October 13, 2020

Last Updated on June 13, 2024

Data forensics service providers clean up after a lot of data breaches.Their job is usually to find out as much as possible about what happened, and how it happened. What vulnerabilities did the attackers exploit? And how can similar attacks be blocked in the future?
To get a nontechnical, end-to-end view of data forensics, Brian Dykstra CISSP, CCFP and President and CEO of Atlantic Data Forensics was our guest on a recent episode of The Virtual CISO Podcast. He was joined by host John Verry, Pivot Point Security’s CISO and Managing Partner.
Brian emphasized three controls that, in his considerable experience, give SMBs the biggest breach-thwarting bang for their buck:
1) MFA
“Lots of companies talking about two-factor or multifactor authentication—many fewer companies are actually implementing it,” Brian laments. “[MFA] just eliminates everything, from the danger of phishing to account takeover… you just have so many excellent benefits.”
“Unfortunately, CISOs I talk to out there are [saying], ‘Oh, we can’t do that here, it’s just way too complicated and our environment’s too unique.’ No, you’re not, you’re just running computers like everybody else,” continues Brian. “‘We’re so large it will be too hard…’ It isn’t. ‘Oh the user base will never accept this.’ The reality is people are much more accepting of multi-factor or two-factor authentication because they’re experiencing it on Facebook and Gmail. … So it’s just becoming a more standard thing.”
John adds: “If you’re using Office 365 and you’re not using multifactor authentication, especially on the administrative level logins, you’re in trouble. … You’ll be meeting Brian eventually.”
2) Logs
“Logs. Nobody has logs,” Brian protests. “… You don’t need to buy some fancy SIEM and all that. Anything that’ll collect some logs and I don’t even care if you look at it. But you have it, right? It’s better than not being able to tell at all.”
“Use Graylog or Kiwi, right (assuming money is very limited)?” John interjects. “I mean, anything. Give me something.”
3) Geoblocking
“So many intrusions could be prevented by simply enabling those little bits of rules in your firewall that say, ‘Hey, I don’t need data from China or Russia; I do no business in South America. So I just don’t need to accept packets from there, inbound or outbound,” describes Brian. “That prevents just a whole lot of things from being successful on peoples’ networks.”
“[Geoblocking] just reduces the attack surface by so much—and it’s just the freest, easiest thing you could possibly do,” Brian concludes.
If your business doesn’t already have a relationship with a data forensics provider, you need to listen to this podcast to understand why you should do that now, before you need one!
To hear the complete podcast episode featuring Brian Dykstra, plus many more on trending information security topics, you can subscribe to The Virtual CISO Podcast here.
If you don’t use Apple Podcasts, you’ll find all our episodes here.