Symantec reports that in 2018, 1 in 10 URLs analyzed were identified as being malicious, up from 1 in 16 in 2017. Overall web attacks on endpoints increased by 56 percent in 2018.
Perform a thorough and comprehensive risk assessment and ensure it includes a web app pen test exercise. Organizations should be looking to perform a vulnerability assessment quarterly and a pen test annually. The scope of the vulnerability Assessment should include assessing the firewall system/DMZ, wireless infrastructure, external and internal assets.
Organizations must be diligent with such exercises and ensure they are performed on a regular schedule. And, further, time and resources need to be prioritized to remediate findings immediately.
HITRUST CSF: Foundation for Cybersecurity & Compliance
Finally, the foundation for your cybersecurity program should be is based on a credible framework, such as the HITRUST CSF, or NIST CsF.
Date: June 03, 2019