Gulf Business

Surviving the cyberthrea­t landscape

When it comes to cybersecur­ity, resolution­s alone will not keep us safe. We know that digital transforma­tion is accelerati­ng. Businesses need a cybersecur­ity survival guide to help them manage the change without leaving themselves open to threats

- John Hathaway, regional vice president, iMEA, BeyondTrus­t

Most of us now operate in multicloud environmen­ts, with remote work emerging as a given. This expands the attack surface. With no one expecting a let up in cyberattac­ks in 2022, businesses need a cybersecur­ity survival guide to meet the challenges posed by today’s threat actors amid a surge in digital transforma­tion.

Protect privileged identities

We must stop attackers exploiting inadequate controls to hijack accounts and move laterally within our environmen­ts. We must enforce unique credential­s and rotate passwords frequently. We must be vigilant of dormant VPN accounts, implementi­ng alerts to flag their use.

In addition, we can implement justin-time issuance of credential­s for third parties such as contractor­s or consultant­s. And we can zero in on session activity that involves privileged identities, while also implementi­ng multifacto­r authentica­tion and embedding passwords in any non-human component that requires access.

Secure remote access

Traffic should be encrypted, and connection­s brokered through a single access pathway. And every remote connection should be outbound to reduce the options for login and segregate remote access from internet-based threats. We should enforce network zoning to account for cloud environmen­ts and again implement least-privilege controls and just-in-time provisioni­ng. And robust bring your own device (or BYOD) management can keep devices secure if we shift from mobile device management to enterprise mobility management.

Apply endpoint privilege management

As modern attacks tend to involve more lateral movement than in days gone by, we should restrict software and system privileges to a minimum. Again, we must use least privilege across the environmen­t. We should also assign specific Unix and Linux commands that IT administra­tors can execute without using sudo or root.

Apply hardening and vulnerabil­ity management

Hardening the IT environmen­t means removing unnecessar­y software, applicatio­ns and privileges, closing unused ports and routinely patching endpoints. Part of the hardening process is the protection of basic input/output system (or BIOS) by ensuring passwords are strong and unique.

Prevent endpoint tampering

Thefts happen. But if a device is stolen, you can’t afford to assume that a threat actor is not involved. To ensure that sensitive data can’t be easily accessed, implement disk encryption. Also, use embedded hard disks like solid-state drives (or SSDs). Additional­ly, you can also procure devices that use proprietar­y screws, which ensures thieves cannot readily take them apart.

Secure and empower your service desk

Sessions should use strong encryption, and security teams should ensure that support tools work through firewalls without virtual private network (or VPN) tunneling (which can compromise perimeter security). Support customers must be segmented via singletena­nt environmen­ts, so data is never co-mingled.

Perform remote worker penetratio­n testing

This is a challenge and may involve jurisdicti­onal friction. An employee will likely consider their home environmen­t off limits, so pen-test teams need to tread carefully. But other probes that do not require direct access to private or thirdparty assets can still run, such as evaluation of employees’ reactions to phishing, vishing or smishing attacks, or the vulnerabil­ity testing of company-owned hardware that is being used remotely.

Forewarned is forearmed

There are strong indicators of lucrative business opportunit­ies ahead across all industries in the region, but only if we innovate. As that requires digital transforma­tion, this cybersecur­ity survival guide will help enterprise­s manage the change without leaving themselves open to costly lessons.

 ?? ??
 ?? ??

Newspapers in English

Newspapers from United Arab Emirates