Cyber Threat Intelligence (CTI)According to Gartner, threat intelligence is “evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject's response to that menace or hazard.” Put simply, it involves the collection and processing of information about threat actors and their methods for the purpose of defense. CTI solutions usually feature artificial intelligence and machine learning and integrate with other security solutions in order to ensure accurate data processing. CTI helps organizations to be more proactive than reactive in their approach to cybersecurity. By enabling human analysts to make sense of the enormous data available, these solutions help organizations to understand their cybersecurity risks and build effective defensive mechanisms, a path to cyber-resilience. Cyber threat intelligence particularly helps the IT team better manage and even avoid zero-day exploits by continually alerting them to vulnerabilities and indicators of compromise. Unlike other technology-based approaches to security data collection and processing (such as SASE), CTI relies less on automation and more on the human actors. Effective CTI requires not just the right tools but also trained and intuitive analysts. However, there is a serious challenge in this aspect. According to a survey of CTI practitioners by Cybersecurity Insiders, 85% received little or no training in Open Source Intelligence (OSINT) techniques and risks. The growing complexity of cybersecurity these days has made intelligence-based cybersecurity inevitable. It is up to businesses to invest in the right tools and in people (analysts, researchers, etc.)
Endpoint ProtectionStrip cybersecurity down to its very core and you would find that it is all endpoint protection. But the emphasis on endpoint security has become more paramount as work goes remote. With Steve working from home, Jane from another city and Alex from an entirely different country, it is much tougher now for organizations to guard entry points to prevent malware and other malicious entities from gaining entry into their networks. Not to mention the impacts of growing BYOD policies. If cybersecurity were considered a war, endpoint security would be the frontline. The implication of this is that a company that fails to protect its endpoints has lost the war to the attackers already. Currently, the state of endpoint security appears bleak. According to 2020 Endpoint Security Research by Delta Risk:
- 55% of organizations have seen an increase in endpoint security risk,
- 34% of organizations experienced one or more endpoint attacks that successfully compromised data or IT infrastructure, and
- 67% believe it is moderately likely to extremely likely that they will be the victim of a successful cyberattack in the next 12 months.
- SDPs: A Software-Defined Perimeter is useful for securing user remote access to network resources. An SDP is perfect for protecting IoT endpoints, which require lightweight transmissions and tend to not be adaptable to other enterprise-grade security tools.
- Next-gen VPNs: Unlike legacy tools, advanced VPNs offer comprehensive traffic visibility, enforce zero-trust principles and are equipped with threat detection. These are very important factors for endpoint protection.
- SWGs: A Safe Web Gateway secures users from threats by enforcing the company’s cybersecurity policy. It interfaces between the user device and network access as well as scrutinizes incoming and outgoing data for malicious or just unwanted (per policy) components.
- Firewalls: Firewalls filter traffic transferred between the internet and the organization’s network instead of user devices, which endpoint protection focuses on. Both seem to perform the same functions, but they operate on different levels. A firewall is never enough.
Cyber breach response planThere is so much to say about preventing breaches. But what if an attack is successful? What’s next after a data breach? Overall, most businesses could do better with how they respond to cyber breaches. Consider the findings of the Cyber Security Breaches Survey 2020 conducted by the UK’s Department for Culture, Digital, Media, & Sport. The following are the most common responses to cyber breaches:
- trying to find the source
- giving people specific roles and responsibilities
- assessing impacts
- formally logging incidents
- Form a response policy that includes a risk assessment, details alert levels for various types of incidents and defines the roles and responsibilities of each person involved in the process.
- Have emergency back-up plans to keep the business running even when a serious incident has occurred.
- Mandate that all your employees participate in an awareness training program that prepares them for incident response situations. Simulate attack scenarios and rehearse your plans.
- Following an incident, assess the breach to determine the effectiveness of your plans and to identify lessons, opportunities and other risks.
ConclusionThe safest approach to preparing your enterprise’s data security for a future of advanced attacks is to think ahead of the attackers. Nothing ensures this more than the three-pronged approach of intelligent analysis and defense, comprehensive endpoint security and a proactive response plan in the case of an attack.