Nation-state attacks are hard to spot. It’s time for a new approach to threat detection
Tag Archive for: Approach
Going Back to Basics to Fix Our Broken Approach to Cybersecurity
Cybersecurity has garnered plenty of mainstream attention lately—but for all the wrong reasons. The past year has been marked by a seemingly unending stream of major companies and organizations coming forward to admit they were the victim of a data breach or malware attack. When cybersecurity measures are working well, the end users are never even aware of them. So when ransomware suddenly becomes a household term, you know something is seriously broken with our approach to cybersecurity.
The extent of the problem is borne out in the statistics. The total number of companies that suffered data breaches in 2020 was 1,108, a high that was already exceeded by the end of September, when the total rose to 1,529 (a 17-percent increase)—and the year isn’t even over! Supply chain attacks are also on the rise, but are often a woefully overlooked attack vector in an organization’s security stack. A recent survey revealed that 83 percent of organizations suffered an operational technology breach during the previous three years.
The uptick in major breaches and ransomware incidents has already affected spending priorities, prompting 91 percent of organizations to increase their security budget in 2021. While this is a positive development overall, it underscores the futility of simply throwing more money at a broken system. If a fundamental change isn’t made to their existing security stack, these companies will continue to fall victim to the same threats they always have. It’s a cat-and-mouse game that they will always lose.
So that’s the bad news. The good news is that by augmenting our cybersecurity focus on a fundamental feature of internet architecture, we can start protecting ourselves in a proactive manner. Organizations often view cybersecurity as a wall around their organization’s network, keeping all of the nasty bits of the internet at bay while their critical data stays safely protected within. Unfortunately, in the modern landscape, a determined threat actor will eventually find a way to bypass their target’s defenses—whether by taking advantage of an unpatched exploit, successfully carrying out a phishing scam, or exploiting a…
Taking a unified approach to delivering WiFi connectivity and security
Nowadays, teleworking or following a hybrid work model has become commonplace. The question we need to ask ourselves is, is our remote connection secure? The National Security Agency (NSA) in the United States has published a best practices info sheet for government workers and contractors working in areas related to national security and defense. The info sheet supplies advice on how to avoid cyber attacks due to a compromised or unsecured wireless connection.
The dangerous weakness of public WiFi
Public networks are always the weakest link in the chain and hackers know this. Hacking into a WiFi connection is very simple and doing so can give cyber criminals access, in the worst-case scenario, to corporate servers where they can inject malware. Moreover, a wireless connection breach is very expensive: TJ Maxx quantified the cost for a corporation of a single security breach at $1 billion.
Given the sensitive nature of the information handled by the NSA, the NSA provides a list of do’s and don’ts to follow for remote connections:
- First, avoid, if possible, connecting to an unreliable WiFi network and, failing that, use a corporate access hotspot with a strong encrypted connection. But if there is no alternative, protect the connection as outlined below.
- Use a trusted VPN connection that encrypts data transmission. The agency points out that public WiFi connections are not usually encrypted and, in some cases, do not even require an access password. Some hackers create malicious wireless networks as bait, which emulate existing ones and use them to access the connected device.
- The NSA also recommends only connecting to websites that use the HTTPS protocol.
- Finally, the agency recommends disabling Bluetooth in public places as there are too many risks involved.
In addition to the complexity of achieving a secure remote connection, there is the challenge of using many security solution providers, which is a huge obstacle to effective security service management. Currently, 96% of MSPs surveyed by Pulse and WatchGuard are consolidating vendors to IT products and services or planning to start the process in 2021/2022 to help this situation.
New WiFi 6 access points now in…
A remedial approach to destructive IoT hacks
As of this year, there are more than 10 billion active IoT devices all over the world, many of which are deployed in enterprises.
Keeping those devices secure is of the utmost importance, lest they be a way in for attackers, so it’s imperative that organizations institute IoT security practices that remediate vulnerabilities and better protect the network – by identifying and securing every “thing”. The main challenge lies in the fact that most companies aren’t aware of the spread of devices connected to its network.
Find and fix every “thing”
Executives often greatly underestimate how much of their network is made up of IoT devices––putting the number at about 1 percent. However, it’s typically 20 percent or higher. In fact, IBM X-Force recently estimated that devices make up 43 percent of the access points on the average organization’s network.
One reason for this discrepancy is that devices are often being deployed without IT department knowledge or approval, as they are often owned and managed by other teams (e.g., facilities management or physical security teams).
It’s critical for companies to get a handle on device inventory now. Device discovery and inventory are the first step in basic security hygiene – but is often harder than expected. Many discovery solutions provide little more information than MAC and IP addresses or use signals that knock over existing devices.
What’s needed is enriched data that allows for security teams to act. With greater awareness and complete visibility into every connected device, organizations can create a full inventory of IoT devices with all the information required to maintain them.
According to a recent Positive Technologies report, 15% of IoT devices owners continue to use default passwords. This report also found that just five sets of usernames and passwords gave them access to a great number of IoT devices, including IP cameras, routers, DVRs, and smart washing machines. Default passwords allow attackers to take over IoT devices as easy access points into the network. From there, they can use these credentials to move laterally, escalate privileges and eventually gain access to an…