By Sam Humphries, Security Strategist, Exabeam
This year, many organizations are marking National Cyber Security Awareness Month (NCSAM) with a remote workforce. Anyone who’s ever worked from home knows how distracting it can be. Add the deluge of email communications from colleagues, managers, marketers, schools, the government, etc. and it quickly creates a utopian environment for well-crafted phishing attacks to succeed. Just a momentary lapse in concentration can lead to an employee clicking on something they shouldn’t, and as soon as they have, it’s too late.
The rapid transition to remote work meant security leaders had to quickly find the right balance between ensuring the organization’s productivity needs are met, and keeping the organization secure. While it’s beneficial to dedicate an entire month to reflecting on current cybersecurity practices and making improvements where necessary, cyberthreats are not exclusive to October.
This National Cybersecurity Awareness Month, industry experts below have shared their thoughts on the current and future landscape of cybersecurity while also providing advice and knowledge about the tools required to succeed in building a better cyber defense capable of adapting to the changing landscape.
Torsten George, cybersecurity evangelist, Centrify
"National Cyber Security Awareness Month is an excellent opportunity to remind businesses and consumers alike to never let their guard down when it comes to protecting access to data. All data has some kind of value, whether it’s a PIN code, digital medical records, social security numbers, social media posts, or even blood oxygen levels from your fancy new watch. This year's theme, ‘Do Your Part: Be #CyberSmart,’ takes on increased significance, as our work and personal lives continue to blur, more devices are connected to the internet than ever, and a historic amount of critical personal and business data is shared digitally.
If there's one takeaway for businesses, it's that cyber-attackers no longer ‘hack’ in – they log in using weak, stolen, or phished credentials. This is especially damaging when it comes to privileged credentials, such as those used by IT administrators to access critical infrastructure, which are estimated to be involved in 80% of data breaches. So how can we reduce this number in October, and as we move into the holiday season and 2021?
Granting 'least privilege' is essential to preventing unauthorized access to business-critical systems and sensitive data by both insiders and external threat actors. Striving towards zero-standing privileges and only granting just-enough, just-in-time access to target systems and infrastructure limits lateral movement. As organizations continue their digital transformation journeys, they should look to cloud-ready solutions that can scale with modern business needs. By embedding these key principles into the security stack, the risk of employees' credentials being compromised and/or abused can be dramatically reduced, compliance can be strengthened, and the organization can be more secure."
Steve Moore, chief security strategist, Exabeam
"Organizations have yet to effectively manage the problem of cyberattacks initiated through stolen credentials, especially those which represent compromised internal accounts. This condition continues to plague organizations, and by using existing logins and tools already available on the network, adversaries can move laterally across the company network – as shown the MITRE ATT&CK lateral movement tactic. These combination-type attacks make it harder for a SOC to detect and respond to attackers, allowing adversaries to access private data and high-value assets.
Common organizational countermeasures are mostly ineffective, and most cybersecurity investigation techniques do little to uncover this problem's occurrence. A point for every audit and compliance professional; when you review the credential entitlement lifecycle process, there must be an equal credential behavior process.
During National Cyber Security Awareness Month, organizations need to recognize how they can get ahead of these bad actors.
First: consider adding capabilities that augment or replace the source of truth in your SOC. Beyond static rules is the ability to identify lateral movement as part of a broader attack chain, tying the supporting events together to a full picture. This is a challenging but relevant use case that should be a capability in any modern SOC.
Second: for whatever is important to you, answer if those series of events are normal or abnormal and build attacker timelines without manual effort. Each of these drastically improve your time to answer. The right analytics will stitch together various log sources into a timeline to show traditional alerts and abnormal behavior. The right behavioral analytics also helps combat insider threats by notifying security teams when the unusual and risky has occurred – both on an individual basis and compared to peers.
