10 Cybersecurity Metrics You Should Be Monitoring

Although managers have been following KPIs for quite some time now, in information security, this is an uncommon and still developing practice to track cyber security metrics.

So, here are some suggestions for cybersecurity metrics that can and should be tracked to ensure the efficiency of your security projects. 

 

Mean Time To Identify (MTTI) and Mean Time To Contain (MTTC) for US companies indicates that the Detect and Respond Phases are suffering.

Poor performance in MTTI and MTTC is a huge contributor to breach costs. These should be two important KPIs when measuring information security. It’s also a good KPI for CISOs to measure and show their Board for long-term improvement. Everyone on the security team should be aware of improving these.

 

Knowing the number of vulnerable assets in your environment is a key cybersecurity metric to determining the risk that your business incurs. Managing updates and patches is a complex process, but very important to avoid loopholes that can be exploited in your environment. A vulnerability scan that includes all the assets will indicate what needs to be done to improve the security posture of your company. A vulnerability management program is not a nicety, but a necessity.

 

An SSL certificate is a small file that certifies the ownership of a cryptographic key to the website or company with which data is being exchanged, guaranteeing the authenticity of the transaction. Monitoring the security requirements for each certificate, as well as ensuring that they are properly configured on servers, prevents them from falling into the wrong hands and that your company’s digital identity is not used to steal user information.

 

If your employees have unrestricted access to the internet through the corporate network, monitoring the volume of traffic allows you to identify misuse of company resources. When downloading software, videos, movies and applications a user can leave the door open for botnets and malware to invade their environments, even more, if the downloads are from websites known to be dangerous.

 

Best practices in information security management include full control of users’ level of access to company resources, it is necessary for an employee to only access data, systems, and assets that are necessary to their work. Identifying the access levels of all network users allows you to adjust them as needed by blocking any super user or administrator that does not make sense.

By monitoring these cybersecurity metrics, you can define whether the Human Resources and IT teams are working in tune. In an ideal scenario, the access of users terminated from the company should be canceled immediately. Keeping them active is a tremendous risk, as it leaks sensitive information and can lead to compromised devices.

 

As a general rule, avoid allowing inbound traffic for NetBIOS (UDP 137 and 138, TCP 135-139 and 445). Be observant of outbound SSL (TCP 443): a session that stays active for a long time could be an SSL VPN tunnel that allows bi-directional traffic. Any common ports for protocols that allow remote sessions, like TCP 22 (SSH), TCP 23 (telnet), TCP 3389 (RDP), and TCP 20 and 21 (FTP) should be monitored for a length of time.

 

Often, IT managers grant access to third parties in their networks to complete a project or activity. It is important to monitor whether the access is canceled at the end of service provisioning. Failure to do so endangers your environment if the third party decides to come back and extract data or carry out other malicious activity – for instance, they may come under the employ of a competitor. Possibly worse, if the 3^rd party’s network is breached, you could expose your network to the same threat.

 

Creating a mapping of critical systems for the company and knowing the users that access them are imperative in the security context. Monitoring attempts to access servers or applications that should not be targeted by unauthorized users may indicate misconduct and intentions to compromise your environment.

You must maintain strict control and monitor the cybersecurity metrics of the companies that provide services for your business. Giving access to your environments to this outsourced company can be a huge risk if it does not have effective policies for its safety in the first place. It is not too much to say that if your company invests in security but has third parties connected to your systems that do not, you have no security at all.

 

Don't gamble with your organization's security. Expose your vulnerabilities before attackers do. Learn how Cipher's Attack Surface Report (CASR) takes your security to the next level.

Get your complimentary CASR Assessment today.