Cyber attacks are growing in frequency and complexity, due to factors like a higher number of expert malicious actors, more distributed workforces and technologies to protect, and an increase in devices and users that can unknowingly act as attack gateways.
Although there’s no way to guarantee that an organization will stay safe from a cyber attack, several physical and technical safeguards can be established to better protect network data.
Read on to learn about how your team can stay up-to-date with the latest tools and knowledge to arm themselves against the next major cybersecurity threat.
Key Protections Against Security Threats
- Incorporate zero trust and SSL inspection
- Examine key components of frequently used apps
- Invest in email-specific security tools
- Create a mobile device management plan
- Go passwordless and use UEBA
- Update your incident response plan
- Regularly monitor and audit your network
- Develop strong data governance principles
- Educate your team on common threat vectors
- Automate security management processes
Readers also read: Top 10 Cybersecurity Threats
Incorporate zero trust and SSL inspection
Zero trust, the tools and practices behind the idea of “trusting no one and verifying everything,” is quickly becoming the most affordable and crucial part of cybersecurity efforts. Zero trust has even reached federal policy levels in the U.S., with President Joe Biden signing an executive order in May 2021 to increase national cybersecurity efforts through zero trust, multi-factor authentication (MFA), and improved encryption.
Many enterprise leaders have developed misconceptions about what zero trust means and what the security approach entails. Jim Taylor, chief product officer at SecurID, an identity and access management (IAM) company, explained what zero trust actually means when enterprises get it right:
“‘Zero trust tends to be thrown around quite a bit by marketers, so businesses should be warned: Zero trust isn’t a product, feature, or service,” Taylor said. “Instead, it’s a goal to strive toward. It’s a way of thinking, not a product. Risk isn’t the trade off we make in pursuit of convenience: It’s just a bad practice, full stop. If there’s no valid reason to expose an asset, then you simply shouldn’t, … [but] don’t get too swept up in trying to achieve true zero trust. Instead, use a risk-based approach to map the frequency, likelihood, and impact of a given event and prioritize the highest-value threats.”
Babur Khan, a technical marketing engineer for A10, a cloud and 5G network security company, believes that zero trust is an important component of cybersecurity but that it works best in combination with SSL inspection.
“SSL inspection provides in-depth traffic examination as well as detection and amelioration of malicious requests, monitoring data entering and leaving networks for analytics, and protecting against DDoS attacks, to name a few,” Khan said. “President Biden’s executive order is the most far-reaching cybersecurity infrastructure and cyberattack prevention strategy the federal government has ever put forward and its promotion of zero-rust architecture is the only practical and effective foundation for all of its goals. Adding SSL inspection completes the architecture and ensures, unlike our traditional brick-and-mortar bridges, that our cybersecurity and cyberattack prevention foundations are future-proofed.”
Getting started with zero trust: Steps to Building a Zero Trust Network
Examine key components of frequently used apps
Your organization’s most frequently used apps more than likely include the remnants of users, permissions, and dated security approaches that make those tools vulnerable to attack. It’s important to check how all of those applications are configured and monitor who has access and when and how they use that access.
Derek Melber, chief technology and security strategist at Tenable, a cybersecurity and exposure platform company, offered advice for securing the popular Microsoft Active Directory in particular:
“The first step to keeping Active Directory secure is to ensure all aspects of AD that can be compromised are properly secured,” Melber said. “This includes users, attributes, groups, group members, permissions, trusts, Group Policy-related settings, user rights, and much more.
“A good example would be to require strong authentication on service accounts and actively manage the groups they are in. Part of this means mandating multi-factor authentication for all users. Enforce the principle of least privilege across all endpoints to prevent lateral movement, blocking default administration, denying access from a built-in local administrator account and avoiding many of the built-in groups, which have too many permissions.”
Invest in email-specific security tools
A large number of successfully launched cyber attacks make it into enterprise networks through the unknowing actions of an authorized user, usually due to a phishing email. Enterprises can’t ensure they’ll catch every instance in which a user falls victim to phishing, but they can add additional security measures to email and other applications that turn users into a gateway for external actors.
Mike Spanbauer, senior director and technology evangelist for Juniper Networks, a major global networking company, believes efforts in communications-based security are crucial to protecting your users and their network actions:
“Having good tools that can inspect the link and any payloads is crucial,” Spanbauer said. “A high-quality next generation firewall, secure email solution, or endpoint technology can also be effective tools to mitigate this threat.”
Create a mobile device and data management plan
The majority of enterprise employees not only use corporate equipment for work activities, but also use personal mobile devices to check email, open collaborative documents, and perform other actions that can expose sensitive company data.
Spanbauer with Juniper Networks said the best way to make sure that personal mobile devices do not expose the network to unnecessary threats is to establish and enforce a mobile device and data management plan.
“Mobile technologies continue to gain in processing and data-gathering power, but many companies still employ a bring your own device policy,” Spanbauer said. “This is fine, so long as the resources these devices can access are sufficiently gated, and the networks they can access are restricted and robustly monitored. A proven master data management solution is always a good option. Effective inspection of the guest network can also help to prevent the spread of threats from device to device as well as to protect the organization from potential harm.”
Also read: Cybersecurity Market 2021
Go passwordless and use UEBA
Employees often have trouble remembering their user access credentials, and to try to make it easier, they use simple passwords and store their information in unsecured places. Bad password habits expose enterprise networks to large amounts of risk, making it possible for malicious actors to steal credentials from any number of users.
As a result of the many cyber attacks based on credential theft, experts like Taylor from SecurID encourage companies to find passwordless and user and entity behavior analytics (UEBA) strategies for user account security.
