Best practices for defeating against most attacks, hopefully making the need for future Cybersecurity Awareness Months obsolete
Cybersecurity Awareness Month, which was previously known as National Cybersecurity Awareness Month, is in its 19th year. Launched under the guidance of the U.S. Department of Homeland Security and the National Cyber Security Alliance (NCSA), it aims to help Americans stay safe and secure online. This year’s campaign theme – See Yourself in Cyber – is focused on the “people” equation of cybersecurity, while promoting how to recognize and report phishing, the use of strong passwords, password managers and multi-factor authentication, and applying software updates. While these tactics are certainly a great place to start, organizations need to go beyond these fundamental steps to strengthen their cyber resilience.
The last year has proven to be a game-changing year for cybersecurity: Cyber breaches are bigger and worse than ever. Hardly a week goes by without headlines about some new devastating cyberattack. In fact, the Federal Bureau of Investigation’s Internet Crime Report (PDF), saw a 7 percent increase in complaints, resulting in losses of nearly $6.9 billion. The surge in cyberattacks directly correlates to the broadened attack surface – specifically, the sudden shift to hybrid working. Cyber adversaries capitalized on the rapidly changing environment by intensifying their attacks and targeting the weakest link in the attack chain – the remote worker. Furthermore, professional hackers, cybercriminal syndicates, and nation-states are exploiting the supply chain, increasing their blast radius and overall damages.
Implementing an effective enterprise security strategy requires an understanding of hackers’ tactics, techniques, and procedures (so-called TTPs). In this context, it is vital for security practitioners to review the entire cyberattack lifecycle to gain a full grasp of the areas that need to be addressed as part of an in-depth cyber defense approach.
Here are five best practices for defeating against most attacks, hopefully making the need for future Cybersecurity Awareness Months obsolete.
Put your Trust in Zero Trust
Zero Trust means trusting no one – not even known users, applications, or devices – until they have been verified and validated. Zero Trust principles help enterprises enforce dynamic, contextual network access policies to grant access for people, devices, or applications. This entails analyzing device postures, application health, network connection security, as well as user activity to subsequently enforce pre-defined policies at the endpoint rather than via a centralized proxy.
For most organizations, the path to Zero Trust should start with identity paired with endpoint resilience to create a more secure work-from-anywhere user population. Applying Zero Trust principles can help companies avoid becoming the next breach headline, including the brand damage, customer loss, and value degradation that typically comes with it.
Focus on What Matters Most
Gartner estimates that global spending on cybersecurity will hit almost $173 billion annually in 2022, yet the breaches keep on coming. That’s probably because a large chunk of that money is being funneled toward solutions that don’t address modern security problems and cover the ever-growing attack surface of modern enterprises. Hackers, for their part, are taking advantage of the fact that organizations and their workforce are relying on mobile devices, home computers, and laptops to connect to company networks to conduct business. In turn, these endpoint devices become the natural point of entry for many attacks. In fact, a recent Ponemon Institute survey revealed that 68 percent of organizations suffered a successful endpoint attack within the last 12 months.
Understanding not just the tail end of the cyberattack kill chain, but also focusing on initial attack vectors like endpoints provides a roadmap for aligning preventive measures with today’s threats. It is vital to maintain granular visibility and control over access points to prevent and remediate vulnerabilities that can and often will surface on them. In today’s work-from-anywhere era, assuring endpoint resilience is a vital element of a successful in-depth cyber defense strategy.
Secure your Network Access
In today’s perimeter-less environment, security practitioners can no longer assume implicit trust among applications, users, devices, services, and networks. In fact, 51 percent of organizations have seen evidence of compromised endpoints being used to access company data via the corporate network. That’s why many organizations have started to embrace a Zero Trust approach and are considering augmenting their conventional network access security concepts such as virtual private networks (VPNs) and demilitarized zones (DMZs) with Zero Trust Network Access (ZTNA) solutions.
ZTNA solutions create an identity- and context-based, logical access boundary around an application or a set of applications. Access is granted to users based on a broad set of factors, for instance, the device being used, as well as other attributes such as the device posture (e.g., if anti-malware is present and functioning), time/date of the access request, and geolocation. Upon assessing the contextual attributes, ZTNA then dynamically offers the appropriate level of access at that specific time. Since risk levels of users, devices, and applications are constantly changing, access decisions are made for each individual access request.
Balance your Security Investments
It’s a fact that we can never eliminate cyber risk entirely, but we can manage it more effectively with “Left and Right of Boom” processes and procedures, creating a winning strategy by splitting an organization’s cybersecurity investments between strategic preparedness, prevention, and incident response. Finding the right balance has become essential in determining an organization’s ability to anticipate, withstand, recover from, and adapt to attacks, or compromises on cyber resources. Gartner, in its “Maverick Research: You Will be Hacked, So Embrace the Breach” report is emphasizing that “to make a real difference to the impact of cybersecurity incidents, cybersecurity priorities must shift from defensive strategies to the management of disruption through resilience.”
Become Cyber Resilient
More and more security professionals acknowledge that modern enterprise infrastructures are made up of large and complex entities, and therefore will always have flaws and weaknesses that adversaries will be able to exploit. In this context, they propagate the concept of cyber resilience to ensure that an adverse cyber event (intentional or unintentional, i.e., due to failed software updates) does not negatively impact the confidentiality, integrity, and availability of an organization’s business operations.
Like Zero Trust, cyber resilience offers a blueprint to strengthen an organization’s security posture in today’s dynamic threatscape, establish security controls that require cyber adversaries to spend more time figuring out how to bypass them (which they often are unwilling to do, because time is money), and the means to recover from cyberattacks quickly and efficiently.
Organizations have to assume that bad actors are in their networks already. Before the next Cybersecurity Awareness Month comes along, companies across all industries should consider moving to a resilient Zero Trust approach, powered by additional security measures such as Zero Trust Network Access and endpoint resilience. Furthermore, they should balance their focus between preventive and responsive measures to a potential breach. This will help them stay ahead of the security curve and ultimately remove the need for an awareness month after all.