Document Everything and Audit Regularly

This rule is actually two rules in one.  Part of maximizing visibility and uncovering vulnerabilities is regular and consistent internal auditing. To most security professionals, an audit is a tedious, and painful process.  Unfortunately, too many businesses still fall short, making audits a necessary part of cybersecurity. For example, some attackers control victims’ machines for months or years before anyone notices due to insufficient logging processes.  The auditing process should include not only configuration reviews, but active testing to check for unmitigated, or new vulnerabilities.

Documentation, often heralded as one of the most arduous tasks of cybersecurity, is essential, both for current staff, and succession planning.  Too often, engineers are pressured to get a system up and running, leaving the documentation as an “after-action” event.  Unfortunately, this event never occurs, as the day-to-day work exceeds the time to accurately document each component of a complex system.  Change management also falls under this element. The more businesses record, the easier it is to track, and remediate suspicious activity, and implement new systems.

Plan for Failure

The final law of cybersecurity states that organizations should prepare for the worst. This is perhaps truer than ever, given how rapidly cybercrime is evolving. The risks of a zero-day exploit are too high for businesses to assume they’ll never become the victims of a breach. Fortunately, the doomsday mentality that was previously trumpeted as the “two types of organizations . . .” trope has been replaced with one of a resilience mindset.

All of this indicates that organizations must enact strong preventive measures, as well as detailed recovery plans. The average cost of a ransomware attack is seven times higher than the ransom itself, so prevention is better than a cure. Businesses must balance both to ensure they are as safe as possible.

Backups and emergency response plans must be a standard part of every company’s security practice. However, it’s important to ensure that these are, in fact, backup plans and that businesses don’t skimp on their perimeter defenses.

The 5 Laws of Cybersecurity Are Not a Conclusive List

One may wonder, why the need to restate and reconsider these five rules?  For one thing, the five laws of cybersecurity remain as relevant as ever. Also, it is important to recognize that cybersecurity is never a “check-the-box”, or static activity.  Organizations must continuously and carefully review and apply these practices.

Cybercrime is continuously evolving and the risks are too severe to overlook potential vulnerabilities.  These five guidelines are precisely that: guidelines. While they help to remind us about what a reliable security plan should include, organizations must remember, and implement the finer details to remain safe.

This article “Reexamining the ‘5 Laws of Cybersecurity’” by Dylan  Berger, first appeared on Tripwire The State of Security