Chief security officers (and CIOs, CISOs) have never had it so tough. Not only do they have all the traditional responsibilities to take care of such as day-to-day operations safeguarding the corporation's physical assets, and crisis management, but now all of that has to be done under a cyber security threat environment that's orders of magnitude more dangerous than ever before.
Consider ransomware, which first appeared in 1989 when the AIDS Trojan was created by a biologist, Joseph L. Popp. He distributed 20,000 infected floppy disks to attendees of the World Health Organization's AIDS conference. After recipients rebooted 90 times, this virus would encrypt the C: drive and demand $189 be sent to the PC Cyborg Corporation via a P.O. box in Panama. That said, the simple encryption method used meant it was fairly easy to recover the content without paying the ransom.
Fast forward to today and ransomware has become one of the greatest network security threats organizations have to deal with because it has become that much more complicated. It's distributed at a high speed via the internet and private networks and uses military-grade encryption. Worse still, today's threat actors demand multimillion-dollar ransoms, and ransomware is expected to cost businesses around $20 billion this year and more than $265 billion by 2031. The biggest ransomware payout so far this year was from the insurance company, CNA Financial, ironically known for selling cyber insurance, who paid out $40 million for a single ransomware attack in March 2021.
But ransomware is only one of the many threats organizations have to deal with. There are also distributed denial of service (DDoS) attacks and Man in the Middle (MitM) attacks, social engineering, insider threats, malware or ransomware, spyware, password attacks, advanced persistent threats (APTs) and those are just the most common network security threats.
So, what is a CSO to do? Here are seven strategies to make your organization (and your job) safer from
the countless network security threats you'll be facing in the near future:
The problem for CSOs is that while most employees have some basic knowledge of cyber security best practices, that is pretty much all they have. Without ongoing training, knowledge testing, and awareness, staff behavior is one of the biggest security risks your organization faces.
A study by Accenture revealed that less than half of new employees receive cyber security training and regular updates throughout their career; only four in ten respondents said insider threat programs were a high priority; and even though almost three-quarters of respondents agreed that "cyber security staff and activities need to be dispersed throughout the organization," cyber security is a centralized function in 74 percent of companies.
Creating a robust and distributed digital immune system with a radical re-engineering of staff behavior is required. Business leaders need to have accountability for security. Security teams need to collaborate with business leaders to create and implement security policies that will actually work, and those policies need to be routinely re-evaluated and tested.
A "security first" culture requires that all members of the culture appreciate the concept of network security threats but for that appreciation to actually have an impact, staff must be trained routinely to ensure that their knowledge is current.
Well-trained staff and a monitored environment are crucial to the successful protection of any organization but without a foundational Zero Trust environment, defenses will be intrinsically weak.
The Zero Trust model is a strategy for preventing network security threats that all enterprises and governments should be using to defend their networks. It consists of four components:
At its core, the Zero Trust model is based on not trusting anyone or anything on your network. This means that network access is never granted to anyone or anything without the network knowing exactly who or what that entity is. In addition, the use of micro-perimeters and monitoring access at multiple points throughout the network ensures that unauthorized users aren't moving laterally through the network. To make a Zero Trust model work, in-depth traffic inspection and analytics are required to identify network security threats and fill in what is essentially the blind spot in the Zero Trust model.
The key to monitoring a Zero Trust model implementation is the use of TLS/SSL inspection solutions that decrypt and analyze encrypted network traffic to ensure policy compliance and privacy standards.
TLS/SSL inspection, also called "break and inspect," allows for the detection and removal of malware payloads and suspicious network communications, prevents the exfiltration of controlled data, for example, credit card and social security numbers, and makes it possible for the Zero Trust model to do what it's supposed to do – provide in-depth and rigorous protection for networks from internal and external threats.
If your organization hasn't adopted a Zero Trust strategy combined with deep TLS/SSL traffic inspection, now is the time to start rethinking your security posture because there are more threat actors, including hostile nation-states and "professional" hackers with greater skills and resources appearing every day.
Routine testing against a checklist of expected configurations and performance standards as well as random tests of security integrity are crucial to detecting a distributed denial-of-service attack. Moreover, all test scenarios must be seen by your solution and logged to verify that your instrumentation and logging are functioning as expected.
Network performance testing should be executed at least daily because a distributed denial-of-service attack isn't always a full-bore assault; it can also be a low-volume attack designed to reduce but not remove connectivity.
When users' computers connect to resources over the internet, SSL/TLS creates a secure channel. There are three components to this: encryption, authentication, and integrity verification. Encryption hides data communications from third parties trying to eavesdrop while authentication ensures the parties exchanging information are who they claim to be and together they ensure the data has not been compromised.
If un-secured traffic is permitted, then it must be constrained to specific secured network segments and closely monitored.
A key part of a disaster recovery plan involves backups. However, it is surprising how often restoring from backup systems in real-world situations doesn't perform as expected. For example, it's important to know which digital assets are and are not included in backups and how long it will take to restore content. In addition, it's important to plan the order in which resources are recovered and what the startup window will be.
The testing of backups should also be a routine IT task with specific validation checks to ensure that recovery is possible.
The CSO's job isn't getting any easier but solid planning using the seven strategies will help ensure an organization's digital safety. In addition, partnering with top-level enterprise security vendors helps ensure that critical security technology and best practices are central to your cyber security strategy.
Written by Sanjai Gangadharan, Area Vice President – South ASEAN at A10 Networks, Inc. and Babur Khan, Technical Marketing Engineer at A10 Networks
Join our WhatsApp Channel to get the latest news, exclusives and videos on WhatsApp
_____________
Disclaimer: Analytics Insight does not provide financial advice or guidance. Also note that the cryptocurrencies mentioned/listed on the website could potentially be scams, i.e. designed to induce you to invest financial resources that may be lost forever and not be recoverable once investments are made. You are responsible for conducting your own research (DYOR) before making any investments. Read more here.