 12 IG1 3/12 IG2 11/12 IG3 12/12
8.1 Establish and Maintain an
Audit Log Management
Process
Network Protect
Collect, alert, review, and retain audit logs of events that could help detect,
8.2 Collect Audit Logs understand, or recover from an attack.
Network Detect

8.3 Ensure Adequate Audit Log

Storage Why Is This CIS Control Critical?
Network Protect

8.4 Standardize Time

Synchronization Log collection and analysis is critical Logging records are also critical for
Network Protect for an enterprise’s ability to detect incident response. After an attack has
8.5 Collect Detailed Audit Logs malicious activity quickly. Sometimes been detected, log analysis can help
Network Detect audit records are the only evidence of a enterprises understand the extent of an
8.6 Collect DNS Query Audit Logs successful attack. Attackers know that attack. Complete logging records can show,
Network Detect
many enterprises keep audit logs for for example, when and how the attack
compliance purposes, but rarely analyze occurred, what information was accessed,
8.7 Collect URL Request Audit Logs
them. Attackers use this knowledge to and if data was exfiltrated. Retention of
Network Detect
hide their location, malicious software, logs is also critical in case a follow-up
8.8 Collect Command-Line Audit and activities on victim machines. Due to investigation is required or if an attack
Logs poor or nonexistent log analysis processes, remained undetected for a long period of
Devices Detect
attackers sometimes control victim time.
8.9 Centralize Audit Logs machines for months or years without
Network Detect anyone in the target enterprise knowing.
8.10 Retain Audit Logs
Network Protect There are two types of logs that are
generally treated and often configured
8.11 Conduct Audit Log Reviews
Network Detect
independently: system logs and audit logs.
System logs typically provide system-
8.12 Collect Service Provider Logs level events that show various system
Data Detect
process start/end times, crashes, etc.
These are native to systems, and take
less configuration to turn on. Audit logs
typically include user-level events—when
a user logged in, accessed a file, etc.—and
take more planning and effort to set up.
27

Did You Know?

1 2 3 4 5

Asset Type Security Function

Most businesses are legally obligated to have a data audit trail. Multiple government-
1= Asset Type 4= Implementation Group 2 mandated standards and regulations, including ISO 27001, PCI-DSS, HIPAA, PNR Directive,
2= Security Function 5= Implementation Group 3 and more, require some form of audit trail. Talk to us today to help configure your Auditing.
3= Implementation Group 1
 09 - Email and Web Browser Protections THE SAFEGUARDS
CONTROL 09
Safeguards Total 7 IG1 2/7 IG2 6/7 IG3 7/7
9.1 Ensure Use of Only Fully
Supported Browsers and Email
Clients
Improve protections and detections of threats from email and web vectors, Applications Protect
as these are opportunities for attackers to manipulate human behavior 9.2 Use DNS Filtering Services
through direct engagement. Network Protect

9.3 Maintain and Enforce Network-

Based URL Filters
Why Is This CIS Control Critical? Network Protect

9.4 Restrict Unnecessary or

Unauthorized Browser and
Web browsers and email clients are very attackers to gain access, thus increasing Email Client Extensions
Applications Protect
common points of entry for attackers risk to the enterprise. Since email and web
because of their direct interaction with are the main means that users interact 9.5 Implement DMARC
users inside an enterprise. Content can with external and untrusted users and Network Protect

be crafted to entice or spoof users into environments, these are prime targets for 9.6 Block Unnecessary File Types
disclosing credentials, providing sensitive both malicious code and social engineering. Network Protect
data, or providing an open channel to allow 9.7 Deploy and Maintain Email
Server Anti-Malware
Protections
Network Protect

28

Did You Know?

