Not a week seems to go by without the report of a high profile cybersecurity breach, and the cost of a breach is at an all-time high. What can companies do to reduce the risk? Satnam Narang, Senior Staff Research Engineer, Tenable, kicks off this month’s editor’s question with his thoughts below.
For cybercriminals, the adage of ‘if it ain’t broke, don’t fix it’ remains applicable when it comes to conducting cyberattacks against organisations. All too often, it’s tried and true methods that continue to lead to success for attackers. As defenders, we know how most cybercriminals operate, yet all too often organisations around the world continue to be breached each and every week.
The threats organisations typically face are spearphishing and malicious downloads to known vulnerabilities and weak passwords. Even if an organisation is adequately prepared to defend against the most common attack techniques, we know that some cybercriminals will find novel ways of breaching organisations. We saw the aftermath of the Log4Shell vulnerability and how much of an impact it had on organisations around the world.
The UK’s National Cybersecurity Centre (NCSC) Cyber Assessment Framework (CAF) provides a systematic and comprehensive approach to assessing the extent to which cyber-risks to essential functions are being managed by the organisation responsible. The Framework is intended to be used either by the responsible organisation itself (self-assessment) or by an independent external entity, possibly a regulator or a suitably qualified organisation acting on behalf of a regulator. In the United States, the National Institute of Standards and Technology (or NIST) has published the NIST Cybersecurity Framework (CSF) which is designed to help organisations reduce their cyber-risk. The five components of the CSF are to identify, protect, detect, respond and recover. These frameworks are applicable to businesses of all types.
Log4Shell and incidents like it remind us that it’s not a matter of if, but when, a cyberattack will be successful. Understanding all of the conditions that matter in today’s complex and dynamic environments help the organisation understand the full breadth and depth of its exposures, allowing security teams to take the actions needed to reduce them through remediation and incident response workflows. It is also vital that organisations have an adequate incident response plan in place and documented procedures for how to recover following a cyberattack. Conducting tabletop exercises, simulating a real-world scenario of a breach, can help organisations better prepare for a real-world attack.
Most organisations will likely remain safe if they implement the guidance from the NCSC CAF. However, there’s still determined attackers, such as advanced persistent threat (APT) groups and other cybercriminals, that will continue to chip away at possible entry points into an organisation. Understanding attacker behaviour helps inform security programmes and prioritise security efforts to focus on areas of greatest risk and disrupt attack paths, ultimately reducing exposure to cyber incidents.
Andrew Obadiaru, CISO, Cobalt:
Volatile economic conditions and shrinking budgets are leaving cybersecurity professionals stretched thin, opening organisations to cybersecurity threats. Security teams are stretched thin given the slim budgets and smaller teams, resulting in higher chances of cybercriminals exposing vulnerabilities. Change is the constant security teams live by, and a proactive approach to an organisation’s security posture can prevent reputational and financial damage.
At Cobalt, we take a serious approach to cybersecurity and empower our people to regularly educate themselves and update security policies and procedures as needed. This mentality enables our team to be agile and shift quickly as the threat landscape changes and new processes are adopted. For example, we recently rolled out a new policy regarding the use of generative AI tools and how to exercise caution with what information is shared through a public platform. To improve the overall cybersecurity of an organisation, leaders and employees alike must stay on top of the ever-evolving threat landscape and be ready to adapt and pivot on a moment’s notice.
In managing a cybersecurity programme, it’s always better to be proactive than reactive. With a proactive mindset, organisations can be forward-thinking in mitigating vulnerabilities and streamlining organisational processes and access controls. We encourage our customers and their security teams to routinely utilise pentesting to check every possible access point to ensure they are not current – or future – victims of an attack. Additionally, the OWASP Top 10 and SANS Top 20 are key tools helping organisations prevent malicious attackers and resources that we check and refer back to often.
Although people often think of security as a technical issue, the threats and inner workings of attacks are often deeply rooted in psychological tactics. Security is just as much a human problem as a technical one. At Cobalt, we work with a group of vetted cybersecurity professionals called the Cobalt Core. By channeling a hacker’s point of view, we are able to pinpoint faults in internal systems that may have been overlooked. Gaining an outside perspective is critical to improving cybersecurity because this mindset allows teams to objectively view vulnerabilities and provide recommendations for improvement.
As technology evolves, regular cybersecurity education is crucial in battling threats as the threatscape evolves. With more sophisticated attacks and generative AI capable of creating malicious code, cyberattacks are only going to become harder to detect and more commonplace. Ultimately, business security posture needs to evolve at the pace of new cyberthreats. Efforts to maintain a strong security posture are never complete, and when leaders implement a proactive mindset, they can be better prepared for the latest threats.
Karl Bateson, Director of Global Communications, Acronis:
I entered into the realm of cyber protection just over a year ago, and armed with greater access to worldwide cybercrime statistics, I found it necessary to evaluate my own practices – ones I’ll share with you today.
First and foremost, whenever feasible, activate two-factor authentication. This introduces a second layer of security to your password access and promptly notifies you, often via phone, when access attempts are made.
Next, ensure your passwords are unique, alphanumeric and consist of a minimum of eight characters. The more characters you include, the tougher it becomes for hacking or guessing. Steer clear of using easily accessible information such as pet names, family names or street names.
Subsequently, software updates play a pivotal role – keeping your software current is vital. This is because software vendors update their products to seal vulnerabilities as exploits emerge. Staying up-to-date with the latest patches goes a long way in safeguarding your information.
Backing up your data is paramount and the act of regularly backing up your data emerges as a critical practice. Safeguard your crucial data by backing it up to an external hard drive or the cloud and verify that your backups are encrypted. Your backups can be a lifesaver, ready to restore your data in the event of a cyberattack or unforeseen data loss.
I ardently recommend installing software intended to shield you from hacks, viruses, malware and more. In my case, I have a firewall, antivirus and antimalware programs for my systems. This represents one of your primary defences against malicious entities attempting to breach your systems. As previously mentioned, keeping your software up-to-date is crucial to fend off new threats.
Exercise caution with phishing, as it remains one of the most prevalent methods of breaching defences. Be wary of unsolicited emails or emails containing links to seemingly legitimate sites that are likely fraudulent and designed to pilfer your data. As a practice, if I encounter an email urging action on an account, I shut the email and directly visit the account’s official site to verify any issues.
Incorporating secure Wi-Fi hotspots and availing oneself of a VPN whenever possible infuses an additional stratum of protection into your cybersecurity regimen.
In conclusion, while no system is entirely foolproof, taking these additional steps to fortify yourself can spell the difference between being targeted by bad actors and staying off their radar.
Wishing you a cybersecure day!
Camellia Chan, CEO & Co-founder, Flexxon:
The changing methods of cybercriminals and the advent of new technologies which lower the barriers to entry for them, means it’s harder than ever for businesses to protect themselves. For instance, ready-made ransomware kits are now easily accessible to those without advanced technical skills, which has significantly expanded the pool of attackers.
Human error also remains the cause of many cyberattacks and data breaches, with employees forgetting to update passwords, software or opening phishing emails, for example. The consequences for businesses can be disastrous, with not just money at stake but reputation as well.
Traditional software-based approaches to cybersecurity like anti-virus are not sufficient by themselves in today’s threat landscape. Businesses must do everything they can to provide robust defences and look to adopt the latest technologies.
That’s why we are always looking for new ways to improve our offering and keep pace with the evolving needs of the industry. Unlike traditional cybersecurity measures, we use low-level AI deployed in the hardware of devices.
This robust last line of defence protects against sophisticated attacks while removing the need for human intervention. With strong foundations at the physical layer, you are narrowing down the perimeter where cybercriminals can attack, forcing them to play on your turf. In the event of a breach, your most critical data is always protected.
To meet the fast-evolving threat landscape, we should not only be proactive in assessing our security gaps and address those with proven innovations, but also shift our mindsets to a security-by-design approach. This means we can no longer see cybersecurity as an add-on, but as an integral part of our IT systems.
Click below to share this article