Employees outside of the SOC also have a role to play. Over 80 percent of breaches are related to stolen or weak passwords. Thus, security teams must reiterate best password practices such as never using the same password twice, using password vaults, and enabling multi-factor /adaptive authentication. A combination of behavioral analytics and smart password practices can help employees, and their employers stop credential-based attacks during this month and beyond."
Gijsbert Janssen van Doorn, director technical marketing, Zerto
“As organizations transitioned into remote working almost overnight, security teams were left to quickly ensure their businesses were secure, while trying to fill in the cracks left behind by the introduction of new networks, new devices, and new cyber attacks.
It isn’t a surprise that cybercriminals started taking advantage of this almost immediately, carrying out ransomware attacks throughout the pandemic as businesses did everything they could to remain operational. However, away from the private sector, where healthcare and public sector organisations have been facing huge pressures to manage and control the COVID-19 outbreak, bad actors have posed a significant threat. Keeping healthcare operations running in normal circumstances is absolutely critical, but in the middle of a pandemic, that significance is only magnified.
This year, National Cybersecurity Awareness Month emphasizes personal accountability as well as the importance of taking proactive steps to enhance cybersecurity. Employees, now more than ever, need to remain vigilant in protecting their organization. Ransomware attacks can and will still occur, so cyber resilience is imperative. With a 72% increase in ransomware attacks during COVID-19, organizations need to be prepared for the inevitable.
Once compromised, it’s too late to take any preventative measures. Organizations need to be able to recover data and get back to operating swiftly and painlessly without paying a ransom. Key to this is leveraging IT resilience solutions that can quickly and effectively provide recovery after an attack. With the right continuous data protection tools in place, businesses need not worry about paying ransoms and can instead simply recover pre-attack data files within seconds.”
Carl D’Halluin, CTO, Datadobi
"The COVID-19 pandemic and remote work economy has served to exacerbate existing cyberthreats such as inside threat actors, ransomware, or a storage platform-specific bug or hack. Downtime caused by these attacks can come at a very high cost for organizations — both financially and reputationally. Unstructured data business continuity planning and protection — whether on-premises or in the cloud — is still lagging dangerously far behind other cybersecurity efforts. Even worse, hackers are increasingly viewing NAS (network-attached storage) as a highly-profitable target. It’s important for IT and security leaders to consider this data when building out security strategies.
“No IT professional wants to imagine the worst-case scenario happening to them: a situation where their NAS or object storage has been locked up by hackers. As organizations increasingly rely on unstructured data to perform day-to-day business-critical functions, they need to maintain instantaneous access to this core data. The best practice would be for organizations to maintain a secure ‘golden copy’ of business-critical data in an air-gapped location of their choosing (a physical bunker site, data center, or public cloud). The golden copy complements the traditional data protection strategy by providing an extra layer of insurance so that in the event of a cyberattack, business operations can continue.”
Jay Ryserse, CISSP, VP of Cybersecurity Initiatives at ConnectWise
“Cybersecurity is a journey, not a destination. The need to reinforce policy and best practices around cyber hygiene requires continuing education. Whether it's education for your team or conversations about culture with your customers, you have to consider it’s an ongoing process that requires maintenance. While National Cybersecurity Awareness Month is a great opportunity to discuss the current issues we’re facing and make plans to address them, cybersecurity is critical 365 days a year. Cyber crime doesn’t rest and neither should organizations.
This month also presents a good opportunity to discuss the growing importance of cybersecurity within the managed service provider (MSP) community. When we review the results of a recent survey we conducted with Vanson Bourne, the importance of investing in ongoing cybersecurity education is evident in the data. Ninety-one percent of SMBs say they would consider using or moving to a new IT service provider if it offered the ‘right’ cybersecurity solution. For most, that means having confidence that their provider will be able to respond to cyber attacks and minimize any damage. If I’m an MSP, I’m going to focus on educating my team on how to deliver the ‘right’ cybersecurity solutions. MSPs owe it to themselves to keep up with trends and knowledge in cybersecurity in order to increase their service offerings and provide their customers with the protection they’re seeking.”
