Sep 30 2022

JNUC 2022: Tips and Tools for Building a Better Security Posture for Your Business

Speakers at Jamf Nation User Conference 2022 delivered insights to help IT and enterprise leaders improve their organizations’ cybersecurity.

Cybersecurity breaches don’t usually come in the form of a hacker repelling Mission: Impossible–style into a company’s server room, said Aaron Kiemele, CISO for Jamf Software, at Jamf Nation User Conference 2022. Instead, they come from subtle and manipulative actions on behalf of criminals looking for weak links in technology and human nature.

In a session titled “Security 101 for IT Administrators,” Kiemele spoke Tuesday on the ways IT professionals should be thinking about cybersecurity best practices for their organization.

Security was a popular topic at this year’s San Diego-based event, with Jamf CEO Dean Hager and product manager Michael Devins speaking at length on the topic in the opening keynote. Other speakers also hit on cybersecurity and the tools that keep organizations safe during the three-day conference. Stuart Ashenbrenner, a detections developer at Jamf, explored Apple safety features in a session titled “A Closer Look at macOS Built-In Security Tools.”

Click the banner to access tech coverage after the conference when you sign up as an Insider.

Here are three security takeaways from this year’s event:

Approach Business Security with an Intent to Mitigate Threats

“There’s no victory condition for security,” Kiemele said in his Security 101 session. “It’s not winnable; it’s a constant struggle against an evolving risk.”

Taking any step toward mitigating risk can have a great payoff for companies down the road. To determine the most pressing risk factors facing an organization, IT leaders should brainstorm with company leaders and other employees, Kiemele said. The goal is to strike a balance between mitigating the largest risks and ensuring smooth business continuity.

“Think about the cost of mitigation versus the value of the assets,” Kiemele suggested, adding that sometimes companies need to make small changes to give themselves time to invest in larger, longer-term security solutions.

One major way to mitigate risks in an organization is through reduced complexity.

“Anything that allows you to centralize your tech stack or security controls is a good thing,” Kiemele said. “Get to a spot where it’s easy to understand what is going on. Security is a mile wide and a mile deep.”

MORE FROM BIZTECH: Everything old is new again for hackers.

Security Relies on Tools, People and Processes for Maximum Efficacy

Phishing and social engineering are two of the most common ways cybercriminals can bypass organizations’ security features to install malware. “A single failure can impact dozens or hundreds of systems,” Kiemele said. “Something gets into your machine and replicates and moves through your network laterally through your user machines or servers.”

Training employees to recognize phishing and social engineering tactics is a great way to mitigate risk. They should understand the threat posed by cyberattacks and the ripple effect these breaches can have on an enterprise.

Aaron Kiemele Jamf CISO
Everyone needs to know a bit about security and privacy in the modern business environment.”

Aaron Kiemele CISO, Jamf Software

“Everyone needs to know a bit about security and privacy in the modern business environment. You don’t want to be known as that company that can’t be trusted with customers’ sensitive data,” Kiemele noted. “Loss of confidence leads to loss of business.”

Identity management tools, such as multifactor authentication and single sign-on, and endpoint protections, such as EDR, MDR and XDR, are also incredibly valuable ways to mitigate risk.

In some instances — with macOS, for example — security tools are built in to the operating system. Ashenbrenner spoke about a few of these built-in tools on Thursday with an up-close look at how they check, block and remediate potential threats.

  • Check: Gatekeeper is a built-in tool on macOS that works in tandem with File Quarantine to run when newly downloaded applications are first clicked. These tools stop a new application from opening until the user confirms that they want to open the app.
  • Block: Another macOS tool works to block users from accessing files or applications that may contain malware or otherwise damage their system. “If we try to access this file, and not run it, we will see that XProtect actually says, ‘This will damage your computer,’” Ashenbrenner demonstrated.
  • Remediate: The Malware Removal Tool is the macOS tool that works to remediate by looking at different file paths. “MRT runs silently, like when a user logs in or when the machine reboots,” he said.

Use Frameworks to Build Protection, Detection and Recovery Plans

Organizations can use existing frameworks to model their own cybersecurity measures. “The NIST cybersecurity framework is a core model used to describe best practices and standards for managing security risk. SOC 2 is a basic measurement of security maturity. ISO 27001 is a measure of your information security management system. Many of these frameworks can give you clues on how to proceed,” Kiemele said.

Using these frameworks as a baseline, IT administrators can consider how they will mitigate risk through enhanced protection, detection and recovery.

Protection identifies security tools and processes that prevent an attack. The built-in macOS tools, identity management solutions and cybersecurity training for staff are all methods of prevention.

LEARN MORE: How does zero trust protect data against the most serious security threats?

Detection, meanwhile, focuses on how long it takes an organization to notice an attack. “This is all about containing the impact, response planning, communication, forensic analysis; most importantly, perhaps learning lessons from detections and integrating that into your planning,” Kiemele said.

Recovery gets companies back to business following an attack. To improve recovery, IT admins should develop plans for resistance and workflows for restoring systems impacted in the event of an incident.

“It’s impossible to eliminate risk,” Kiemele said. “It’s impossible to stop 100 percent of incidents, but doing nothing isn’t viable either.”

SeventyFour/Getty Images

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT