Authored by: Carolyn Crandall, CMO and Chief Deception Officer – The new year is upon us, and the need for comprehensive cybersecurity is as strong as ever. As threats that continue to evolve and expand, it is critical that organizations prepare for the future with a plan to address the most vulnerable aspects of their threat detection and response strategies. Breaches are already making headlines in 2019, and organizations are increasingly looking for ways to shift the balance of power away from the attacker. Don’t worry—there are concrete steps you can take to shore up your cybersecurity plan and better protect your organization from harmful attacks. Here are some resolutions for a safer, more secure 2019.
RESOLUTION #1: Make sure that you have a well configured environment
Give your network a health check for not only patch management but also for weak configurations or code bases that are not well understood, validated or supported. Check how many of your installations out there are still relying upon defaults. Look at the tools you are using and their ability to pick up misconfigurations of systems and other risks like exposed credentials that create an opportunity for exploitation. Poorly configured environments that are not being monitored or protected will have a huge impact on the number of vulnerabilities in 2019.
RESOLUTION #2: Accept that it’s impossible to keep attackers from getting into the network and change your strategies to address the in-network battle
The simple truth is that it is impossible to prevent attackers from infiltrating the network 100 percent of the time. Networks have grown in complexity, new attack surfaces continue to emerge, the number of applications and interconnections to protect has dramatically increased, and the speed of innovation continues to outpace security controls.
Therefore, it is important to operate under the assumption that a determined attacker successfully getting into the network is inevitable. Rather than focus on preventing breaches by focusing resources predominantly on a perimeter defense, organizations should shift their attention and investment to technologies and strategies that will expedite detection and response time. In 2019, organizations should focus on solutions and controls for tracking and reducing dwell time, thereby diminishing the amount time an intruder can remain undetected in the network, decreasing the knowledge they gain, and making it harder for them to return.
In our Top Threat Detection Concerns and Trends Survey, 32 percent of respondents indicated that their mean time to detection is increasing. More surprising and troubling was that 23 percent of organizations are not tracking dwell time metrics, which would indicate continued belief in the false idea that a 100 percent effective perimeter security posture is possible.
To stay ahead of the attacker and avoid becoming an attractive target, it is critical for organizations to have tools in place to understand how the attacker got into the network, what tools they used, and what they were after. Because attackers are increasingly able to penetrate perimeter defenses and stay undetected in the network for extended periods of time, improving threat/adversary intelligence gathering will also be on the priority list for strengthening defenses.
RESOLUTION #3: Adopt an active defense approach to cybersecurity
Traditional perimeter security solutions remain an important part of any comprehensive approach to cybersecurity, but alone they are no longer enough. Supplementing perimeter security with active, in-network defenses is an essential cybersecurity best practice.
Implementing an “active defense” approach changes one’s security posture from reactive (where activity starts once the adversary has executed his attack) to one that empowers a team to be proactive in derailing attacks and decisive in responding to incidents. Active defense starts by proactively setting in-network traps and lures to misdirect intruders, slow their efforts, and increase the perpetrators’ expenses.
An active defense strategy also provides the means to automatically collect adversary intelligence and use this information to automate incident response. In this way, using deception technology for active defense better equips companies to change the asymmetry of an attack and efficiently deter attacks before material harm can be done.
RESOLUTION #4: Increase efforts to educate the organization on how to avoid putting you (and themselves) at risk
As I blogged about recently, actions taken (or not taken) by individuals can have a major effect on the security of both their own information and that of their employer. Organizations must continually promote safer practices among their employees to build a strong security foundation, practices, and fail safes. Business and security leaders can teach others to better protect themselves and their employers from cyberattacks using these simple steps:
- Make sure your operating systems, applications, and security software are updated.
- Ensure that your passwords are strong.
- Encrypt your data when possible.
- Recognize the vulnerabilities inherent to both Wi-Fi and email and be mindful of common exploits.
- Know who to call if your data/credentials have been compromised, or if you suspect a breach.
By emphasizing the importance of individual cyber hygiene, we can provide users with a greater understanding of how their actions directly impact their information security. An informed and aware user base is key to a well-rounded cybersecurity strategy.
RESOLUTION #5: Take action to secure your supply chain.
Cybersecurity concerns extend outside the walls of your own organizations, where suppliers and third-party contractors are becoming an increasingly weak link. 2018 saw a dramatic increase in the number of breaches caused by third-party suppliers, and that trend is likely to remain consistent this year.
A recent Opus and the Ponemon Institute study revealed that nearly 60 percent of companies have experienced a third-party data breach, and 76 percent of companies say that cybersecurity incidents involving vendors are growing. Particularly concerning is the fact that the cloud is likely to be increasingly targeted in 2019, and many organizations lack a complete understanding of how to protect data stored in the cloud.
Organizations will need to improve their ability to assess the security of suppliers, with an increased focus on certification and the ongoing testing of compliance against those certifications. By arming themselves with knowledge, organizations can make better, more informed decisions regarding which partners they can trust to safeguard their information.
RESOLUTION #6: Impactful IoT regulation may or may not be coming, so don’t wait for it
The number of Internet of Things-enabled devices has already surpassed the number of humans on earth, with the number expected to grow to more than 20 billion by 2020. More and more devices are being designed for internet connectivity, and innovation will continue to outpace available security options.
It is unlikely that there will be complete regulation of the industry, and although individual states many enact their own, more stringent regulations, this still leaves gaps for adversaries to take advantage of. The pace of innovation within the industry makes it difficult for government agencies and organizations to react with the necessary speed to provide effective guidance, recommendations, or security programs.
California recently led the charge when it passed SB-327, an IoT security bill mandating “reasonable security feature or features that are appropriate to the nature and function of the device.” Although recognized as a step in the right direction (and a likely precursor to additional regulations from other states), the actual directives included in the bill remain too vague to allow for effective enforcement and leave the door open for organizations to define what “reasonable” security measures are. It will therefore be up to business and security leaders to take proactive steps to protect themselves from harmful attacks, rather than wait for leadership from government agencies or legislatures.
Now it’s time to act!
Resolving to address these six areas will result in stronger information security management and improve an InfoSec team’s ability to detect and respond to the new wave of attacks we are destined to see in 2019. By no means is this list exhaustive; however, it is a great place to start. Remember: think big, start small, and move fast.
Have a fantastic 2019!