Alain Penel, Regional Vice President – Middle East, Fortinet, outlines the various approaches to cybersecurity, which includes the three crucial aspects – people, processes and technology.
Cybercrime is an ever-present threat facing organisations of all sizes. In order to safeguard themselves against a successful data breach, IT teams must stay a step ahead of cybercriminals by defending against a barrage of increasingly-sophisticated attacks at high volumes.
In Q3 of 2018 alone, FortiGuard Labs detected 1,114 exploits per firm, each representing an opportunity for a cybercriminal to infiltrate a network and exfiltrate or compromise valuable data.
What complicates this challenge further is that the strategies and attack vectors that cybercriminals rely on are always evolving. It’s the classic problem of security teams having to cover every contingency, while cybercriminals only need to slip past defences once. Because of this, IT teams must continuously update their defences based on current threat trends. Today, IoT, mobile malware, cryptojacking and botnets are top focuses for cybercriminals, but they may have moved on to new threats by Q4.
With this in mind, IT security teams have a lot of ground to cover. Unfortunately, there is no silver bullet to guarantee effective security posture, nor a single defensive mechanism that can ensure security across modern distributed networks. In order to defend against today’s threats, IT teams must take a layered approach to their cybersecurity.
A layered approach to cybersecurity
Many think of a layered approach to cybersecurity in terms of technology and tools. This means having various security controls in place to protect separate entryways. For example, deploying a web application firewall, endpoint protections and secure email gateways, rather than relying only on traditional perimeter defences. While these solutions are all part of a layered security approach, it actually goes well beyond deploying layers of different security tools. For cybersecurity to be effective, organisations must also consider how they leverage people and processes.
When combined into a single, integrated framework, an overlapping strategy based on security tools, people and processes will yield the most effective defences.
Security tactics for people, processes and technology
As IT teams seek to create a layered security environment, there are several tactics they should consider:
Employees can create some of the greatest risks to cybersecurity. However, when they are well informed they can also be an asset and a first line of defence. Oftentimes, cybercriminals will specifically target employees as an attack vector based on their lack of knowledge for security best practices.
For example, cybercriminals might target employees with phishing emails designed to get them to click on a malicious link or divulge credentials. With this in mind, it’s imperative that organisations conduct regular training sessions throughout the year to keep employees aware of potential scams and the ways they can make their organisation vulnerable.
Training programmes like these will create a strong culture of cybersecurity that can go a long way toward minimising threats.
A few of the cyberhygiene points IT teams will want to inform employees of include:
- Creating strong passwords that are unique to each account and not reused, ensuring personal and work passwords are separate
- Not opening or clicking links in suspicious emails or those from unfamiliar senders
- Ensuring applications and operating systems are updated regularly as soon as patches are released and not installing any unknown outside software, as they can open security vulnerabilities in the network
- Immediately reporting any unusual behaviour or something strange happening on their computers
Another way IT teams can improve cybersecurity at the employee level is with access management policies such as the principle of least privilege, which provides a person with access to data only if it is necessary to do their job – thereby reducing the exposure and consequences of a breach.
This layer of cybersecurity ensures that IT teams have strategies in place to proactively prevent and to respond quickly and effectively in the event of a cybersecurity incident.
First, IT security teams should have a cyberincident response plan in place. A good incident response plan will provide an organisation with repeatable procedures and an operational approach to addressing cybersecurity incidents to recover business processes as quickly and efficiently as possible. In addition, ensuring proper backups are in place and regularly testing these backups is imperative to minimising downtime and increasing the chances of data recovery from a cyberevent.
Next is the collection and analysis of threat research. Every security strategy and tool must be informed by current threat intelligence in order to effectively detect and respond to threats. For example, threat research might reveal that cybercriminals have been carrying out attacks through a specific vulnerability or targeting endpoints with a specific malware.
Armed with this information, IT teams can then take proactive measures by making any necessary system updates, and increasing monitoring to detect behaviour indicative of one of these attacks. It is also important that IT teams consult both local and global threat data for the most comprehensive understanding of the threat landscape.
Another important process on the road to effective cybersecurity is the prioritisation of assets. While IT teams remain strained due to the cybersecurity skills gap, networks have become increasingly sophisticated, making it impossible to manually monitor each area of the network at all times. Therefore, IT teams must know where all their assets are and prioritise these assets based on which are most business critical and would have the greatest impact on the business if breached.
From there, security teams can develop policies and deploy strategies to keep this data more secure and minimise consequences. This might mean using network segmentation to add an extra level of security or creating access control policies based on who needs access to this specific sets of data.
As discussed previously, there are a host of technologies that security teams can implement in order to layer their defences. That being said, it’s important that IT teams do not implement isolated point solutions as they layer their defences, but rather, select those tools based on their ability to be integrated and automated to create a Security Fabric that can facilitate the rapid detection and mitigation of threats.
Another tactic IT teams should leverage is deception technology. Network complexity is an Achilles heel for adversaries. Deception technologies level the playing field by automating the creation of dynamic decoys that are dispersed throughout the IT environment, making it harder for the adversary to determine which assets are fake and which are real.
When an adversary can’t make this distinction, cybercriminals are forced to waste time on fake assets and exercise caution as they look for tripwires embedded in these fake environments. This may require them to alter their tactics, thereby increasing their chances of being detected by security teams.
Finally, IT teams should leverage segmentation. Adversaries target networks to gain access to and exploit organisations’ business-critical data, whether that is their customer and personnel information, intellectual property, financial records, etc. Segmenting corporate networks enables IT teams to separate their applications and sensitive data into different segments of sub-networks with varying degrees of security. This allows for greater access control on critical systems, thereby limiting exposure if there is a breach.
Modern network security requires a layered defence approach that factors in people, processes and technology. Together, such tactics – including creating a strong culture of security, conducting threat research, prioritising assets and deploying modern network controls – will enhance visibility and shorten threat response times, resulting in minimising the impact of cyberattacks.