Cybersecurity has increased dramatically since the beginning of the COVID-19 outbreak. According to the cloud computing company lomart, large scale data breaches have increased 273% in the first quarter of 2020 compared to the same period in 2019. Similarly, VMware found that ransomware was up 90% in 2020. The most recent example of this was the new SolarWinds data breach that infected approximately 18,000 of their customers who unknowingly downloaded the infected “software update”.
Cybersecurity leaders now more than ever need to stay on top of new cybersecurity trends and have a solid understanding of their unique threat landscape. On average, a new cyberattack happens every 39 seconds, so it’s not a matter of if your company will be targeted, just a matter of when and how. To help you get a better understanding of what cybersecurity issues are most important to CISOs, rThreat reached out to 5 cybersecurity experts and got their insight on what CISOs need to be aware of in 2021 to ensure their companies are properly protected.
1. Closely evaluate changes in your IT programs:
“2020 was a year full of surprises, firsts, and blindsides for many organizations. When evaluating security programs for maturity opportunities, CISOs and security teams should assess how any changes, no matter how subtle, have potentially introduced risk to the environment. For example, work from home users and potentially new risky behaviors, BYOD, and shadow IT are all situations that could increase risk, while simultaneously reducing the amount of control security teams have.”
Many companies were forced to move to a work from home model without having time to properly examine the potential risks. This change was unavoidable, but it’s important when changes like this happen to do your due diligence in finding the best way to implement these changes. Some of the most important things a CISO can do is educate your employees on internet safety, enforcing regular patching of machines before joining the corporate network, and implementing 2FA. For a full guide on securing remote workers see this article.
2.Implement asset and identity management:
Don Cox from CIBR Warriors:
“Asset and identity management are going to be the keys to detecting unauthorized access or use. If not already exploring, CISOs need to implement UEBA (User/Entity Behavior Analytics). There are many MSSP partners that can help. A second set of eyes watching your environment isn’t a bad thing.”
UEBA provides a lot of advantages over traditional rule-based detection, it gathers information based on user’s everyday activity and can detect abnormal behavior that would indicate a compromised account. For smaller companies it’s important to invest in technologies like this to secure your environment. If you don’t have the required expertise in house, you can always use a managed security service provider (MSSP) to implement UEBA and monitor your network for you.
3. Watch for advanced threats infiltrated through trusted mediums:
Justin Smith from Black Root Labs:
“Advanced threats infiltrated through trusted mediums are one of the ugliest blimps on my radar. They are particularly concerning for CISOs as the investments rendered in security awareness and controls do close to no good at stopping them. One of the only mechanisms to reduce the risk of these threats infiltrated through trusted mediums is intelligence and a well-versed team capable of quickly mobilizing to reduce, deter, and eradicate once identified.”
This recommendation alludes to two important aspects of security: threat hunting and incident response. Threat hunting is the practice of finding hackers that have gotten past your security controls and onto your network. Incident response refers to your ability to respond once this has been detected. As a CISO it’s important to build out both of these capabilities within your team. Also, you need to routinely perform threat hunting activities to detect any advanced threats on your network. Lastly, incident response simulations should be done regularly to ensure you can effectively respond in the event of a security incident.
4. Best practices when transitioning remote workers back to offices:
“The moment companies start reopening their offices, and you have tens of thousands of employees returning to work with infected computers and laptops. These devices have been sitting dormant at home, with people watching all sorts of different videos and going to different websites and getting themselves infected. Malware is just sitting there waiting for a network connection. That is a valid threat and I suggest any CISO or security director sit down and analyze how your organization is going to deal with that.”
This recommendation illustrates two important points. Firstly, employee use of your equipment is one of the biggest threat vectors a company has, therefore it’s important to train employees on how to avoid malware infected sites, links, and emails. Additionally, in the event that they don’t follow these rules you should have a service that blocks access to sites that clearly have no legitimate business purpose, such as adult sites. Secondly, it’s important that your company have controls in place to scan devices prior to connecting to the network and only allow devices that pass that scan to connect to the network.
5. Implement more preventative controls:
Stacey Cameron from QoS Consulting Solutions:
“In 2021 let’s be even more proactive within our security landscape than ever before. For many organizations, 2020 tested our cybersecurity protections with the need to operate, in some cases, 100% virtually for an extended period of time. It’s time to review existing cyber security controls and incorporate more preventative controls to mitigate the impact on data and systems in the event of a breach. Cyber attacks are continuing to evolve and it’s not necessarily a question of “if” there will be a breach attempt, but “when” will the attempt occur. We need to prevent when we can and minimize the impact if a breach or event data exfiltration attempts are successful.”
At some point every company that operates online will face a cyber attack, and it’s important that companies are prepared for that reality. The best way to ensure that you are prepared for a cyber attack is through testing. As a CISO you need to regularly test your controls against the attacks they are expected to defend against to ensure that you have reliable protection. For this purpose, rThreat provides breach and attack emulation technology that allows you to test your company’s ability to defend against the latest cyber attacks and your ability to respond effectively in the event of a data breach. Request a demo today to learn more about how rThreat can help increase your company’s cyber resiliency. To learn more about rThreat’s mission, check out our interview on Safety Detectives.
Do you want to learn more about cybersecurity? Please subscribe to our newsletter.