1 2 3 4 5

Asset Type Security Function

The top malicious email attachment types are Office documents which make up 38%,
the next highest is Archive (.zip etc.) at 37%. A multi-layered approach to web and email 1= Asset Type 4= Implementation Group 2
protection is vital. 2= Security Function 5= Implementation Group 3
3= Implementation Group 1
 THE SAFEGUARDS 10 - Malware Defenses
CONTROL 10
Safeguards Total 7 IG1 3/7 IG2 7/7 IG3 7/7
10.1 Deploy and Maintain Anti-
Malware Software
Devices Protect
Prevent or control the installation, spread, and execution of malicious
10.2 Configure Automatic Anti-
Malware Signature Updates applications, code, or scripts on enterprise assets.
Devices Protect

10.3 Disable Autorun and Autoplay

for Removable Media Why Is This CIS Control Critical?
Devices Protect

10.4 Configure Automatic Anti-

Malware Scanning of Malicious software (sometimes categorized Malware enters an enterprise through
Removable Media as viruses or Trojans) is an integral and vulnerabilities within the enterprise on
Devices Detect dangerous aspect of internet threats. They end-user devices, email attachments,
10.5 Enable Anti-Exploitation can have many purposes, from capturing webpages, cloud services, mobile devices,
Features credentials, stealing data, identifying other and removable media. Malware often
Devices Protect targets within the network, and encrypting relies on insecure end-user behavior, such
10.6 Centrally Manage Anti- or destroying data. Malware is ever- as clicking links, opening attachments,
Malware Software evolving and adaptive, as modern variants installing software or profiles, or inserting
Devices Protect
leverage machine learning techniques. Universal Serial Bus (USB) flash drives.
Modern malware is designed to avoid,
10.7 Use Behavior-Based Anti-
deceive, or disable defenses.
Malware Software
Devices Detect

29

Did You Know?

1 2 3 4 5

Asset Type Security Function

Cyber-Attacks and threats are constantly evolving, with 350,000 new malware signatures
1= Asset Type 4= Implementation Group 2 detected every day. We can help you implenent advanced enterprise level threat protection
2= Security Function 5= Implementation Group 3 and detection tools that use technologies such as A.I. and Machine Learning to help protect.
3= Implementation Group 1
 11 - Data Recovery THE SAFEGUARDS
CONTROL 11
Safeguards Total 5 IG1 4/5 IG2 5/5 IG3 5/5
11.1 Establish and Maintain a Data
Recovery Process
Data Recover
Establish and maintain data recovery practices sufficient to restore in-scope
11.2 Perform Automated Backups
enterprise assets to a pre-incident and trusted state. Data Recover

11.3 Protect Recovery Data

Why Is This CIS Control Critical?
In the cybersecurity triad—Confidentiality,
Integrity, and Availability (CIA)—the
availability of data is, in some cases, more
critical than its confidentiality. Enterprises
need many types of data to make business
decisions, and when that data is not
available or is untrusted, then it could
impact the enterprise. An easy example is
weather information to a transportation
enterprise.
When attackers compromise assets,
they make changes to configurations,
add accounts, and often add software or
scripts. These changes are not always
easy to identify, as attackers might have
corrupted or replaced trusted applications
Data Protect
11.4 Establish and Maintain an
Isolated Instance of Recovery
Data
with malicious versions, or the changes Data Recover
might appear to be standard-looking 11.5 Test Data Recovery
account names. Configuration changes Data Recover
can include adding or changing registry
entries, opening ports, turning off security
services, deleting logs, or other malicious
actions that make a system insecure.
These actions do not have to be malicious;
human error can cause each of these as
well. Therefore, it is important to have an
ability to have recent backups or mirrors to
recover enterprise assets and data back to
a known trusted state.

30

Did You Know?

