Surviving the cyberthreat landscape
When it comes to cybersecurity, resolutions alone will not keep us safe. We know that digital transformation is accelerating. Businesses need a cybersecurity survival guide to help them manage the change without leaving themselves open to threats
Most of us now operate in multicloud environments, with remote work emerging as a given. This expands the attack surface. With no one expecting a let up in cyberattacks in 2022, businesses need a cybersecurity survival guide to meet the challenges posed by today’s threat actors amid a surge in digital transformation.
Protect privileged identities
We must stop attackers exploiting inadequate controls to hijack accounts and move laterally within our environments. We must enforce unique credentials and rotate passwords frequently. We must be vigilant of dormant VPN accounts, implementing alerts to flag their use.
In addition, we can implement justin-time issuance of credentials for third parties such as contractors or consultants. And we can zero in on session activity that involves privileged identities, while also implementing multifactor authentication and embedding passwords in any non-human component that requires access.
Secure remote access
Traffic should be encrypted, and connections brokered through a single access pathway. And every remote connection should be outbound to reduce the options for login and segregate remote access from internet-based threats. We should enforce network zoning to account for cloud environments and again implement least-privilege controls and just-in-time provisioning. And robust bring your own device (or BYOD) management can keep devices secure if we shift from mobile device management to enterprise mobility management.
Apply endpoint privilege management
As modern attacks tend to involve more lateral movement than in days gone by, we should restrict software and system privileges to a minimum. Again, we must use least privilege across the environment. We should also assign specific Unix and Linux commands that IT administrators can execute without using sudo or root.
Apply hardening and vulnerability management
Hardening the IT environment means removing unnecessary software, applications and privileges, closing unused ports and routinely patching endpoints. Part of the hardening process is the protection of basic input/output system (or BIOS) by ensuring passwords are strong and unique.
Prevent endpoint tampering
Thefts happen. But if a device is stolen, you can’t afford to assume that a threat actor is not involved. To ensure that sensitive data can’t be easily accessed, implement disk encryption. Also, use embedded hard disks like solid-state drives (or SSDs). Additionally, you can also procure devices that use proprietary screws, which ensures thieves cannot readily take them apart.
Secure and empower your service desk
Sessions should use strong encryption, and security teams should ensure that support tools work through firewalls without virtual private network (or VPN) tunneling (which can compromise perimeter security). Support customers must be segmented via singletenant environments, so data is never co-mingled.
Perform remote worker penetration testing
This is a challenge and may involve jurisdictional friction. An employee will likely consider their home environment off limits, so pen-test teams need to tread carefully. But other probes that do not require direct access to private or thirdparty assets can still run, such as evaluation of employees’ reactions to phishing, vishing or smishing attacks, or the vulnerability testing of company-owned hardware that is being used remotely.
Forewarned is forearmed
There are strong indicators of lucrative business opportunities ahead across all industries in the region, but only if we innovate. As that requires digital transformation, this cybersecurity survival guide will help enterprises manage the change without leaving themselves open to costly lessons.