Skip to main content
Home
Search
  • Global
  • Employees
  • News
  • Investors
  • Contact
  • Company
    • Our Business

      We embrace and solve some of the world's toughest challenges.

      • Civil
      • Defense
      • Health
      • Intelligence
      • Leidos Innovations Center (LInC)
      50th anniversary book

      Now available for download, "A Kaleidoscope of Innovation: The Story of Leidos" is an enhanced eBook optimized for iBooks.

      Download the Book

    • Mission, Vision and Values

      Everything we do is built on a commitment to do the right thing for our customers, our people, and our community.

      • Mission
      • Vision
      • Values
      opioid epidemic

      Let’s come together and talk about the changes that are needed

      The Opioid Epidemic: A Call to Action

    • Leadership

      Meet the executive team responsible for leading our 33,000 forward-thinking employees toward shared success.

      • Roger Krone
      • James Reagan
      • Paul Engola
      • Roy Stevens
      • Steve Hull
      • Jerry Howe
      • Michele Brown
      • Jim Carlini
      • James Cantor
      • Kamal Dua
      • Jim Moos
      • Gerry Fasano
      • Vicki Schmanske
      • Jonathan Scholl
      • Board of Directors
      Roger Krone

      Meeting the challenges of an uncertain world

      An interview with CEO Roger Krone

    • History

      Leidos has a long history of innovative problem-solving and customer service, dating all the way back to 1969 when Dr. J. Robert Beyster founded his "crazy little company".

      • Explore our History
      • Dr. J. Robert Beyster
      • A Kaleidoscope of Innovation: The Story of Leidos
      J. Robert Beyster

      Almost 50 years ago, visionary scientist J. Robert Beyster, Ph.D. founded the company that evolved into Leidos.

      Read More

    • Responsibility & Sustainability

      We're equally committed to using our time and resources to support people, enrich communities, and protect the environment.

      • CEO Message
      • Executive Summary
      • Community
      • Environment
      • People
      • Political Activities
      • Suppliers and Small Business Relationships
      • About our Reporting
      • GRI™ Standards
      Leidos CEO Roger Krone

      Roger Krone Honored with CR Magazine 2017 Responsible CEO of the Year Award

      Read More

    • Ethics & Compliance

      We have a strong history of performance that rests on our foundation of integrity.

      • File a Report
      • History of Ethics
      • Ethics Program Structure
      • Code of Conduct
      • Privacy Statement
      Leidos employees

      We take every report seriously and have zero tolerance for retaliation of any kind against individuals who, in good faith, raise questions or report concerns.

      File a Report

    • Rankings & Awards

      Our innovative approach and the services and solutions we deliver frequently earn Leidos recognition from our industry and the media.

      • Enterprise Awards
      • Defense Awards
      • Civil Awards
      • Health Awards
      Awards

      A frequent honoree on the corporate awards circuit, Leidos is proud of its many industry-specific and corporate-level achievements.

      Read More

    • Partners

      The Leidos Alliance Partner Network emphasizes connections through partnership and collaboration that drive innovation, advance technology and build efficiency.

      • Corporate Strategic Partners
      • Technology Integration Partners
      • Emerging Technology Partners
      data center image

      Leidos Achieves Amazon Web Services Premier Consulting Partner Status

      See Article

    • Subsidiaries

      Our wholly-owned and majority-owned subsidiaries attract and retain top talent motivated to deliver results for clients.

      • Aranea Solutions, Inc.
      • Leidos Biomedical Research, Inc.
      • Leidos Digital Solutions
      • BEONTRA
      • QTC
      • Leidos Engineering, LLC
      • Systems Made Simple
      • Varec, Inc.
    • Contract Vehicles

      Whether you’re a potential government customer or a prospective supplier, through this listing you can find our technical and professional services under pre-negotiated terms and conditions.

      • Governmentwide MACs & IDIQs
      • GSA Schedules
      • Agency Specific IDIQs
      • International
    • Global

      With more than 400 locations in 30 countries, we continue to expand our presence and strengthen our international relationships.