1 2 3 4 5

Asset Type Security Function

75% of small business owners don’t have a Disaster Recovery plan in place. A basic Disaster
Recovery plan can start off small and grow over time. Something is better than nothing. We 1= Asset Type 4= Implementation Group 2
can help you build a Disaster Recovery plan so you are ready for when something happens. 2= Security Function 5= Implementation Group 3
3= Implementation Group 1
 THE SAFEGUARDS 12 - Network Infrastructure Management
CONTROL 12
Safeguards Total 8 IG1 1/8 IG2 7/8 IG3 8/8
12.1 Ensure Network Infrastructure
is Up-to-Date
Network Protect
Establish, implement, and actively manage (track, report, correct) network
12.2 Establish and Maintain a Secure
Network Architecture devices, in order to prevent attackers from exploiting vulnerable network
Network Protect services and access points.
12.3 Securely Manage Network
Infrastructure
Network Protect
Why Is This CIS Control Critical?
12.4 Establish and Maintain
Architecture Diagram(s)
Network Identify
Secure network infrastructure is an They exploit flaws in these devices to
12.5 Centralize Network essential defense against attacks. gain access to networks, redirect traffic
Authentication, Authorization, This includes an appropriate security on a network, and intercept data while in
and Auditing (AAA) architecture, addressing vulnerabilities that transmission.
Network Protect are, often times, introduced with default
12.6 Use of Secure Network settings, monitoring for changes, and Network security is a constantly
Management and reassessment of current configurations. changing environment that necessitates
Communication Protocols Network infrastructure includes devices regular re-evaluation of architecture
Network Protect such as physical and virtualized gateways, diagrams, configurations, access controls,
12.7 Ensure Remote Devices Utilize firewalls, wireless access points, routers, and allowed traffic flows. Attackers
a VPN and are Connecting and switches. take advantage of network device
to an Enterprise’s AAA configurations becoming less secure over
Infrastructure Default configurations for network devices time as users demand exceptions for
Devices Protect
are geared for ease-of-deployment and specific business needs.
ease-of-use—not security. Potential
12.8 Establish and Maintain
default vulnerabilities include open
Dedicated Computing
services and ports, default accounts and
Resources for All
passwords (including service accounts),
Administrative Work
support for older vulnerable protocols, and
Devices Protect
pre-installation of unneeded software.
Attackers search for vulnerable default
settings, gaps or inconsistencies in firewall
rule sets, routers, and switches and use
those holes to penetrate defenses.

31

Did You Know?

1 2 3 4 5

Asset Type Security Function

Research from Gartner suggests that, through 2022, 99% of firewall breaches will be caused
1= Asset Type 4= Implementation Group 2 by simple firewall misconfigurations. Regular and ongoing Network Configuration Monitoring
2= Security Function 5= Implementation Group 3 and Audits can help pick up any weak points. We can work with you to develop a plan.
3= Implementation Group 1
 13 - Network Monitoring and Defense THE SAFEGUARDS
CONTROL 13
Safeguards Total 11 IG1 0/11 IG2 6/11 IG3 11/11
13.1 Centralize Security Event
Alerting
Network Detect
Operate processes and tooling to establish and maintain comprehensive
13.2 Deploy a Host-Based Intrusion
network monitoring and defense against security threats across the Detection Solution
enterprise’s network infrastructure and user base. Devices Detect

13.3 Deploy a Network Intrusion

Detection Solution
Why Is This CIS Control Critical? Network Detect

13.4 Perform Traffic Filtering

Between Network Segments
Network Protect
We cannot rely on network defenses to be monitoring that allows staff the ability
perfect. Adversaries continue to evolve and to be alerted and respond to security 13.5 Manage Access Control for
mature, as they share, or sell, information incidents quickly. Enterprises that adopt Remote Assets
among their community on exploits and a purely technology-driven approach will Devices Protect

bypasses to security controls. Even if
security tools work “as advertised,” it takes
an understanding of the enterprise risk
posture to configure, tune, and log them
to be effective. Often, misconfigurations
due to human error or lack of knowledge
of tool capabilities give enterprises a false
sense of security.
Security tools can only be effective if they
are supporting a process of continuous
also experience more false positives, due 13.6 Collect Network Traffic Flow
to their over-reliance on alerts from tools. Logs
Identifying and responding to these threats Network Detect
requires visibility into all threat vectors of 13.7 Deploy a Host-Based Intrusion
the infrastructure and leveraging humans Prevention Solution
in the process of detection, analysis, and Devices Protect
response. It is critical for large or heavily 13.8 Deploy a Network Intrusion
targeted enterprises to have a security Prevention Solution
operations capability to prevent, detect, Network Protect
and quickly respond to cyber threats
13.9 Deploy Port-Level Access
before they can impact the enterprise.
Control
Devices Protect

13.10 Perform Application Layer

Filtering
Network Protect

13.11 Tune Security Event Alerting

Thresholds
Network Detect

32

Did You Know?

