Cybersecurity budgets are usually limited, so it is not possible to purchase multiple best-in-class cybersecurity solutions, but the good news is there are many free cybersecurity tools that can be adopted to improve security capabilities at zero cost.
There is no silver bullet when it comes to cybersecurity. Several cybersecurity solutions must be used to protect against intrusions and detect and block attacks in progress, which can make defending networks expensive. Surveys of companies suggest the percentage of the IT budget devoted to cybersecurity has remained fairly static in recent years, even though the threat of cyberattacks has increased. and pandemic-related financial pressure has not helped to get overall IT budgets increased. Fortunately, there are ways to improve cybersecurity without having to commit further funds to cybersecurity.
There are many free cybersecurity tools and services that are offered by government agencies and the private and public sectors that can be deployed to advance security capabilities. Last week, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) published a list of free cybersecurity tools and services that can be adopted to reduce cybersecurity risk. The list includes cybersecurity services provided by CISA, free tools and services from public and private sector organizations, and open-source cybersecurity tools that are free to use. CISA has also implemented a process to allow the cybersecurity community to suggest further tools for future inclusion on the list, which will be periodically updated by CISA.
The list of free cybersecurity tools includes products and services to reduce the likelihood of a cyberattack, tools to quickly detect potential intrusions, tools and services to help prepare organizations for an intrusion to allow rapid action to be taken to lessen harm, and solutions to improve resilience to destructive cyberattacks.
Don’t Forget the Cybersecurity Basics!
While these tools can help to improve cybersecurity, it is important to ensure that certain foundational cybersecurity measures are implemented. These measures alone will help to prevent unauthorized individuals from gaining access to networks.
They include implementing an effective patching program, which ensures known vulnerabilities in software and operating systems are patched promptly. The number of vulnerabilities now being reported means it is necessary to prioritize patching. CISA maintains a Catalog of Known Exploited Vulnerabilities that should be prioritized. CISA also recommends signing up for its Cyber Hygiene Vulnerability Scanning service, which performs weekly scans for known vulnerabilities and generates a weekly report for IT teams to allow them to take action to correct the flaws.
Stolen and brute-forced passwords are commonly used to gain access to networks and cloud services. Multi-factor authentication is an effective way of protecting accounts against these attacks. MFA should be implemented on all critical business systems. In the event of a password compromise, MFA can prevent stolen credentials from being used by unauthorized individuals to access accounts.
Bad cybersecurity practices can easily be exploited such as the continued use of outdated, unsupported software, poor password practices, and the use of products with hard-coded/unchangeable passwords. Plans should be made to replace outdated and insecure systems and strong passwords should be set for all accounts. To make this as easy as possible for employees, a password manager should be adopted. Password managers can be used to generate secure passwords that meet a company’s password complexity requirements without requiring employees to remember those passwords or write them down.
CISA also recommends getting your Stuff Off Search (S.O.S). Zero-day attacks are commonly reported in the media, but oftentimes, exposures are less complex. It is important to reduce internet attack surfaces that are visible to anyone on web-based search platforms.