Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Evolving Security in the Face of Cyber Attacks

Hacking and data breaches have become a painful reality for businesses of all sizes and from all industries. Attackers have perfected the art of finding the weak links in an organization, and exploiting them to infiltrate the organization and steal their most important assets.

Hacking and data breaches have become a painful reality for businesses of all sizes and from all industries. Attackers have perfected the art of finding the weak links in an organization, and exploiting them to infiltrate the organization and steal their most important assets.

Highly distributed organizations are often particularly susceptible to these attacks. Satellite offices, clinics, stores, and remote workers are all potentially security soft spots that an attacker can use to compromise the entire organization. And while there is no silver bullet, there are steps organizations can take to detect and prevent these threats and keep from becoming the next headline.

Getting Holistic on Security

No, this does not mean getting new age about security or having your network admins belt out a few kumbayas. However, it does mean that every part of an enterprise is critically related to the overall security of the organization as a whole. All of the pieces matter, and an infection in one part is likely to spread to the rest. A security strategy that builds a fortress of defenses around the corporate headquarters, while doing the bare minimum at remote offices directly plays directly into the hands of modern attackers.

Evolving Cyber ThreatsOf course companies can’t buy one of every security product in the world and deploy them in every location. The point isn’t to replicate the corporate fortress everywhere, but rather to establish a security context that is shared across all locations. For example, security teams need to be automatically notified if a remote office has signs of malware infection, and is also making unusual requests to a database at corporate. Context is the key, and this context needs to span the entire organization.

Focus on Your Assets

Information security has traditionally been an exercise in keeping the bad guys out. Trusted areas are separated from untrusted areas, and the boundary is monitored for malicious agents like exploits and malware. These are still good goals, but it is readily evident that this alone is not sufficient. As organizations become more decentralized, there is simply too much perimeter, the perimeter too porous, and too much overlap of trust and distrust to be perfect at prevention.

To address this, organizations need to begin focusing internally and build processes that put key assets at the center of the security strategy. This means gaining a thorough understanding of where the key assets of the organization actually reside. How are they segmented from the outside world? How are they segmented from employees? Is the network flat where any employee can access any asset? If an employee were infected with malware, how would the attacker spread in order to get to critical assets?

With this information in mind, security teams need the ability to then detect threats and anomalies inside the corporate network and be able to see those threats in the context of key assets. This may require rethinking the approach to security, but it is an essential evolution. Hackers don’t break into networks because they hate the perimeter. They break in to steal assets, and our security architectures need to reflect that.

Advertisement. Scroll to continue reading.

Get Behavioral

It may seem counterintuitive, but as hacks get more sophisticated, we often see fewer and fewer exploits or obvious malware. Once an individual user is compromised, the attacker will steal the victim’s credentials and continue the attack using the victim’s identity. This is particularly significant in the context of remote offices or distributed organizations. By the time an attacker migrates from a remote office to the central office, there very well may not be a smoking gun exploit to detect. The remote user is an unwitting zombie under the control of the attacker.

As a result, the focus must shift to recognizing a behavioral change on the part of the user or their device. Is the employee trying to access areas of the network that are unusual for that user? Are there signs the user is trying to login to new systems or requesting new services? Are there new applications or remote access behaviors that could indicate the presence of malware? These are just a few of many potential behavioral signals, but serve as an example of how security must adapt to how it sees malicious behavior.

These adaptations to security may seem foreign at first, but they are essential to aligning security practices with the realities of protecting an organization from modern cyber attacks. By establishing an enterprise-wide context focused on key assets and user behaviors, organizations can build a unified security framework that encompasses all locations and all of their assets.

Related Resource: Using Active Breach Detection Against Advanced Attackers

Related Resource: Utilizing User Behavior Analytics to Mitigate Insider Threats

Related Resource: Top 10 Database Threats

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...