gnIn Part 1 of this blog series, we discussed the unprecedented amount of money being allocated to cybersecurity in the coming year and beyond, as well as how money, without a core foundational strategy, could be simply money that is tossed to the wind. In Part 2, we will look at the remaining three of the five core principles that can make a meaningful difference concerning the your enterprise cybersecurity and users.
In the early days of naval warfare, ships were quite vulnerable to sinking. Once a single hole was breached in the underside of the hull the ship would become waterlogged and sink. Today, the hull of a ship is segmented into many mini-compartments, limiting the damage of a hull breach so the ship can stay afloat and get to the nearest port.
Cybersecurity specialists are today utilizing this same strategy to protect their enterprises from cyber threats. This is because hackers attack the weakest point of a company’s network in order to implement an attack. An example of this was the Target breach in which hackers infiltrated the network through the HVAC system before laterally moving to the payment network system. Cybercriminals utilize the same concept in using social engineering attacks upon ordinary users. Once malware infiltrates the user’s device, it then searches for high value data like a worm. Some advanced ransomware attacks even implement search and destroy missions on the company’s backups to prevent data recovery from the attack. By dividing the large enterprise environment into smaller parts, admins and security monitoring systems can better manage, protect and contain the damage from an attack due to a single compromised device. While many organizations utilize VLANs today to segment different departments, users and devices, the practice of micro-segmentation goes far beyond IP segmentation.
Micro-segmentation refers to the definition and enforcement of security policies on each individual workload in the environment. A micro-segmented network limits the connections a workload has to other workloads in order to promote a zero-trust architectural model. This is critical in the modern enterprises today in which east-west traffic is as prominent in the datacenter as north south. The goal is to restrict the maneuverability of hackers and malware by limiting the avenues they can traverse. It does so by enabling fine-grained security policies and assigning them directly to applications all the way down to the workload level. Many companies are using VMware NSX to combine the operational agility of network virtualization with the enterprise cybersecurity of micro-segmentation.
4. Multi-factor Authentication
If everyone implemented multi-factor authentication, the digital world would be a lot more secure. Usernames and passwords are a hot commodity for hackers and cybercriminals. The number of logon credentials that can be confiscated in a single attack is mind-boggling. The Yahoo breach of 2013 resulted in 3 billion accounts being compromised. The motivation for the perpetrators was not to steal yahoo accounts per se. The driving incentive is that users tend to use the same credentials for all of their online accounts including banks and financial services. Thus, credentials stolen from one company can be used to access accounts at other sites. An attack the size of Yahoo can have ramifications for years. Experienced hackers are very patient individuals. In 2012, a breach at Linkedin resulted in the compromise of 117 million accounts. Four years later, the perpetrators posted a batch of 6.5 million from the former breach for sale on the dark web. Besides breaches, nearly every email network is under siege by credential stuffing attacks in which a hacker utilizes large bot nets to issue logon attempts on a 24/7 basis.
All of this can be alleviated by multi-factor authentication. Should a hacker obtain the logon credentials of a user by whatever method, only one factor would be compromised. A series of unannounced second factor authentication prompts would give a user or the organization a heads up that the account has been compromised.
In this case, we saved the best for last. A Microsoft Security Intelligence Report from 2013 showed that 24 Percent of PCs are Unprotected. Sadly, it has not gotten much better. Companies could have stopped the WannaCry and NotPetya outbreaks this past year by simply installing a patch released by Microsoft months earlier. In fact, a study done by England's National Health Service, which was crippled by the WannaCry attack showed that basic IT could have prevented the outbreak. Once vulnerabilities are discovered, everyone is aware of them, including hackers. Unfortunately, according to report posted in a 2015 article in Infosecurity Magazine, most companies take an average of 100 to 120 days to install patches once they are released. This is a wide window of vulnerability that cybercriminals can take advantage of. Proper patching includes the following: BIOS, device drivers, device BIOS, operating system, middleware, application patches, and third-party software. Patching only some of these means of course that you are only partially secured.
Next Steps: Sign up for a security and threat prevention assessment to see if your enterprise cybersecurity efforts are strong enough to hold off an attack.