Staying Protected Against Ongoing Uncertainty
At the close of 2021, security thought leaders across the industry, including myself, issued cybersecurity predictions for the year ahead. While it was nearly impossible to predict some of the recent global events, many forecasted that some of the challenges of the past few years would still be problematic. Over the past two years, threat actors used the ongoing pandemic as an opportunity to conduct more brazen attacks, leading to increasing attack volumes and more aggressive tactics for financial gain.
With nearly half of 2022 behind us, the world is experiencing increasing geopolitical and economic tensions, leaving people and nations around the globe on edge. This current global state of uncertainty provides threat actors with tremendous opportunities to inflict pain on the public and private sectors alike. It is “perfect storms” like this that provide cover for threat actors to operate under, from phishing links disguised as breaking news alerts to promises of reduced finance rates to the constant traffic bombardment of public networks. They can use this opportunity to capitalize on global uncertainty and cause significant harm to any organization with an online presence.
Staying Protected Amidst the Chaos
How can organizations keep customers and data protected with all this happening globally? While no one can predict the future, these key actions can help organizations stay as secure as possible:
- Patch, patch, patch. Wherever possible, especially for clients and for identified critical vulnerabilities on data center apps, use routine software and hardware updates to limit the number of points attackers can exploit.
- Reduce access to clients and critical resources using a least-privilege model. While it’s easier to provide full admin rights to every user and to have one login for all roles in the data center, this approach opens up an organization to not only credential theft incidents but also burdens each user with the task of ensuring that every browsing and file activity is legitimate, including those that happen beneath the UI (where actors often execute threats).
- At a minimum, ensure that monitoring protocols are in place on every network segment as well as verbose logging on application and data access. As the saying goes, “You cannot prevent what you cannot see.”
- Lean on security vendors and leverage existing investments to their fullest. Many organizations don’t recognize all the capabilities included in their security kits. Do you have subscriptions to unused services and capabilities? Are you leveraging the feeds and automated updates effectively? Chances are, you can get even more out of your current kit than is currently being realized.
- Routinely check process and policy docs and set an audit schedule for them. While disaster recovery is never a joy, knowing exactly which team owns what element and the order in which to follow procedures if an attack were to occur is prudent planning. Just like spring cleaning, process implementation isn’t an exercise that can be done once, checked off the list and shoved in the back of the closet. Dust it off and ensure it is kept up-to-date. New applications, providers, services and/or programs may have had a significant impact on the workflow since the last review and it’s important to discover this before an incident demands the execution of a disaster recovery or incident plan.
There are No Shortcuts
Make no mistake, these suggestions are far easier said than done in the current environment. If there were an easy button, the number of incidents that occur and news headlines would be far less numerous.
Threat actors are generally pragmatic, and the majority will typically not spend an excessive amount of time on any organization looking for a lucrative outcome when so many other juicy targets exist. While this would not stop an attacker who is more persistent or who is after something specific within a target, it functions as an effective deterrent for other less tenacious adversaries.
It’s No Longer an Industry Problem
It’s true that the threat landscape has always been busy. But it seems that now there is no idle time for automated threat technologies. Since the start of the year, major threat research teams have seen a sharp increase in campaigns and threat activities that demonstrate a new focus and concentration on rapid threat campaign release and variant iterations.
Additionally, data protection is extending outside enterprise organizations and into the hands of the public. Recommendations from government agencies, like the CISA, share tips with consumers on data security and privacy. Organizations can implement these common-sense recommendations to keep their employees, customers and data protected from threats. The recommendations echo the tenants of zero-trust: Trust no one, verify everything, reduce privileged access to the least entitled level without impairing an individual’s role, encrypt everywhere, etc.
With the basics of cybersecurity at the forefront of discussion and the full support of the White House and CISA behind it, security professionals can help equip those not dealing with the threat landscape day in and day out to help reduce their opportunity for risk. There’s no way to eliminate it, but taking action gives consumers and organizations a fighting chance. Everyone has to start somewhere.
