TTI | Network Security Insights

Getting Ready for a Cybersecurity Audit? Here’s How You Can Prepare.

Written by Tony Pugielli | Apr 10, 2018 8:00:00 AM

A third-party audit is a great way to improve network security, but enterprise IT teams must recognize that they have a part to play in the process.

At Turn-key Technologies (TTI), we speak to hundreds of IT professionals each year, many of whom tell us the same thing: enterprise cybersecurity is getting harder. Thanks to an IoT- and BYOD-driven explosion of network endpoints, the average American enterprise now receives tens of thousands of cybersecurity alerts every day.

Understandably, this flood of alerts — some of them legitimate, most of them false alarms — has led many enterprise IT teams to adopt less-than-optimal cybersecurity practices. In fact, research suggests that as many as a third of enterprise network security professionals frequently ignore alerts from their cybersecurity systems, often because they’re simply too overwhelmed to manually attend to each and every one.

In an attempt to alleviate some of the pressure placed on their in-house IT teams, many enterprises have opted to partner with a network security expert like TTI to improve their cybersecurity posture. According to antivirus software giant McAfee, over 60% of enterprises currently outsource at least some of their critical cybersecurity operations, a figure the company expects to rise as the current cybersecurity skills shortage only gets worse.

More often than not, these kinds of cybersecurity partnerships begin with a network security audit, a process that helps the outside expert get the lay of land. To help these auditors understand exactly what protocols and infrastructure they’re working with and implement the best possible security measures, there are a number of preparatory steps enterprises can take to ensure that the audit goes smoothly.

Count Your Network Connections

As the old adage goes, “You can’t manage what you can’t measure.” Nowhere is this truer than in enterprise cybersecurity, as it’s impossible to secure a network without any understanding of all the devices connected to it.

Keeping a running list of every device on an enterprise network has become increasingly difficult in recent years, as such tallies must now include not only “traditional” connections like desktops and laptops, but mobile and/or IoT connections like cell phones, printers, and even security cameras. That said, from an auditor’s perspective, even a rough estimate of the number (and type) of connections in play can be a helpful starting point.

Figure Out What’s Running on Your Network

Once an enterprise knows what devices are connected to its network, it needs to dig deeper into how that connectivity is being used. Software and firmware have become as varied as the devices on which they run, and different applications expose enterprises to different kinds of risk. For instance, most IoT devices run simplified operating systems like TinyOS, Nano-RK, or Mantis that are harder to secure than a traditional Windows or Mac OS configuration, and a mere 37% of enterprises currently have well-established IoT security protocols in place.

Evaluate Device Configurations

Robust cybersecurity isn’t only determined by the specific hardware, software, and firmware connected to an enterprise’s network. Each of these systems’ configurations matter, too.

A typical operating system offers enterprise IT professionals a wealth of settings with which they can fine-tune their network security, from password length and complexity requirements, to port availability, to tightly controlled login intervals. What’s more, as Network Computing points out, “There are tons of additional security feature sets available with WiFi devices, including QoS control options…port filtering, IP packet filtering, URL keyword filtering, MAC address filtering, and integrated firewall support.”

Address the Human Factor

Finally, no matter how precisely an enterprise configures its hardware and software, the effectiveness of its cybersecurity posture ultimately depends on its employees’ behavior. Providing extensive cybersecurity training is important, but abiding by the principle of least privilege (PoLP) can function as an excellent failsafe for when employees inevitably make a mistake.

PoLP dictates that each individual employee — or even each individual device — is granted the lowest level of system privileges they need to execute their duties properly. This not only prevents lower-level employees from accessing company data to which they shouldn’t be privy; it also decreases the odds that any given hijacked device will provide a cybercriminal with the credentials they need to wreak maximum damage (as only legitimate administrators will have admin-level access to company systems).