Months of lockdown due to COVID-19 and we have had the time and opportunity to acquire new skills and catch up on the reading bucket lists. We have all changed the way we work and live.
The big bad wolves on the internet have also used this time to acquire better skills and have taken advantage of limited staffing, change of working enviroments on the datacenter and security front.
During this time, Government and highly secure departments, including institutions involved in COVID response such as the WHO and Gilead sciences, Health Share of Oregon, Elite Emergency Physicians, Magellan Health, PIH Health etc, have been compromised.
The recent disclosure of exploits such as the FireEye and Solarwinds Supply Chain attack have created a never ending chain of compromises that is going to take months, if not years, to ascertain and correct. The worry in every CISO and security practitioner’s mind is that even organisations such as Fireeye, Solarwinds & Microsoft, netted in this attack by the attackers were not lacking in knowledge and resources, especially in the information and cyber security arena. Supposedly, Solarwinds has claimed that 18,000 customers have used the compromised code. This is a big number of possible exploitations to look out for in the coming months.
The thoughts arising out of these events, especially in the minds of security defenders and data owners are how to safe guard against future attacks. What have the big ones missed out that need to be considered, or is there a need for critical evolution in the Cyber defence thought process.
When one breaks down the measures on their cybersecurity to-do list, the following list emerges. One has to think like a defender of a fort, placing obstacles and restrictions in the path of the attacking force. In IT terms that would mean multiple lines of defence, such as:
1) First line of defence - Stop them at the gates
Manage your attack surface area: Find your internet visible data and systems, secure secure secure, repeat all over again. Secure your mail access, Secure the services your users use. When possible move it into a VPN encompassed zone. Use OSINT to identify unlocked doors.
Bring in strong security compliances: Ensure you adopt stringent compliances inline with your industry, a good starting point would be ISO27001, PCI-DSS, CMMC etc.
Perform regular Security tests and fixes:Create a security program with regular updates, security scans and fixes, and religiously follow it. Institute continuous Vulnerability Assessment.
Perform regular Training of your employees on the latest security practices: Invest time and money.
Endpoint Security: Lock down the systems your users are using. Take extra care with the BYOD (Bring your own device) systems. Monitor and manage for Shadow IT.
MFA Multi-Factor Authentication: Enable multi level password access to your systems for your users.
Segmented network: Break your network into role based segments. Keep your development, testing, production, backup and user segments separate. Filter and log all traffic going between them.
2) Second Line of defence - Limit the damage to your systems
Secure Virtualisation architecture,
Implement Zero Trust an SASE Architecture,
Monitor your network and systems for security and alerts 24x7,
“Traffics don’t lie!” Watch your traffic for anomalies,
Acquire Good Threat Intelligence,
Implement Least Privilege,
Implement Least Functionality,
Setup Egress filtering.
3) Third Line of defence - In the event that you are compromised, be prepared:
Create your CERT program and delegate tasks from day one,
Capture and analyse your logs for later analysis,
Create your forensics team for analysis and remediation,
Be prepared with your DR plan to fall back on.
4) Have a cup of coffee and start from 1)
In these trying times, we need to stay safe, not only from COVID-19, but also from the big bad wolves.
Copyright 2024 Luminet.
Thank you for contacting us. Our team will get back to you shortly