      • United Kingdom & Europe
      • Australia
      • Israel
      • Middle East
      • Canada
      South Sudan

      Transporting supplies across 3 continents to help set up a field hospital in South Sudan

      Read Case Study

  • Markets
    • Aviation

      Bringing efficiency and modernization to the global civil aviation market.

      • Air Traffic Management
      • ANSP Professional Services
      • Intelligent Approach
      • Scenario Planning & Forecasting
      • Airport Operational Systems
      • Passenger Flow Measurement
      • Baggage Inspection Systems
      • FODD & Fuels Management
      • Cargo & Vehicle Inspection Systems
      • Flight Management & Briefing
      NASA depiction of commercial drone traffic

      The urban air mobility (UAM) market is projected to grow to nearly $8 billion over the next decade.

      How UAM Will Flourish

    • Defense

      Science for a safer world

      • Airborne
      • Autonomy & Autonomous Solutions
      • Command & Control
      • Cyber
      • Digital Modernization
      • Operations & Logistics
      • Training
      Cyber bullets

      'Cyber bullets' were once a spy tool but may soon scan Wi-Fi networks for the Army

      Read Article

    • Energy

      Trusted expertise for energy projects and programs

      • Site Management & Operations
      • Power Delivery
      • Integrated Energy Management
      • Project Finance & Development
      • Digital Utilities
      • Manufacturing Systems
      Oklahoma City University

      Our tailored steam optimization strategy helped Oklahoma City University achieve significant energy improvements and cost savings.

      Read The Case Study

    • Government

      Collaborating with government agencies to help citizens thrive

      • Cybersecurity
      • Digital Modernization
      • Health IT
      • Forms Processing
      • Operations & Logistics
      • Mission Software Systems
      FBI center in Clarksburg, West Virginia

      Leidos continues to win big with its West Virginia-centric strategy

      Learn About Our Work in the Mountain State

    • Healthcare

      Building a healthy connection between technology and people

      • Hospital Systems
      • Federal Health
      • Military Health
      • Veteran Health
      transforming healthcare

      4 steps to drive change and improve care

      Read White Paper

    • Homeland

      Integrating, applying, and advancing IT to tackle the ever-advancing challenges of protecting our borders.

      • Biometrics
      • Mission Cyber and Network Defense
      • Integrated Systems
      • Digital Modernization
      • Data Analytics
      • Intelligence & Linguistic Services
      • CBRN Defense
      • Human Capital Services
      • Complex Logistics
      Boston Marathon runners

      A trio of environmental experts worked with the EPA to keep the Boston Marathon safe.

      Learn About Their Contribution

    • Intelligence

      Rapidly transforming vast and varied data into actionable intelligence

      • Intelligence Community Engineering
      • Collection, Analysis & Reporting
      • Operational Support & Training
      GEOAxIS

      NGA partners with Leidos to manage GEOAxIS program, providing end-to-end support.

      Read Case Study

    • Science

      Groundbreaking scientific research and environmental management best practices that make headways in the defense, civilian and health markets

      • Life Sciences
      • Autonomous Systems
      • Airborne & Ground ISR
      • Command and Control
      • Electronic Warfare
      • Environmental Science
      • Modeling, Simulation & Training
      • Sensors
      • Specialty Sciences
      Genomic Data Commons Project Team

      Leidos Biomedical Research staff are helping to advance Genomic Data Commons capabilities for cancer research.

      Read Their Research

    • Space

      IT, engineering, and science expertise to execute on the most critical of exploration missions

      • NASA
      • Defense
      • Commercial
      Hue Nguyen

      The New York Times recently profiled a Leidos employee who creates custom-tailored clothing for astronauts.

      Meet Hue Nguyen

    • Surface Transportation

      Engineering and research in support of next generation transportation

      • Connected & Automated Vehicles
      • Human Factors Research
      • Analysis, Modeling & Simulation
      • Transportation Safety
      • Operations
      • Asset Management
      • Accelerated & e-Construction
      • Freight
      • Research Facility Management
      Connected vehicles

      Connected Vehicle Systems: The Next Generation

      Read Article

  • Competencies
    • Cyber

      Comprehensive support for your cybersecurity journey

      • Security Operations Center
      • Insider Threat
      • Cyber Analytics
      • Information Assurance
      • Risk Management Framework
      • Accredited Testing & Evaluation
      cyber warfare

      Deep in the trenches of cyber warfare, the American government and top cybersecurity contractors defend the world’s most heavily attacked networks.

      Learn How We Help Secure Assets

    • Data Science & Engineering

      Extensive quantitative analytics and visualization methods to exploit data and discover creative benefits with actionable decisions

      • Data Analytics
      • Data Engineering
      • Data Visualization
      • Predictive Analytics
      • Data Mining and Analysis
      • AI and Machine Learning
      • Behavior Modeling
      • Healthcare Analytics
      Q & AI Conversation About AI & Machine Learning

      How does AI improve combat readiness?

      Explore AI Technology

    • Digital Modernization

      Secure, user-centric Information Technology that helps transform your organization's ideas into action

      • User Engagement
      • Digital Workplace
      • Mobility
      • Cloud
      • Application Modernization
      • Data Center Modernization
      • SecDevOps
      • Network Modernization
      Modernize your mission

      Secure, user-centric IT that helps transform your organization's ideas in to action

      Modernize Your Mission

    • Integrated Systems

      Combining hardware and software with diverse initial applications to address the key mission challenges in an array of markets.

      • Autonomous and Unmanned Systems
      • Reveal Baggage Inspection Systems
      • SE Core
      • VACIS
      • TRAPS
      vehicle scanning machine in use

      Preparations for Super Bowl LIII required the inspection of 200 commercial vehicles daily.

      Watch How The Big Game Gets Secured

    • Mission Software Systems

      Our mission software systems are designed to manage complexity in environments that require precision, speed, and scale in equal measure.

      • LEAF
      • careC2
      • OneSAF
      • Data Analytics
      • Command and Control
      Command and control

      Learn how expertise in Mission Systems development and LEAF enabled Leidos to build an upgraded and enhanced C2 system on a budget.

      Read the Article

    • Mission Support

      We have developed a robust understanding of our government customers and the ability to provide innovative solutions to their most demanding challenges.

      • Approach to Mission Support
    • Operations & Logistics

      We provide cost-effective tools combined with experienced thought leadership and enhanced processes to meet global, mission-critical customer needs through product support, transportation and distribution, and logistics enablers.

      • Antarctic Support Contract
      • ISS Cargo Mission Contract
      • Logistic Commodities & Services Transformation Programme
      • Strategic National Stockpile
      • Defense Logistics Support
      stock photo of military command and control center

      Supply chain management that uses data analytics and open architecture solutions.

      Learn About Our Approach

    • Secure Development & Operations

      With rapid changes in technology and tools, software development is a central success factor in any large transformation program.

      • Secure Development Overview
      software development

      The Leidos Enterprise Application Framework (LEAF) facilitates rapid development and provides a foundation for prototyping solutions.

      Read More

    • Sensors, Collection & Phenomenology

      Developing and implementing multiple sensor modalities and integrating collection systems to meet demanding requirements across multiple operational domains.

      • Autonomy and Autonomous Solutions
      • Biometrics
      • Sensors
      • Advanced Computing
      • Computational Fluid Dynamics
      • Command and Control
      • Tactical Data Links
      3D Modeling of Crozet Tunnel

      We used 3D modeling to explore an abandoned railroad tunnel all in the name of science.

      Read Our Research

    • Systems Engineering & Integration

      Our approach is designed to ensure mission success and is the foundational DNA of every technical project we execute.

      • Approach to Systems Engineering
      Systems engineering team

      Building the future with Systems Engineering and Integration

      Read Article

    • Technology Certifications

      Technology certifications with world-class providers

  • Insights
    • Insights

      Expertise, industry leadership, unique perspectives, and more -- directly from our employees and stakeholders.

      • Latest Insights
      • Press Releases
      • 50th Anniversary
      • Heroes of Leidos
      • Our Experts
      • Careers & Culture
      • Community
      • Articles
      • Case Studies
      • Infographics
      • Q&As
      Valerie Baldwin

      We recently interviewed Valerie Baldwin, our new Senior Vice President of Government Affairs.

      Read What She Had To Say

  • Careers
    • Latest Opportunities

      Keep up to date on the latest career opportunities at Leidos.

      • Military Veteran Program
      • External Referral Program
      • Intern & New Graduate Jobs
      • Careers with Leidos in the United Kingdom
      • Careers with Leidos in Australia
      Leidos careers

      Your most important work is still ahead. Explore opportunities at Leidos.

      View our Latest Opportunities

    • Life at Leidos

      A career at Leidos offers meaningful and engaging work, a collaborative culture, support for your career goals, while nurturing a healthy work-life balance.

      • Our Values
      • Our Culture
      • Build a Career
      • Diversity at Leidos
      Leidos Careers

      Your most important work is still ahead. Explore opportunities at Leidos.

      View our Latest Opportunities

    • Pay & Benefits

      Pay and benefits are fundamental to any career decision, which is why our compensation packages reflect the importance of the work we do for our customers.

      • Compensation
      • Health & Wellness
      • Income Protection
      • Leave
      • Retirement
      • Family Benefits
      Careers at Leidos

      Your most important work is still ahead. Explore opportunities at Leidos.

      View our Latest Opportunities

    • Frequently Asked Questions

      Find answers to the most commonly asked questions related to securing a role at Leidos.

      • Searching for a Role
      • Applying for a Job
      • Determining Application Status
      • System Access
      • Job Eligibility Requirements
      • Receiving Job Notifications
      • Our Talent Community
      • Career Insights
      Careers at Leidos

      Your most important work is still ahead. Explore opportunities at Leidos.

      View our Latest Opportunities

  • Search
  • Company
  • Markets
  • Competencies
  • Insights
  • Careers
Back to top

Breadcrumb

  1. Home
  2. Insights

How cyber hygiene can protect against cyberattacks

cybersecurity screens concept

If you're worried about cyberattacks, you're not alone. As our technology use becomes increasingly pervasive, the number and severity of attacks continues to grow. Thankfully, a well-planned strategy can help to mitigate the problem, and it all starts with basic cybersecurity hygiene.

Chief information security officers (CISOs) understand the growing threat, which makes headlines on a daily basis. The last 12 months alone saw one of the largest attacks on infrastructure in the internet's history, as a botnet created from misconfigured internet devices flooded DNS service provider Dyn with traffic, bringing many of the web's biggest sites to their knees.

Conventional malware also continues to evolve, with the most threatening development in recent memory – ransomware – exploiting users by scrambling their data and demanding payment to decrypt it. Its ability to harm individual citizens as well as large government agencies or commercial firms alike has proven especially insidious. 

These developments carry severe real-world implications. In the U.S., several hospitals have been affected by ransomware, causing some to shut down desktop computers. Hollywood Presbyterian Medical Center also saw its electronic medical records disrupted by ransomware, forcing it to retreat to pen and paper and pay $17,000 to retrieve its data. Almost a third of the U.K.'s National Health Service (NHS) trusts have been hit, according to data obtained from the government.

National Health Service (NHS) building
Almost a third of the U.K.'s National Health Service (NHS) trusts have been hit by cyberattacks.

Fifteen years ago, few would have predicted just how rampant these attacks would become. The onslaught of online threats stems largely from a multiplication of malicious actors. There are not only more attack vectors to exploit, but more people and organizations willing to exploit them. 

Hacktivist groups, such as Anonymous, attack organizations for political and ideological reasons, embarrassing them by stealing their data and defacing their websites.

State actors employing increasingly sophisticated groups can wage long-term attacks against large companies and lurk for months inside their networks.

Then, there are commercial criminals, motivated by profit, targeting individuals and institutions to blackmail them, steal and sell their customer data or simply fool executives into transferring large amounts of money.

Companies facing cybersecurity challenges can be overwhelmed by the volume of products purporting to solve the problem. All too often, companies look for one solution that can be the single solution. This can lead to technology blindness as CISOs try to navigate endless choices.

Instead of relying on a single solution, the best approach is to put multiple layers of security in place for stronger protection. As a result, CISOs can utilize the best technology in each area of network protection to achieve better resiliency from attack. This defense-in-depth approach is crucial for effective cybersecurity, and it must be driven by a core practice: cyber hygiene.

The Benefits of Cyber Hygiene

Cyber hygiene involves basic cybersecurity practices that are typically inexpensive, but frequently overlooked. Too often, organizations focus on those attackers that receive so much of the media and vendor attention, the so-called advanced persistent threats or “APTs.”  While these are certainly real and present concerns, protecting only against an APT is akin to putting a very strong lock on a door while leaving all your windows open. A handful of hygiene measures can stop up to 95 percent of targeted cyber intrusions. Unfortunately, many organizations – including federal agencies – often ignore them. To help combat this, organizations such as the UK National Cyber Security Centre (NCSC) and Australian Signals Directorate (ASD) publish their own recommendations on what cyber hygiene means.

Basic cyber hygiene measures are broken into those that provide protection from attack and those that prevent the impact of an attack if the first controls are bypassed. Some examples include:

  • Protection
    • Patching applications and operating systems quickly. Attackers will utilize known vulnerabilities to attempt attacks long before they utilize a "zero day" or unknown system vulnerability to achieve access. This also includes ensuring that all your anti-malware tools are updated on a regular basis.
    • Harden user application usage. This includes limiting or closely monitoring the usage of applications such as Flash and Java, which have long been targets for cyberattack.
    • Enforcing good password discipline. There are a number of different concepts today for what good discipline means. The UK’s NCSC has taken a position opposite to common convention by encouraging system administrators to not require time-based password resets. Instead, passwords should only be changed when an account is suspected to be compromised.

"Protecting only against an APT is akin to putting a very strong lock on a door while leaving all your windows open." -- Bill Brennan

  • Prevention
    • Configuring firewalls correctly ensures that a CISO knows what traffic can pass and that they can control everything which they do not wish to traverse their network.
    • Restricting administrator privileges only to specific accounts and only for specific purposes. This needs to be factored with usability in mind, as end-users need to be able to effectively perform their work requirements without requiring system administrator access.
    • Utilize multifactor authentication or even more advanced risk adaptive authentication technologies for all remote access connections to the network. Additionally, utilize this technology for other tasks such as system administration and any other application that would benefit from enhanced authentication capability. 
    • Regular review, analysis, and application of gained cyber intelligence from system or network logs allows a CISO to learn even from those attacks they are able to block.

Judiciously applied, multiple layers of technological measures can flesh out a defense-in-depth strategy, complementing these cybersecurity best practices. Consider the following as key weapons in your cybersecurity arsenal:

Security Incident and Event Management (SIEM) software. This identifies and logs suspicious activity on the network and is an important component in a security analytics strategy. Over time, this can help organizations identify threat trends and can also help them understand where best to spend their cybersecurity dollars. In selecting a SIEM solution, be sure to understand your requirements and ensure that you have trained staff who can operate the solution effectively. A SIEM is an extremely valuable tool when utilized the right way, otherwise it can quickly become cumbersome and overwhelming.

Bill Brennan
Bill Brennan is Senior Director of Cyber Business Enablement at Leidos.

Endpoint detection. By logging events on client computers in a central database, security teams can analyze them over time and flag suspicious behavior. This can help to spot not only infected computers, but also early signs of dangerous user behavior. This is becoming a key component in insider threat detection and is the front line in the protection from attacks such as ransomware. It is good practice to select an endpoint protection product that includes behavioral-based analysis of system behavior to detect those attacks for which are no currently-known indicators.

Backups.  While not always considered a key part of enterprise security, it becomes a strategic business continuity tool when the worst happens. A CISO should have the ability to re-establish enterprise systems from known good backups if the need should arise. In this area it becomes prudent to not only test the backups but also ensure that vigilant protection is provided to the networks and end points. A backup is no good if it is infected with the same attacks as current operations.