“One way to address [remote worker security vulnerabilities] is with modern security principles, including passwordless, device-based, risk-based, and UEBA,” Taylor said. “These modern techniques and technologies increase security and improve the user experience. By simply having your phone in your pocket and performing a task in the same way you always have, you create a cybersecurity stance for users that’s far easier than asking them to remember a complex password — and far more secure as well.”
Update your incident response plan
No matter how much security infrastructure you put into place, every network will still have some vulnerabilities that can eventually be targeted by a hacker. Most enterprises make the mistake of only responding to these events reactively, handling the security problem as it comes but not doing any additional work, training, or policy development to prepare for other attacks.
Dave Martin, VP of extended detection and response at Open Systems, a global cybersecurity company, believes that companies need to start by updating their incident response plan and actually putting it into practice.
“Seconds count during a breach, and you cannot afford to lose precious time that should be spent responding to a successful attack in a coordinated and impactful fashion,” Martin said.
“Your SecOps team, IT staff, and security partners need to know their roles, responsibilities, and tasks when breaches occur, and they need to know them in advance — you can’t allow an actual attack to also be the teams’ first dress rehearsal. Whether it’s ransomware or some other attack, a fast response can make the difference between a nuisance and a catastrophe. Oh, and if you don’t have an incident response plan, needless to say, you need to write one.”
Regularly monitor and audit your network
In partnership with the policy development and training that comes with creating an incident response plan, it’s important to also have regular monitoring and security auditing in place to catch minor issues before they turn into major ones.
Martin with Open Systems explained the importance of getting your people and processes accustomed to a monitoring and auditing workflow:
“Preventive security technologies such as firewalls, antivirus, proxies, multi-factor authentication, and more are necessary, but they are not sufficient,” Martin said. “The threat actor landscape has evolved from simply developing malicious software to now including the sophisticated weaponization of that software, using trusted delivery methods to obscure malicious activity.
“The only way to know if your prevention layer is working is to have security experts continuously monitoring all potential attack surfaces using best practices and repeatable processes to detect and respond to threats. Many organizations take a ‘set-it-and-forget-it’ approach to the prevention layer, and as a result, continuous monitoring has emerged as an essential ingredient to minimize risk by providing an important feedback loop. Security is a journey, not a destination.”
More on network audits: Creating a Network Audit Checklist
Develop strong data governance principles
Data security is a key point of greater cybersecurity principles, and data governance ensures that the right data receives needed protections.
Will Bass, VP of cybersecurity at Flexential, an IT and data center management solutions company, believes that strong data governance involves reviewing data at the source and protecting people from unnecessary data access on a continual basis.
“Organizations keep too much data for too long,” Bass said. “Sensitive data is a target for bad actors that increases organizational risk.
“Reducing this threat requires good data governance practices, such as deleting any data that is not required to provide their services or meet a regulatory requirement. Deleting unneeded sensitive data in the environment not only reduces the risk of a compromise, but also decreases IT costs by reducing the infrastructure footprint and narrowing the scope for privacy and other regulatory requirements.”
Especially in the era of big data, it can be challenging to distinguish between unneeded data and data to protect. But Seth Cutler, CISO at NetApp, a large data management and cloud company, believes that some of these data management best practices are a good place to start:
“Looking at the sheer volume of data that companies are having to manage, store, retrieve, protect, and backup,” Cutler said. “As this [data] continues to grow, so too does the cybersecurity implications of data overload.
“With this, developing strategies for data life cycle management, data privacy compliance, data governance, and data protection are critical. … To help remedy data overload, companies should consider data classification, data tagging, and development of clear guidance and policies on data retention.”
More on data governance: Data Governance Trends 2021
Educate your team on common threat vectors
Companies tend to invest most of their time and finances into the right cybersecurity infrastructure and tools, often overlooking the importance of training all teammates on how they can protect themselves and the company from security threats.
Bass from Flexential said it is the organization’s responsibility to train all users on common social engineering attacks and phishing practices.
“Humans pose the biggest threat to keeping an organization safe,” Bass said. “With the perimeter becoming increasingly secure, bad actors are jumping the perimeter by socially engineering employees, using techniques such as phishing, vishing, and spear phishing to gain a foothold inside of organizations.
“To combat this threat, organizations should educate their staff to recognize the signs of a social engineering attempt and what to do if they suspect an attempt is being made against them. Organizations should also run regular exercises using these methods as a learning experience for their staff, to understand the risk posed by their user base and reduce the risk posed by social engineering.”
Automate security management processes
Although automation is not the answer for all cybersecurity problems, artificial intelligence (AI)- and machine learning (ML)-powered tools make it much easier to set security monitoring and other quality controls into action in the cloud.
James Campbell, CEO and co-founder of Cado Security, a cloud-native digital forensics company, believes cloud security automation is one of the most time- and cost-effective ways to secure distributed networks.
“Incorporating automation into the cloud investigation journey is essential to reducing the amount of time, resources, and money that’s required to understand the root cause, scope, and impact of an incident,” Campbell said. “With the amount of data that sits in the cloud today, organizations require the ability to automatically capture and process data at cloud speed and scale.
“Security teams shouldn’t have to worry about working across multiple cloud teams, access requirements, or the fact that their investigation spans multiple cloud platforms, systems, and regions. While all of these complexities have historically dragged out the start of their investigation or completely halted it from ever happening, automation flips the script by reducing the complexity and time required to conduct investigations.”
Read next: Key Cybersecurity Trends 2021