1 2 3 4 5

Asset Type Security Function

In the first half of 2019, 4.1 billion data records were compromised from 3,800 publicly
disclosed data breaches. The reputational damage from a data leak can often be the most 1= Asset Type 4= Implementation Group 2
costly part of all, greatly increasing the risk of a business shutting down after a breach. 2= Security Function 5= Implementation Group 3
3= Implementation Group 1
 THE SAFEGUARDS 14 - Security Awareness and Skills Training
CONTROL 14
Safeguards Total 9 IG1 8/9 IG2 9/9 IG3 9/9
14.1 Establish and Maintain a
Security Awareness Program
N/A Protect
Establish and maintain a security awareness program to influence behavior
14.2 Train Workforce Members to
Recognize Social Engineering among the workforce to be security conscious and properly skilled to
Attacks reduce cybersecurity risks to the enterprise.
N/A Protect

14.3 Train Workforce Members on

Authentication Best Practices Why Is This CIS Control Critical?
N/A Protect

14.4 Train Workforce on Data

Handling Best Practices The actions of people play a critical part No security program can effectively
N/A Protect
in the success or failure of an enterprise’s address cyber risk without a means
14.5 Train Workforce Members on security program. It is easier for an attacker to address this fundamental human
Causes of Unintentional Data to entice a user to click a link or open an vulnerability. Users at every level of
Exposure email attachment to install malware in the enterprise have different risks. For
N/A Protect order to get into an enterprise, than to find example: executives manage more
14.6 Train Workforce Members on a network exploit to do it directly. sensitive data; system administrators have
Recognizing and Reporting the ability to control access to systems and
Security Incidents Users themselves, both intentionally and applications; and users in finance, human
N/A Protect unintentionally, can cause incidents as resources, and contracts all have access to
14.7 Train Workforce on How to a result of mishandling sensitive data, different types of sensitive data that can
Identify and Report if Their sending an email with sensitive data to the make them targets.
Enterprise Assets are Missing wrong recipient, losing a portable end-user
Security Updates device, using weak passwords, or using the The training should be updated regularly.
N/A Protect
same password they use on public sites.
14.8 Train Workforce on the
Dangers of Connecting to and
Transmitting Enterprise Data
Over Insecure Networks
N/A Protect

14.9 Conduct Role-Specific Security

Awareness and Skills Training
N/A Protect

33

Did You Know?

1 2 3 4 5

Asset Type Security Function

90% of U.S. organizations required or requested most of their users to work from home in
1= Asset Type 4= Implementation Group 2 2020, however only 29% train their employees about best practices for working remotely.
2= Security Function 5= Implementation Group 3 We can get your team access to some of the best End-User Cybersecurity training available.
3= Implementation Group 1
 THE SAFEGUARDS
15 - Service Provider Management
CONTROL 15 15.1 Establish and Maintain an
Inventory of Service Providers
Safeguards Total 7 IG1 1/7 IG2 4/7 IG3 7/7 N/A Identify

15.2 Establish and Maintain a Service

Provider Management Policy
Develop a process to evaluate service providers who hold sensitive data, N/A Identify

or are responsible for an enterprise’s critical IT platforms or processes, 15.3 Classify Service Providers
N/A Identify
to ensure these providers are protecting those platforms and data
15.4 Ensure Service Provider Contracts
appropriately. Include Security Requirements
N/A Protect

15.5 Assess Service Providers

Why Is This CIS Control Critical? N/A Identify

15.6 Monitor Service Providers

Data Detect

In our modern, connected world, payment cards were compromised after 15.7 Securely Decommission Service
enterprises rely on vendors and partners to attackers infiltrated smaller third-party Providers
help manage their data or rely on third- vendors in the retail industry. More recent Data Protect

party infrastructure for core applications or examples include ransomware attacks

functions.
There have been numerous examples
where third-party breaches have
significantly impacted an enterprise;
for example, as early as the late 2000s,
that impact an enterprise indirectly, due to
one of their service providers being locked
down, causing disruption to business. Or
worse, if directly connected, a ransomware
attack could encrypt data on the main
enterprise.