Encryption. Sensitive data should be encrypted, not just at rest but in transit across networks.

Advanced user identification. This technology uses a range of techniques to authenticate users, ranging from electronic signatures in two-factor authentication to biometric recognition. By using 'something you are' in addition to 'something you know' and 'something you have,' biometrics can dramatically raise the bar for attackers by making it far more difficult to gain unauthorized access to systems. Techniques for effective biometric identification have traditionally included voice recognition and fingerprint scanning, but techniques such as iris scans and vascular (vein) identification are also promising.

Justifying Cybersecurity Investments

CISOs deploying these technologies should underpin them with a concrete ROI strategy to justify their investment. They can accomplish this by mapping their technology investments against the cyber kill chain, which characterizes an attacker's journey from network reconnaissance through to fulfilment of their objectives.

Analyzing security events – and which product detected and blocked them at which point in the kill chain – helps CISOs to understand not only how each layer of their defense is contributing to their overall protection, but also how effectively the entire cybersecurity fabric is working. It is also a vital step in maintaining board-level support for cybersecurity activities. In advanced organizations, this analysis not only includes what happened but what could have happened had the first detection not worked. This analysis of events and synthesis of what could have happened had the detection not occurred is critical to organizations when it comes to gaining the most intelligence from each wave of attack.

Once a solid technology and process platform for cybersecurity is created, CISOs must then put it in context for senior management. Cyberattacks are just one risk facing today's companies, alongside physical security, protection from natural disasters and financial risk. To govern effectively, the board needs to understand cybersecurity as a contributing element to overall business resilience.

Aligning cybersecurity with business objectives requires a rare and valuable skill set on the CISO's part. Not only do they need the technical and process experience to build a solid defense-in-depth strategy for information systems, they also need the communication skills to articulate the economic and strategic importance of cybersecurity to the rest of the business.

If an effective cybersecurity program can be implemented, the rewards are great. While there is no such thing as 100 percent security, there are ways to armor-plate an organization and make intrusion prohibitively difficult for the lion's share of attackers. By doing the little things consistently, both in cost and user impact, a CISO can dramatically increase the security posture of an organization.

Author
Bill Brennan
Bill Brennan Senior Director, Global Information Security

In this role, he uses his 15 years of experience in cybersecurity to protect Leidos Corporation and support the cyber goals of clients around the world. When not on a plane, most of his time is spent coaching his son’s sports teams or enjoying a rare quiet moment on the back porch with his wife.

Share
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn
  • Share via Mail
  • Print Insight

Posted

March 8, 2017
Author
Bill Brennan

Tags

Cyber
Experts
Article

Sign up for our newsletters

Stay up to date on our expertise, industry leadership, unique perspectives, and more by subscribing to our newsletters.

  • Company
    • Our Business
    • Mission, Vision, and Values
    • Leadership
    • History
    • Responsibility & Sustainability
    • Ethics & Compliance
    • Rankings & Awards
    • Partners
    • Subsidiaries
    • Contract Vehicles
    • Global
  • Markets
    • Aviation
    • Defense
    • Energy
    • Government
    • Healthcare
    • Homeland
    • Intelligence
    • Science
    • Space
    • Surface Transportation
  • Competencies
    • Cyber
    • Data Science & Engineering
    • Digital Modernization
    • Integrated Systems
    • Mission Software Systems
    • Operations & Logistics
    • Sensors, Collection & Phenomenology
  • Insights
    • News
  • Careers
    • Life at Leidos
    • Pay & Benefits
    • FAQs

Want to know more?

Contact us about product information and pricing, customer feedback, stockholder services, or just to voice a concern.

Get started

  • © 2019 Leidos
  • Privacy Statement

Utility Footer Navigation

  • Products
  • Customers
  • Suppliers
  • Partners
  • Investors
  • Alumni
  • Employees
  • Twitter
  • Facebook
  • Instagram
  • Linkedin
  • YouTube