Since there’s no more perimeter, how do you defend an enterprise? You pick what represents the biggest risk and defend from those angles. In a holistic approach, you’re considering everything from CEO buy-in to employee training to endpoint detection to network traffic monitoring. Here is our rundown of the most important corners to look around when building out your overall security strategy.
1. Know where you’re starting from. The threat landscape is changing. Ransomware has turned to RansomOps and Ransomware as a Service (RaaS), giving us new and emerging threats to defend against that many old security tools can’t match. You need to be able to not only catch bad actors at the endpoint, but at the earliest signs of ingress by spotting Indicators of Behavior (IOBs), or anomalous activity, and you need to be able to do it on-premises, in the cloud and within hybrid environments. Plus, nobody has to tell you that in the post-Covid world you have to now secure the entire remote workforce, across any company-issued or BYOD device. It’s a lot, but that’s why overall awareness of the current threat climate is so key to establishing a resilient security approach. Do a scan of your environment and understand your attack surface with Cisco Cyber Asset Attack Surface Management.
2. Cover the basics of cyber hygiene. It is estimated that 93% of breaches come from human error. These result from being sloppy on the basics – falling prey to phishing schemes, not having secure access policies, not taking advantage of MFA or token-based access, and a lack of employee training on what to look for. Basic security controls are changing with the rapid adaptation of remote and hybrid work. In addition to basic firewall and antivirus controls, it is crucial to cover connection, identity, email, and user-training. You can start here and remedy more signs of ingress than you think. Don’t worry about the fancy bathroom alarm system your neighbor is installing when your windows and doors are unlocked. Take care of these basics and then assess what risks you have left on your way to full cybersecurity maturity. Tools like Duo, OneLogin and CloudLock provide a variety of authentication methods (like Push, tokenization, Universal 2nd Factor (U2F) and one-time passcodes (OTPs), automatic enrollment options for larger corporations, and the ability to roll out (and update) at scale.
3. Train your people. Again, this is part and parcel of what we said before. People need to know the signs of malicious activity, from a “You Won!” email from yaho0.com, to not holding the door for mysterious employees who don’t want to badge in, to not downloading apps on the company network without the thumbs up from IT. All of these can introduce foolish risks at a time when the high amount of security alerts teams have to deal with is bad enough – according to one source, nearly half of security practitioners are seeing a 3x increase in alerts this year, with many turning up as false positives. A tool like KnowBe4 can simulate phishing attacks for end users (your employees) or give them further security awareness training so they fall into easy traps. And don’t worry about teaching them to be proactive and arming them with knowledge – these are all things hackers already know, so giving the rest of your team additional information just makes them a better defense.
4. Defend against Shadow IT. This one deserves a mention of its own. Because of the extremely high amount of remote workers, geographically diverse companies and the desire to keep employees by catering to their working needs, we see a high amount of Bring-You-Own-Devices (BYODs) as interns use their college laptops to access the company network, salespeople use their phones to access Salesforce (be careful!) and people log in using their home Wi-Fi in some cases (not every company, surprisingly, uses a VPN). And then there is the rush to use new, time-saving applications we see when browsing for a new CRM or ways to manage our contracted employees. Downloading the latest HR software or Dev tool is understandable for growing companies that want to stay efficient as they grow forward, but a too-happy trigger finger for new applications could create a host of unseen, unaccounted for and vulnerable Shadow IT and traffic for you security teams to be surprised with later. Using a tool like Cisco Umbrella provides award-winning detection at the DNS layer, providing visibility across all ports and devices to spot and stop attacks sooner, and giving you ShadowIT coverage in the cloud.
5. Utilize the latest tech. You’ll need to. RansomOps and Advanced Persistent Threats (APTs) aren’t slowing down, or pulling any punches for vulnerable old systems. If anything, they’re exploiting the low-hanging fruit first, so make sure you’re using next-gen as opposed to legacy solutions wherever possible. If you get hit with ransomware, you’ll be paying the amount you could have invested in new technology on a ransom payment anyway. Artificial Intelligence (AI) across your ecosystem, automation and machine learning (especially in the cloud) can do wonders for securing your native environment against new and unseen outside attacks. Find a solution that maps against the MITRE ATT&CK framework, and force-multiply your current security teams with solutions built for today’s threats, not yesterday’s. Given the current cyber skills shortage, the number of bot-based attacks and the amount of RaaS gangs that are out there, you’ll need automated, next-gen solutions to just keep pace. By utilizing SOC and Port53’s XDR, you can leverage automation and actively predict breaches while eliminating the human element and quickening your response to critical threats.
As you can see, creating a holistic cybersecurity strategy is no longer an “IT” or “security” problem – it’s everyone’s problem. As the digital transformation makes “every company a software company,” people who once found themselves nowhere near sensitive information now find themselves a hunted end-user. Teach your employees to spot the signs. Gain buy-in from the CISO for next-gen tools and security awareness training. Develop policies around Shadow IT and understand that the basics really can defend against a high number of attacks – hackers don’t work harder than they need to, and if they’ll find an easy door, they’ll take it. Taking in major threat vectors at the outset will guide your solutions decisions as you move towards a resilient, holistic security approach.