34

Did You Know?

1 2 3 4 5

Asset Type Security Function

Many Cyber-Attacks originate through 3rd-party Vendors and Software so it’s important to make
sure you do Due Diligence whenever you pick a new vendor to work with. We can help you through 1= Asset Type 4= Implementation Group 2
the vetting process when selecting new Vendors so you know what security questions to ask. 2= Security Function 5= Implementation Group 3
3= Implementation Group 1
 THE SAFEGUARDS
16 - Application Software Security
CONTROL 16
16.1 Establish and Maintain a Secure
Application Development Process
Applications Protect Safeguards Total 14 IG1 0/14 IG2 11/14 IG3 14/14
16.2 Establish and Maintain a Process
to Accept and Address Software
Vulnerabilities Manage the security life cycle of in-house developed, hosted, or acquired
Applications Protect
software to prevent, detect, and remediate security weaknesses before
16.3 Perform Root Cause Analysis on
Security Vulnerabilities they can impact the enterprise.
Applications Protect

16.4 Establish and Manage an

Inventory of Third-Party Why Is This CIS Control Critical?
Software Components
Applications Protect

16.5 Use Up-to-Date and Trusted Applications provide a human-friendly to compromise the data, instead of an
Third-Party Software interface to allow users to access and elaborate network and system hacking
Components manage data in a way that is aligned to sequence that attempts to bypass network
Applications Protect business functions. They also minimize security controls and sensors. This is why
16.6 Establish and Maintain a Severity the need for users to deal directly with protecting user credentials (specifically
Rating System and Process for complex (and potentially error-prone) application credentials) defined in CIS
Application Vulnerabilities system functions, like logging into Control 6 is so important.
Applications Protect a database to insert or modify files.
16.7 Use Standard Hardening Enterprises use applications to manage
Configuration Templates for their most sensitive data and control
Application Infrastructure access to system resources. Therefore,
Applications Protect an attacker can use the application itself
16.8 Separate Production and Non-
Production Systems
Applications Protect

16.9 Train Developers in Application

Security Concepts and Secure
Coding
Applications Protect

16.10 Apply Secure Design Principles in

Application Architectures
Applications Protect

16.11 Leverage Vetted Modules or

Services for Application Security
Components
35 Applications Protect

16.12 Implement Code-Level Security

Checks
Applications Protect

16.13 Conduct Application Penetration

Did You Know?
Testing Small businesses are not investing enough in cyber security, 62% don’t regularly upgrade or
Applications Protect update their software solutions. We can work with you to develop an IT Budget and Plan
16.14 Conduct Threat Modeling that fits your business and requirements so there are no hidden surprises.
Applications Protect
 17 - Incident Response Management THE SAFEGUARDS
CONTROL 17
Safeguards Total 9 IG1 3/9 IG2 8/9 IG3 9/9
17.1 Designate Personnel to
Manage Incident Handling
N/A Respond
Establish a program to develop and maintain an incident response
17.2 Establish and Maintain Contact
capability (e.g., policies, plans, procedures, defined roles, training, and Information for Reporting
communications) to prepare, detect, and quickly respond to an attack. Security Incidents
N/A Respond

17.3 Establish and Maintain

Why Is This CIS Control Critical? an Enterprise Process for
Reporting Incidents
N/A Respond

A comprehensive cybersecurity program the enterprise to successfully understand, 17.4 Establish and Maintain an
includes protections, detections, response, manage, and recover. Incident Response Process
N/A Respond
and recovery capabilities. Often, the
final two get overlooked in immature 17.5 Assign Key Roles and
enterprises, or the response technique to Responsibilities
compromised systems is just to re-image N/A Respond

them to original state, and move on. The 17.6 Define Mechanisms for
primary goal of incident response is to Communicating During Incident
identify threats on the enterprise, respond Response
to them before they can spread, and N/A Respond
remediate them before they can cause 17.7 Conduct Routine Incident
harm. Without understanding the full Response Exercises
scope of an incident, how it happened, N/A Recover
and what can be done to prevent it from 17.8 Conduct Post-Incident Reviews
happening again, defenders will just be in a N/A Recover
perpetual “whack-a-mole” pattern.
17.9 Establish and Maintain Security
We cannot expect our protections to be Incident Thresholds
N/A Recover
effective 100% of the time. When an
incident occurs, if an enterprise does not
have a documented plan—even with
good people—it is almost impossible to
know the right investigative procedures,
reporting, data collection, management
responsibility, legal protocols, and
36 communications strategy that will allow

Did You Know?

