Security Experts:

Cyber Resilience: Doing More with Less

The COVID-19 Health Crisis is Forcing Enterprise Security Teams to Deliver More With Less

It’s definitely not business as usual. Threat actors are taking full advantage of these uncertain times by launching a wave of new cyber-attacks, leveraging tactics such as phishing, ransomware, and credential stuffing. Ransomware attacks alone skyrocketed 148% in the past month, according to VMware Carbon Black threat researchers. At the same time, many organizations are being forced to downsize staff and delay planned IT security projects. Now more than ever, it’s important to focus on defense strategies that assure the biggest bang for the buck. So where should organizations focus to improve resilience while stretching their budget further.

According to ESG research, 62% of organizations were poised to increase spending on cyber security in 2020.  In fact, 32% of survey respondents said they would invest in cyber security technologies using AI/ML for threat detection, followed by data security (31%), network security (30%), and cloud application security (27%). Obviously, these priorities have been turned upside down and the new normal requires a complete rethinking of traditional security strategies. 

To improve cyber resilience under the current conditions, it’s vital to focus on the effectiveness of security controls in the context of hackers’ tactics, techniques, and procedures ― often called TTPs. This approach can help security leaders defend their operations against cyber adversaries in the face of reduced staff and budget cuts. The following five best practices, based on an analysis of threat actors’ TTPs, can improve cyber resilience without the need for more resources:

1. Establish Secure Remote Access… for Workforce and IT Admins

To remain operational, businesses were forced to shift to 100% remote working during the COVID-19 pandemic. While the initial focus was on workforce productivity to get employees up and running, organizations should now revisit their remote access deployments to assure both employee and IT admins accounts, which hold the keys to the kingdom, are protected from threat actors. For example, super users should employ VPN-less access in combination with identity access zones, multi-factor authentication, and least privilege. These and other best practices are covered in “Remote Access: The Hidden Weak Spot for Cyberattacks”.

2. Avoid Taking the (Phishing) Bait

Ultimately, stealing valid credentials via phishing attacks and using them to access a network is easier, less risky, and more efficient than exploiting existing vulnerabilities, even a zero-day. Phishing emails have spiked by over 600% since the end of February, according to Barracuda Networks. As a result, cyber security defenses need to adapt to this reality. User education and beefing up an organization’s authentication systems are two essential steps that can minimize the risks associated with phishing and subsequent cyber-attacks aimed at data exfiltration. Check out “Phishing Attacks: Best Practices for Not Taking the Bait” for more insights.

3. Step Up Your Multi-Factor Authentication Game

Clearly threat actors are no longer “hacking in” to carry out data breaches. Instead, they are simply logging in by exploiting weak, default, stolen, or otherwise compromised credentials. Multi-factor authentication (MFA) remains the most reliable option for augmenting an organization’s existing access controls. Replacing and/or supplementing username and password authentication with MFA significantly raises the bar and costs for carrying out cyber-attacks, which is why its rate of compromise is close to zero. If you haven’t implemented MFA yet, it’s time to do so. Otherwise, you might want to consider hardening your security posture by increasing identity assurance levels as defined by the National Institute of Standards and Technology (NIST) Special Publication 800-63A. Check out “Reality Check on the Demise of Multi-Factor Authentication” for more helpful insights.

4. Boost Your Infrastructure Immunity Against Ransomware 

As mentioned above, ransomware attacks have spiked over the last two months and no relief is in sight. There is no broad-spectrum immunization against every existing variant of ransomware. However, following basic best practices including implementing security awareness programs, backing up data regularly, and applying least privilege access, can minimize the organization’s exposure to the ransomware threat. Ultimately, it should be your objective to “Boost Infrastructure Immunity Against the Ransomware Epidemic”.

5. Enforce Least Privilege

When it comes to breaches, all roads still lead to the human element. In fact, Forrester Research estimates that 80 percent of security breaches involve compromised privileged credentials. It seems obvious, imposing better controls over the human element should lead to significant improvements in data breach prevention. For superusers and IT admins, least privilege access based on just enough, just-in-time privileged access management (JIT PAM) is a best practice. The concept of least privilege, whereby IT admins are only provided the needed level of privilege to perform a certain task for the amount of time necessary to perform it, is an antidote for many security incidents. 

With IT budgets being cut back in response to the economic contraction caused by the current health crisis, security teams need to deliver more with less. Focusing on identity as a security perimeter an efficient and effective way to mitigate cyber-threats.

view counter
Torsten George is currently a cyber security evangelist at Absolute Software, which helps organizations establish resilient security controls on endpoints. He also serves as strategic advisory board member at vulnerability risk management software vendor, NopSec. He is an internationally recognized IT security expert, author, and speaker. Torsten has been part of the global IT security community for more than 27 years and regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege For Dummies book. Torsten has held executive level positions with Centrify, RiskSense, RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global, an ASSA ABLOY™ Group brand), Digital Link, and Everdream Corporation (acquired by Dell).