One significant negative implication of technology's continual evolution is proportional advancement in nefarious internet activities, particularly cyber attacks. The past few years have seen a rising sophistication in cyber attacks at levels never experienced before. The worst fact is that attacks will likely only continue to get more advanced. To fight them, enterprises need to be armed with greater security tools. Legacy approaches to cybersecurity no longer cut it. Many cybersecurity attacks today are highly targeted. Attackers spend a good deal of time gathering information on their prey (usually months) and carefully looking for a chance, even the slightest, to pounce. Organizations that don't invest in cyber threat intelligence are the weakest in the face of such kinds of attacks. Besides avoiding zero-day vulnerabilities, enterprises must also protect their system's endpoints and develop a smart cyber breach response plan.
Cyber Threat Intelligence (CTI)
According to Gartner, threat intelligence is “evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject's response to that menace or hazard.” Put simply, it involves the collection and processing of information about threat actors and their methods for the purpose of defense. CTI solutions usually feature artificial intelligence and machine learning and integrate with other security solutions in order to ensure accurate data processing. CTI helps organizations to be more proactive than reactive in their approach to cybersecurity. By enabling human analysts to make sense of the enormous data available, these solutions help organizations to understand their cybersecurity risks and build effective defensive mechanisms, a path to cyber-resilience. Cyber threat intelligence particularly helps the IT team better manage and even avoid zero-day exploits by continually alerting them to vulnerabilities and indicators of compromise. Unlike other technology-based approaches to security data collection and processing (such as SASE), CTI relies less on automation and more on the human actors. Effective CTI requires not just the right tools but also trained and intuitive analysts. However, there is a serious challenge in this aspect. According to a survey of CTI practitioners by Cybersecurity Insiders, 85% received little or no training in Open Source Intelligence (OSINT) techniques and risks. The growing complexity of cybersecurity these days has made intelligence-based cybersecurity inevitable. It is up to businesses to invest in the right tools and in people (analysts, researchers, etc.)
Strip cybersecurity down to its very core and you would find that it is all endpoint protection. But the emphasis on endpoint security has become more paramount as work goes remote. With Steve working from home, Jane from another city and Alex from an entirely different country, it is much tougher now for organizations to guard entry points to prevent malware and other malicious entities from gaining entry into their networks. Not to mention the impacts of growing BYOD policies. If cybersecurity were considered a war, endpoint security would be the frontline. The implication of this is that a company that fails to protect its endpoints has lost the war to the attackers already. Currently, the state of endpoint security appears bleak. According to 2020 Endpoint Security Research by Delta Risk:
- 55% of organizations have seen an increase in endpoint security risk,
- 34% of organizations experienced one or more endpoint attacks that successfully compromised data or IT infrastructure, and
- 67% believe it is moderately likely to extremely likely that they will be the victim of a successful cyberattack in the next 12 months.
The point of endpoint security is data protection. Data is the world’s (and any company’s) most valuable resource. So as a company, you don’t want to lose your data or access to it. The ideal endpoint protection must focus on safeguarding data. Endpoint security solutions usually operate on a client-server model, though some are delivered as SaaS. Note that though firewalls and VPNs play a vital role in breach prevention, they're different from endpoint security. However, both can feature on the platform. Some of the most secure technologies to implement in endpoint protection include (but are not limited to) the following:
- SDPs: A Software-Defined Perimeter is useful for securing user remote access to network resources. An SDP is perfect for protecting IoT endpoints, which require lightweight transmissions and tend to not be adaptable to other enterprise-grade security tools.
- Next-gen VPNs: Unlike legacy tools, advanced VPNs offer comprehensive traffic visibility, enforce zero-trust principles and are equipped with threat detection. These are very important factors for endpoint protection.
- SWGs: A Safe Web Gateway secures users from threats by enforcing the company’s cybersecurity policy. It interfaces between the user device and network access as well as scrutinizes incoming and outgoing data for malicious or just unwanted (per policy) components.
- Firewalls: Firewalls filter traffic transferred between the internet and the organization’s network instead of user devices, which endpoint protection focuses on. Both seem to perform the same functions, but they operate on different levels. A firewall is never enough.
Cyber breach response plan
There is so much to say about preventing breaches. But what if an attack is successful? What’s next after a data breach? Overall, most businesses could do better with how they respond to cyber breaches. Consider the findings of the Cyber Security Breaches Survey 2020 conducted by the UK’s Department for Culture, Digital, Media, & Sport. The following are the most common responses to cyber breaches:
- trying to find the source
- giving people specific roles and responsibilities
- assessing impacts
- formally logging incidents
However, only 21% of businesses carry out all four, while 30% do none of these. This shows that companies’ responses to data breaches are usually not very comprehensive, with more businesses (64%) rather concentrating on preventing future breaches. However, how resilient can a threat prevention plan be without proper incident response to fully understand the situation, identify vulnerabilities and calculate risks? In developing a solid breach response plan, you would find the following tips helpful:
- Form a response policy that includes a risk assessment, details alert levels for various types of incidents and defines the roles and responsibilities of each person involved in the process.
- Have emergency back-up plans to keep the business running even when a serious incident has occurred.
- Mandate that all your employees participate in an awareness training program that prepares them for incident response situations. Simulate attack scenarios and rehearse your plans.
- Following an incident, assess the breach to determine the effectiveness of your plans and to identify lessons, opportunities and other risks.
The safest approach to preparing your enterprise’s data security for a future of advanced attacks is to think ahead of the attackers. Nothing ensures this more than the three-pronged approach of intelligent analysis and defense, comprehensive endpoint security and a proactive response plan in the case of an attack.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire.