Connect with us

Hi, what are you looking for?


Identity & Access

Cyber Resilience: Doing More with Less

The COVID-19 Health Crisis is Forcing Enterprise Security Teams to Deliver More With Less

The COVID-19 Health Crisis is Forcing Enterprise Security Teams to Deliver More With Less

It’s definitely not business as usual. Threat actors are taking full advantage of these uncertain times by launching a wave of new cyber-attacks, leveraging tactics such as phishing, ransomware, and credential stuffing. Ransomware attacks alone skyrocketed 148% in the past month, according to VMware Carbon Black threat researchers. At the same time, many organizations are being forced to downsize staff and delay planned IT security projects. Now more than ever, it’s important to focus on defense strategies that assure the biggest bang for the buck. So where should organizations focus to improve resilience while stretching their budget further.

According to ESG research, 62% of organizations were poised to increase spending on cyber security in 2020.  In fact, 32% of survey respondents said they would invest in cyber security technologies using AI/ML for threat detection, followed by data security (31%), network security (30%), and cloud application security (27%). Obviously, these priorities have been turned upside down and the new normal requires a complete rethinking of traditional security strategies. 

To improve cyber resilience under the current conditions, it’s vital to focus on the effectiveness of security controls in the context of hackers’ tactics, techniques, and procedures ― often called TTPs. This approach can help security leaders defend their operations against cyber adversaries in the face of reduced staff and budget cuts. The following five best practices, based on an analysis of threat actors’ TTPs, can improve cyber resilience without the need for more resources:

1. Establish Secure Remote Access… for Workforce and IT Admins

To remain operational, businesses were forced to shift to 100% remote working during the COVID-19 pandemic. While the initial focus was on workforce productivity to get employees up and running, organizations should now revisit their remote access deployments to assure both employee and IT admins accounts, which hold the keys to the kingdom, are protected from threat actors. For example, super users should employ VPN-less access in combination with identity access zones, multi-factor authentication, and least privilege. These and other best practices are covered in “Remote Access: The Hidden Weak Spot for Cyberattacks”.

2. Avoid Taking the (Phishing) Bait

Advertisement. Scroll to continue reading.

Ultimately, stealing valid credentials via phishing attacks and using them to access a network is easier, less risky, and more efficient than exploiting existing vulnerabilities, even a zero-day. Phishing emails have spiked by over 600% since the end of February, according to Barracuda Networks. As a result, cyber security defenses need to adapt to this reality. User education and beefing up an organization’s authentication systems are two essential steps that can minimize the risks associated with phishing and subsequent cyber-attacks aimed at data exfiltration. Check out “Phishing Attacks: Best Practices for Not Taking the Bait” for more insights.

3. Step Up Your Multi-Factor Authentication Game

Clearly threat actors are no longer “hacking in” to carry out data breaches. Instead, they are simply logging in by exploiting weak, default, stolen, or otherwise compromised credentials. Multi-factor authentication (MFA) remains the most reliable option for augmenting an organization’s existing access controls. Replacing and/or supplementing username and password authentication with MFA significantly raises the bar and costs for carrying out cyber-attacks, which is why its rate of compromise is close to zero. If you haven’t implemented MFA yet, it’s time to do so. Otherwise, you might want to consider hardening your security posture by increasing identity assurance levels as defined by the National Institute of Standards and Technology (NIST) Special Publication 800-63A. Check out “Reality Check on the Demise of Multi-Factor Authentication” for more helpful insights.

4. Boost Your Infrastructure Immunity Against Ransomware 

As mentioned above, ransomware attacks have spiked over the last two months and no relief is in sight. There is no broad-spectrum immunization against every existing variant of ransomware. However, following basic best practices including implementing security awareness programs, backing up data regularly, and applying least privilege access, can minimize the organization’s exposure to the ransomware threat. Ultimately, it should be your objective to “Boost Infrastructure Immunity Against the Ransomware Epidemic”.

5. Enforce Least Privilege

When it comes to breaches, all roads still lead to the human element. In fact, Forrester Research estimates that 80 percent of security breaches involve compromised privileged credentials. It seems obvious, imposing better controls over the human element should lead to significant improvements in data breach prevention. For superusers and IT admins, least privilege access based on just enough, just-in-time privileged access management (JIT PAM) is a best practice. The concept of least privilege, whereby IT admins are only provided the needed level of privilege to perform a certain task for the amount of time necessary to perform it, is an antidote for many security incidents. 

With IT budgets being cut back in response to the economic contraction caused by the current health crisis, security teams need to deliver more with less. Focusing on identity as a security perimeter an efficient and effective way to mitigate cyber-threats.

Written By

Torsten George is a cybersecurity evangelist at Absolute Software, which helps organizations establish resilient security controls on endpoints. He also serves as strategic advisory board member at vulnerability risk management software vendor, NopSec. He is an internationally recognized IT security expert, author, and speaker. Torsten has been part of the global IT security community for more than 27 years and regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege For Dummies book. Torsten has held executive level positions with Centrify, RiskSense, RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global, an ASSA ABLOY™ Group brand), Digital Link, and Everdream Corporation (acquired by Dell).

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Identity & Access

NSA publishes recommendations on maturing identity, credential, and access management capabilities to improve cyberthreat protections.