1 2 3 4 5

Asset Type Security Function

65% of small businesses have failed to act following a cyber security incident. 23% of small
businesses have a leadership role dedicated to Cyber, whereas 46% have no defined role at 1= Asset Type 4= Implementation Group 2
all. We have a Security Incident Response process in place to assist you if ever needed. 2= Security Function 5= Implementation Group 3
3= Implementation Group 1
 THE SAFEGUARDS 18 - Penetration Testing
CONTROL 18
Safeguards Total 5 IG1 0/5 IG2 3/5 IG3 5/5
18.1 Establish and Maintain a
Penetration Testing Program
N/A Identify
Test the effectiveness and resiliency of enterprise assets through
18.2 Perform Periodic External
Penetration Tests identifying and exploiting weaknesses in controls (people, processes, and
Network Identify technology), and simulating the objectives and actions of an attacker.
18.3 Remediate Penetration Test
Findings
Network Protect
Why Is This CIS Control Critical?
18.4 Validate Security Measures
Network Protect

18.5 Perform Periodic Internal A successful defensive posture requires
Penetration Tests a comprehensive program of effective
N/A Identify policies and governance, strong technical
defenses, combined with appropriate
action from people. However, it is rarely
perfect. In a complex environment where
technology is constantly evolving and
new attacker tradecraft appears regularly,
enterprises should periodically test their
controls to identify gaps and to assess their
resiliency. This test may be from external
network, internal network, application,
system, or device perspective. It may
include social engineering of users, or
physical access control bypasses.
Often, penetration tests are performed for
specific purposes:
• As a “dramatic” demonstration
of an attack, usually to convince
decision-makers of their enterprise’s
weaknesses
• As a means to test the correct
operation of enterprise defenses
(“verification”)
• To test that the enterprise has built
the right defenses in the first place
(“validation”)

37

Did You Know?

1 2 3 4 5

Asset Type Security Function

As sophisticated as security devices are today, almost 90% of Cyber-Attacks are Caused by
1= Asset Type 4= Implementation Group 2 Human Error or Behavior. Penetration Testing can help improve the overall security posture
2= Security Function 5= Implementation Group 3 of an organization. We can simulate common attacks to help you find potential weak points.
3= Implementation Group 1
HOW WE CAN HELP

Guardyne is your one-stop shop for comprehensive

Microsoft 365 security solutions. We empower SMBs to
focus on their core business while we safeguard thier
data, devices and users.

Reasonable Price. Without Complexities.

Affordable annual plan, yet efficient support solution for SMB.

Don't wait for a security crisis to strike. Partner with Guardyne

today and let our managed security services be your shield
against cyber threats. Contact us for a consultation and see
how we can help you achieve Microsoft 365 security bliss!

38

www.guardyne.com
 WE CAN HELP!
HOW WE CAN HELP

We can help you navigate

the complicated world of IT
& Cybersecurity so you can
better protect your Data and
your Business.

TALK TO US TODAY

(218) 444-BITS
+1 804-728-0288

[email protected]
[email protected]

paulbunyan.net
www.guardyne.com

39

Sources & Attribution:

All statistics are from the following sources unless otherwise mentioned:
- PurpleSec 2021 Cybersecurity Statistics
- Verizon 2019 Data Breach Investigations Report
- Cyber Rescue Alliance - Cyber Insights of 2021 Report
- FBI 2020 IC3 Annual Report
 FROM YOUR FRIENDS AT:

(218) 444-1234 | paulbunyan.net

www.guardyne.com

40