During October 2021, the cyber sector celebrated the 18th year of the Cybersecurity Awareness Month, which was previously known as National Cybersecurity Awareness Month. Under the slogan “Do Your Part #BeCyberSmart”, the Cybersecurity and Infrastructure Security Agency (CISA) together with the National Cyber Security Alliance (NCSA) each year encourage individuals and organizations to own their role in protecting cyberspace by emphasizing personal accountability and the importance of taking pro-active steps to enhance cybersecurity.
Many experts believe that unfortunately, not much has changed since last year, except for ever increasing ransomware attacks and ransoms to be paid. Cyber breaches are bigger and worse than ever. Hardly a week goes by without headlines about some new devastating cyberattack. The Identity Theft Research Center reports the number of data breaches so far this year, 2021 has already surpassed the total number in 2020 by 17 percent.
There has been no improvement in avoiding cyber threat breaches either. This has been compounded by the COVID-19 shift to remote working. Too many companies had to adopt a “move first, plan later” approach and leave their network-centric security bubble behind that allowed IT teams to own and control most of the network. Ultimately, the opening of “holes” in existing security controls in the name of business continuity created vulnerabilities and exposed many organizations to increased risks. Cyber adversaries capitalized on the rapidly changing environment by intensifying their attacks and targeting the weakest link in the attack chain the remote worker who still maintained access to corporate databases.[1]
Despite all the new technologies, strategies, and artificial intelligence being employed by security experts and threat actors alike, one thing remains constant: the human element. As humans are weak point in any network that threat actors frequently exploit when launching phishing and social engineering campaigns to establish a foothold in their victim’s IT environment. Hackers do not bother to hack in anymore they log in using weak, default, stolen, or otherwise compromised credentials. These are easily available on the dark web for sale or for free.
The reality is that many breaches can be prevented using some basic cyber hygiene tactics, coupled with a Zero Trust approach. Zero Trust (ZT) is the term for an evolving set of cybersecurity paradigms that move defenses from static, network- based perimeters to focus on users, assets, and resources. A zero trust architecture (ZTA) uses zero trust principles to plan industrial and enterprise infrastructure and workflows.
Most organizations continue investing the largest percentage of their security budget on protecting their network perimeter rather than focusing on security controls which can actually effect positive change to protect against the leading attack vectors: credential abuse and endpoints serving as main access points to an enterprise network. This is a big mistake. Implementing an effective enterprise security strategy requires an understanding of hackers’ tactics, techniques, and procedures (so-called TTPs). In this context, it is vital for security professionals to review the entire cyberattack lifecycle to gain a full grasp of the areas that need to be addressed as part of an in-depth cyber defense approach.
Here are three best practices for defeating most attacks:
- Simple static passwords are not enough, especially for sensitive enterprise systems and data. With static passwords, how are you supposed to know if the user accessing data is the valid user or just someone who bought a compromised password from the millions that can be found on the Dark Web? You cannot trust a static password anymore. Organizations need to realize that multi-factor authentication (MFA) is the lowest hanging fruit for protecting against compromised credentials.
- Researchers estimates that global spending on cybersecurity will hit $155 billion annually in 2021, yet the breaches keep on coming. That is probably because a large amount of that money is being funneled toward solutions that do not address modern security problems and cover the ever-growing attack surface of modern enterprises. Hackers, for their part, are taking advantage of the fact that organizations and their workforce are relying on mobile devices, home computers, and laptops to connect to company networks to conduct business. In turn, these endpoint devices become the natural point of entry for many attacks. In fact, a recent Ponemon Institute survey revealed that 68 percent of organizations suffered a successful endpoint attack within the last 12 months.
- Understanding not just the tail end of the cyberattack kill chain, but also focusing on initial attack vectors like endpoints provides a roadmap for aligning preventive measures with today’s threats. It is vital to maintain granular visibility and control over access points to prevent and remediate vulnerabilities that can and often will surface on them. In the current work-from-anywhere era, assuring endpoint resilience is a vital element of a successful in-depth cyber defense strategy.
Zero Trust means trusting no one - not even known users, applications, or devices until they have been verified and validated. Zero Trust principles help enterprises enforce dynamic, contextual network access policies to grant access for people, devices, or applications. This entails analyzing device postures, application health, network connection security, as well as user activity to subsequently enforce pre-defined policies at the endpoint rather than via a centralized proxy.
For most organizations, the path to ZT should start with identity paired with endpoint resilience to create a more secure work-from-anywhere user population. Applying Zero Trust principles can help companies avoid becoming the next breach headline, including the brand damage, customer loss, and value degradation that typically comes with it.
Organizations must assume that bad actors are in their networks already. Before the next Cybersecurity Awareness Month comes along, companies across all industries should consider moving to a ZT approach, powered by additional security measures such as MFA and endpoint resilience. This will help them stay ahead of the security curve and ultimately remove the need for an awareness month after all. All these parameters have been advocated for years at Red Sky Alliance.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.wapacklabs.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/3702558539639477516
[1] https://www.securityweek.com/another-cybersecurity-awareness-month-has-passed-and-little-has-changed
Comments