In the ever-evolving landscape of cybersecurity, it’s evident that we’re no longer facing the hackers of yesteryears, but a formidable breed of modern adversaries.
By Armand Kruger, head of cyber security at NEC XON
As the head of cyber security at NEC XON, I’ve witnessed the transformation from hooded hackers to a sophisticated dark economy that poses unprecedented threats and is run like a business. The question isn’t whether you have security measures in place, but rather where your vulnerabilities lie.
Today’s adversaries demand a disruptive and ruthless response, or businesses risk severe consequences. A recent incident involving the South African Department of Defense serves as a chilling reminder, where a ransomware group publicly flaunted stolen data as proof of their capability. When signs of a threat actor emerge, defenders must act decisively.
To counter these threats effectively, organisations need to adopt a multi-faceted approach. Here are six high-level steps (based on my daily experience as a cybersecurity leader helping large organisations) to bolster your cyber defenses:
* Create Risk-Based Cyber Security Awareness: In an era of advanced security solutions, adversaries seek the path of least resistance. Unfortunately, that often leads them to exploit the human factor. The weakest link and biggest attack vector in your defense chain is your workforce. Different departments require varying levels of training due to their interactions with potentially untrusted external parties. Finance, procurement, sales, legal, logistics, PR, and marketing teams are all susceptible to social engineering. IT personnel, holding elevated privileges over critical business systems, demand even more intensive training.
* Reduce Perimeters: Threat actors are adept at pinpointing weak entry points. By reducing your perimeter and minimising internet-facing systems, you inherently limit their attack surface. Regular hygiene controls and stringent measures can make infiltration costly and complex. Defenders regain control by focusing on making it exceedingly difficult for adversaries to breach their defenses. The age-old concept of massive walls and gates in cybersecurity still holds value, but modern adversaries seek to steal the remote rather than breach the gates – it’s much easier to get in that way.
* Extend Multi-Factor Authentication Across Your Estate: Multi-factor authentication (MFA) is an indispensable tool that must be extended to all applications, regardless of their location (cloud or on-premise). This strategy thwarts cyber attacks even after unauthorised access is obtained. MFA not only restricts movement within your IT estate but also enhances the ability to detect intrusions. Suspicious activity can be flagged early, offering defenders an upper hand.
* Use Endpoint Detection and Response (EDR): The age of sophisticated administration by modern adversaries demands a shift from traditional malware-focused detection to anomaly and behaviour-based approaches. EDR solutions detect anomalies in asset behaviour and alert cybersecurity teams promptly. Adversaries often mimic legitimate user actions, rendering standard detection measures inadequate. Behaviour-based detection detects abnormalities beyond malicious software, expediting response times.
* Implement a Multi-Faceted Privileged Access Strategy: Privilege-based access limits the blast radius in case of a breach. By closely monitoring and sealing unauthorised pathways, you confine them to a controlled environment. Role-based access significantly hampers their movement, as each identity is restricted to systems relevant to their function. Even if an adversary gains access, their ability to navigate and cause damage is severely restricted.
* Deploy a Defense-in-Depth Architecture: A robust defense-in-depth architecture establishes a symbiotic relationship between prevention, detection, and response. An attacker bypassing a specific prevention measure doesn’t equate to successful compromise. Effective detection and swift response can mitigate the impact. This approach also reduces the blast radius of an attack and limits communication between the threat actor and compromised machines.
In summary, cybersecurity is fundamentally about risk management. As demonstrated by a recent incident involving Uber, overlooking even a single aspect, such as internal multi-factor authentication, can result in severe consequences.
The dynamic nature of threats necessitates continuous strategy refinement. While building a robust perimeter is crucial, understanding the modern adversary is equally vital. Their goal is not to breach your defenses, but to silently steal the keys to your kingdom.
Incorporating these strategies fortifies your defenses by narrowing attack vectors, bolstering employee awareness, and establishing responsive measures. In the world of cybersecurity, it’s not a matter of if but when an attack will occur. The key lies in being prepared and resilient in the face of adversity.