Surya Varanasi, CTO, StorCentric
“As cyber threats continue to raise concerns across virtually all industries, particularly healthcare and financial, it is important that organizations remain compliant and find solutions that implement the latest encrypted technology to protect their data and the data of their customers.
To support business continuity, as well as ensure data protection and security, IT professionals should look for policy-based solutions with the ability to fingerprint and encrypt data to fortify businesses against viruses, ransomware, and other bad actors. Solutions that are able to restore from virtual shortcuts can decrease the amount of time spent retrieving data and help users bring their businesses back up quickly. Implementing self-healing technology can help the system to automatically ensure it is in order and ensure your last line of defense is continuously updated and ready to go. This is an immutable copy that can’t be altered and it is replicated to a remote location using an encrypted transfer. While you can’t eliminate cybercrime, you can take steps to help organizations be prepared to evade and/or recover from it.”
Jeff Hussey, CEO, Tempered
“National Cyber Security Awareness Month is the perfect time to bring awareness to the work that needs to be done to secure our critical infrastructure. Critical infrastructure — from electrical grids, and smart city applications to water treatment plants — have vulnerabilities that pose enormous cyber risk and in turn, risks to communities. Traditionally, these networks have been physically managed and air-gapped. Managing and securing these networks and remote sites today is difficult, as new technologies are added to legacy systems.
Fortunately, state-of-the-art secure networking solutions are now available that extend secure connectivity across physical, virtual, and cloud platforms and secure every endpoint in your network, with true micro-segmentation and secure remote access. These solutions not only eliminate network-based attacks, but they also reduce the cost and complexity required to effectively manage critical infrastructure for governments, utilities, and IoT applications.”
Trevor Bidle, VP of Information Security and Compliance Officer, US Signal
“When we celebrated National Cyber Security Awareness Month in 2019, no one could have predicted that at that time the following year, the world would be in the midst of a pandemic -- and that many companies would be faced with the technological challenges of a newly distributed workforce. Compounding this issue, 64,000 IT professionals are expected to have lost their jobs by the end of 2020, while cybercrime has quadrupled -- leaving organizations short-staffed yet increasingly targeted by hackers. The solution for some may be to turn to a third-party SOC that can offload some of the security posture decisions and monitoring.
For years, vulnerability management tools have been reactive rather than proactive -- only spotting weak points on the network after they’ve been compromised by a hacker. But the most effective, modern solutions use threat intelligence to proactively identify, classify and prioritize vulnerabilities based on criticality -- allowing organizations to catch them before the bad guys do.
Many businesses struggle to set up, scan and effectively analyze vulnerability scan results in a way that drives meaningful action to remedy the issues, however. IT and security departments who want to expand their teams through a third-party SOC can turn to these highly-trained experts to manage vulnerability scanning, report analysis and remediation recommendations. In addition to vulnerability management, organizations can use third-party providers for backup and disaster recovery to help restore data in the face of ransomware attacks, and to help build and test effective incident response plans.
While there are additional considerations, these steps are a strong start toward a more secure future, even in these unpredictable times. And it’s important to remember, there’s no shame in asking for help.”
JG Heithcock, General Manager of Retrospect, Inc., a StorCentric Company
“National Cybersecurity Awareness Month serves as a reminder that cyber criminals continue to exploit the pandemic and remote workforce by targeting organizations through phishing, malware distribution, false domain names, and other attacks on teleworking infrastructure.
Preparing for cybercrime attacks through the use of proven techniques will protect your data and critical systems, helping your organization to minimize risks, rapidly recover if necessary, and maintain operations. This includes updating your system and investing in anti-malware software; protecting your endpoints and not just servers or file sharing systems; implementing a 3-2-1 backup strategy consisting of: 3 copies of data, 2 different formats and 1 offsite location; routinely monitoring backups to help detect ransomware; and no matter how uncomfortable it might seem, do not pay the ransom in the event of a ransomware attack as this doesn’t guarantee your data will be restored.”