Fatihah Ramzi, DigitalCFO Asia | 10 November 2022
Businesses are in an ongoing race with cybercriminals and many are finding it difficult to keep up.
Nation-state organizations and cybercriminal gangs, whose operational components increasingly mimic those of for-profit businesses, are part of the present danger scenario. The existing danger scenario is likely to persist into the near future, if not forevermore, thanks to professional hackers, syndicates, businesses, and nation-states.
“Lapsus$” is one such organization that demonstrated the extent of the harm a very inexperienced attacker can cause by purchasing stolen credentials and indiscriminately spamming MFA prompts. Even actors at the level of wealthy nation-states frequently use freely accessible open-source and commercial tools as part of their operations. After all, why create anything from scratch when an established tool already exists, plus there’s the added benefit of avoiding detection by using the same tools and procedures as standard cybercrime syndicates.
“Lapsus$” has the potential to do serious harm to large companies such as Samsung, Microsoft and even government bodies. The amount of money that cybercrime syndicates routinely extort from their victims has significantly increased over the past few years.
As a result, every organization that is simple to break into becomes the target of attacks from new syndicates and persons with hacking skills. Particularly in regions of the world where criminal penalties are unlikely to be applied, the incentives (of hacking) are simply too compelling.
Therefore, these are some of the key elements that businesses will want if they wish to keep ahead of such well-organized cybercrimes:
1. Securing Network Access
All the measures taken to safeguard a computer network’s integrity and the data on it are collectively referred to as network security. Network security is crucial because it protects sensitive data from online threats and guarantees the network’s dependability. Multiple security measures are used in successful network security plans to shield users and companies from malware and online threats like distributed denial of service.
Network security is important because it keeps hackers from accessing sensitive data and valuable data. When hackers gain access to this data, they may cause a number of issues, such as asset theft, identity theft, and reputational damage.
- Access control. This approach restricts a certain set of users and devices’ access to network systems and apps. These solutions prevent unauthorized people and devices from accessing the network.
- Data loss prevention (DLP). To identify and stop data breaches, these tools keep an eye on data when it is in use, in motion, and at rest. DLP frequently categorizes the most crucial and vulnerable data and instructs staff on best methods for protecting that data. One such recommended approach is to avoid including sensitive items as attachments in emails.
- Firewall. To stop unwanted network access, software or firmware will examine every incoming and outgoing traffic. One of the most popular security tools is the firewall. They are spread out around the network in various locations. With integrated deep packet inspection, next-generation firewalls provide improved security against application-layer attacks and sophisticated malware protection.
2. Plugging Internal Threats
Any person within an organization who has access to sensitive information and IT systems that could harm the company is considered an insider threat. Policies, processes, and technology that help prevent privileged misuse or lessen the harm it can do can be used to mitigate insider risks. Companies may reduce the likelihood of their sensitive data being compromised by using these insider threat prevention practices:
- Carry out an overall risk analysis for the company. Know your most important assets, their weaknesses, and the potential threats to them. Include all of the hazards brought on by insider threats. Then, in accordance with the risk priority, focus on the key risks and continuously improve your IT security infrastructure.
- Policies and controls should be well-documented and regularly followed. Each piece of security software, including appliances, needs its own administrative policy and configuration documentation. Create policies concerning practically every employee interaction with the IT environment by working diligently with HR.
- All endpoints, including mobile ones, are under the supervision and control of remote access. Install and correctly install mobile data interception equipment as well as wireless intrusion detection and prevention systems. Regularly assess if employees still need a mobile device or remote access. Make sure that all remote access is turned off when a worker departs the company.
3. Vulnerability Management
The continual, routine process of discovering, analyzing, reporting on, managing, and resolving cyber vulnerabilities across endpoints, workflows, and systems is known as vulnerability management. A security team often uses a vulnerability management technology to find vulnerabilities and then applies various patching or remediation procedures to close them.
A vulnerability manager’s main duty is to control exposure to known vulnerabilities. A high-quality vulnerability tool or toolset can significantly increase the adoption and overall success of a vulnerability management program, even though vulnerability management entails more than just running a scanning tool.
The market is flooded with alternatives and fixes, all of which tout superior attributes. Keep the following in consideration while considering a vulnerability management solution:
- The effect on an endpoint’s performance is crucial. Vendors who offer vulnerability scanning say more often now that their products are agent-based. Unfortunately, because most of these agents are so large, their performance has a negative influence on endpoints. In order to minimize any impact on productivity, seek for an agent-based solution with a lightweight agent—one that takes up very little space on an endpoint.
- Visibility that is complete and in real-time is essential. What is vulnerable ought to be immediately obvious to you. Legacy vulnerability tools can make it difficult to see vulnerabilities; for example, network scans taking a long time and producing stale findings and large reports offering little assistance in addressing issues quickly. Businesses can take quick action to close potentially harmful vulnerabilities in their organization’s security with the use of a single interactive dashboard that includes search and filter options. It is a scan-less solution that is continually active and scanning for flaws as well as vulnerabilities.
Whether they like it or not, businesses are in an ongoing race with cybercriminals, and many are finding it difficult to keep up. Businesses must acknowledge that they are under attack right now and that, if it hasn’t already happened, they will most likely experience a breach in the future. In light of this, it’s critical to be able to identify the breach and be prepared to act when it occurs. The secret is to implement the ideal mix of preventative, detection, and remedial procedures to safeguard your company before a breach occurs. This begins with a thorough, objective evaluation of the existing state of preparedness in comparison to the desired degree of preparation for the future and the formulation of an improvement program that can be monitored over time.