How to Build Cybersecurity Resilience

Cybersecurity has been changing rapidly over the past couple of years, due in no small part to the COVID-19 pandemic. In response, organizations have digitized at an unprecedented rate and, in the process, created new opportunities for cybersecurity shortfalls. Here are four trends that, in addition to the anticipated rise in ransomware, should affect how you practice cybersecurity and how you build resilience in your organization.

Work From Home, Remote Access and an Expanded Attack Surface

Around 62% of employees between the ages of 22 and 65 said they work remotely at least occasionally, according to research by Owl Labs. It’s evident that remote work and remote access are here to stay. Now is the time to ask yourself whether you are adjusting your security strategy to match these workforce trends. 

DevOps Connect:DevSecOps @ RSAC 2022

For example, have you enabled multifactor authentication (MFA) for your employee virtual private network (VPN) accounts? And are you up-to-date on patch levels for your VPN servers? In many IT shops, new VPN servers were deployed quickly to adapt to work-from-anywhere priorities. What is their status today? Are you pushing out updates and patches to your VPN client software?

Also, ensure that you have a strong set of security policies for remote workers, including encrypted home Wi-Fi, no personal activities on work devices and no rogue software. Only corporate-owned endpoints that are centrally controlled, monitored and managed, including remote threat detection and endpoint protection, should be used to access VPNs and the cloud and to perform work, including storing data. 

Software-as-a-Service (SaaS) and Data Security in the Cloud Are Your Responsibility

The remote workforce has become increasingly reliant on SaaS applications, many of which were adopted in the rapid digitization phase of the past two years. Whether it be Microsoft 365, Salesforce, Jira, Slack or Zoom, employees are accessing company and customer data through myriad different sources. Cloud adoption, including SaaS, is so mainstream that almost 95% of businesses use cloud services today. 

Your SaaS provider is not responsible for configuring your cloud resources or protecting your data stored in the cloud. Start by understanding the shared risk security model that each SaaS provider operates under. Then take a good hard look at all SaaS resources to ensure that you’re not introducing security risks through human error and misconfiguration. 

You should be applying the same cybersecurity controls, compliance and threat detection to cloud infrastructure that your organization uses for on-premises resources. Likewise, cloud data and assets should have 24/7/365 monitoring and threat detection like your on-premises assets. For end users, require MFA and complex passwords. Taking an end-to-end approach to cloud and on-premises security is critical to avoiding blind spots that leave vulnerabilities open to cybercriminals.

Compliance no Longer Guarantees Security

Just because your organization is PCI DSS, GDPR, CCPA or HIPAA compliant doesn’t mean you’re safe from cyberattacks or data breaches. To put things into perspective, the number of data breaches in the first quarter of 2022 rose 14% year-over-year, according to The Identity Theft Resource Center (ITRC)—and 2021 was a record-breaker; up 68%. Almost all those organizations could likely claim that they met some minimum level of compliance. The ITRC reported that although data breaches are up, the number of people affected is down because cybercriminals are moving away from mega heists in favor of targeting smaller enterprises.

IT security teams must realize that the cybersecurity threat landscape is evolving more rapidly than compliance requirements are being updated. Adhering to privacy and security regulatory requirements is a baseline for protection, but not comprehensive for true cybersecurity. Focusing only on compliance can result in a “tick the boxes” mentality. 

Artificial Intelligence and Machine Learning Are Changing the Nature of Cybersecurity

The days when signature-based antivirus (AV) software alone could protect against cyberattacks are long gone. More than 17 million new malware instances are detected every month, according to AV-Test Institute. To keep pace, companies, as well as cybersecurity vendors, are increasingly turning to artificial intelligence (AI) and machine learning (ML) to enhance malware detection, leaving incident response to cybersecurity professionals. 

AI and trained ML models can recognize the patterns that signal malware and unusual activities better than traditional security software or humans. ML can build better profiles for User and Event Behavior Analytics (UEBA) and monitor users and infrastructure to detect anomalies. Likewise, ML modules deployed in security information and event management systems (SIEMs) can screen log data and network events to identify patterns, detect anomalies and improve security analysts’ efficiency and effectiveness. 

Given the chronic shortage of cybersecurity skills, it’s worth noting that although AI and ML can streamline detection and enhance accuracy, they do not replace the human analysts and security operations center (SOC) experts who respond with remedial actions. For some organizations, outsourcing SOC operations becomes a viable alternative to recruiting seasoned experts in today’s talent marketplace.

Putting cybersecurity first by taking a risk-based approach requires a continuous-improvement mindset focused on protecting assets and identifying new threats as they arise. As the cyberthreat landscape evolves, it’s imperative that your cybersecurity defenses develop along with it. Stay ahead of the curve by augmenting your old strategy with some new solutions and face security challenges with confidence. 

Featured eBook
Managing the AppSec Toolstack

Managing the AppSec Toolstack

The best cybersecurity defense is always applied in layers—if one line of defense fails, the next should be able to thwart an attack, and so on. Now that DevOps teams are taking  more responsibility for application security by embracing DevSecOps processes, that same philosophy applies to security controls. The challenge many organizations are facing now ... Read More
Security Boulevard

A.N. Ananth

A.N. Ananth is president of Netsurion, a managed security service provider and co-creator of its threat protection platform, EventTracker. With an extensive background in product development and operations for telecom network management, he has consulted for many companies on their compliance strategy, audit policy and automated reporting processes. Ananth is a leading expert in IT security and compliance with over 25 years of experience in IT control and operations and speaks frequently on these topics.

a-n-ananth has 2 posts and counting.See all posts by a-n-ananth