By Omar Zarabi, Founder and CEO, Port53 Technologies
As in previous years, DefCon in the cybersecurity industry is best described by headlines. The past two years have witnessed a fictional House of Horrors that has taken cybersecurity to the top of the corporate agenda. The 2020 supply chain attack on SolarWinds’ network monitoring application Orion affected thousands of corporate customers worldwide, including several government agencies in the United States.
And the list goes on. March 2021: Verkada, a Silicon Valley startup offering cloud-based CCTV systems, was compromised through simple hijacking of privileged credentials. Attackers were able to explore live footage of all Verkada customers, including medical clinics, psychiatric treatment centers, and premises of hybrid and electric vehicle maker Tesla. Also viewable: Verkada’s own office.
Another example of stolen credentials was May’s DarkSide ransomware attack on the Colonial Pipeline. It led to panic buying of gas by the public and cost operators $5 million. New York Times It is seen as a red flag for other threat actors with a lucrative payday approaching.
unusual time
Even in a normal year, this chain of events (and too many to mention) forces CISOs to rush to reimagine their threat posture. But we are not living in a normal age. In the midst of the dramatic distortions seen in a threatening environment, nature threw a curve in the mix. The COVID-19 pandemic has devastated families, business communities and economies around the world. The bold move migrated to the cloud almost overnight and immediately expanded the attack surface.
The problem came from several different directions. First, telecommuting employees were using unverified personal devices with potentially multiple vulnerabilities. These devices used private and third-party networks to connect to the cloud-based environment required for remote work. And corporate data, sensitive or not, was crossing unknown boundaries in the journey between WFH employees and the corporate environment. Penetration testing became unreliable as the architecture under investigation was only half under the jurisdiction of the organization.
Second, DevOps teams, desperately trying to transform vast portions of employers’ business models to adapt to new standards, were rolling out new digital experiences at the pace of demand. These releases may contain security holes brought in from the new PaaS environment, depending on the circumstances.
Rethink your digital dogma
As I’ve said at various points throughout cybersecurity history, what we did two years ago doesn’t work anymore. Threat actors have demonstrated that they can use every trend, every market shift, every consumer habit, and every employee error to their advantage. The organization’s response was not prompt. Cybersecurity professionals will never remember the “quiet past,” but the “stormy present” of 2022 will require rethinking the digital dogma to keep employees safe and productive.
Starting point: Know yourself. Line of Business (LOB) always handles financial planning, operations, market conditions and many other touch points. To succeed, IT and security teams need to compile a comprehensive inventory of assets, from machines in the office to devices at employees’ homes, tools on laptops to the inner workings of containerized apps in the cloud.
Here is the classification. Identifying vulnerabilities is next to managing actions. Some vulnerabilities are common but may not do much harm if exploited. Others are rare but represent significant business risk. In general, vulnerabilities should be high on the patch list if they can cause significant damage and are relatively easy to exploit by attackers. Anything that is high risk and cannot be easily dealt with should be on a watch list.
free innovation
From asset inventory editing to patching, everything should be automated where possible. Many tools today enable automatic asset discovery and policy-based patching. Overworked CISOs and their cornered teams represent some of the most overlooked security issues in the post-epidemic era. Empower your experts with the tools you need to automate routine tasks to become more effective threat hunters.
Having the basics in place helps organizations better meet their regulatory and compliance obligations. Policies alone cannot prepare the reports that auditors require. And good faith doesn’t meet the stringent requirements of standards like PCI-DSS. The good news is that cloud service providers and other vendors are starting to offer controls like MFA and DNS security, and are offering training sessions to prepare end users for the future of hybrid work.
However, tracking regulators in a continuously reactive mode is a poor security strategy. You have no choice but to gain an in-depth and broad understanding of your organization’s environment and choose the visualization and automation tools that best fit your context, architecture, and business goals. Having the basics in place such as asset inventory, vulnerability management, and user awareness can give you a strong foundation to protect your digital assets.
next?
Mastering the environment will allow you to pay attention to some of the latest policies and tools being deployed against cybercriminals. Not many headline-grabbing incidents we’ve seen have happened, but they have been due to mistakes in privileged credential management. For example, SolarWinds’ Orion uses privileged access to connect to other systems, allowing attackers to compromise many other organizations. Privileged Access Management (PAM) enables CISOs and their teams to regulate how accounts are connected to their environment using policies such as session monitoring, password rotation, least privilege, just-in-time provisioning, and shared account removal. New technology. Keep assets safe while avoiding a hit to employee productivity.
Another example is Zero Trust, which has become a hot topic. Accepting everything and assuming every process to suspect until we can prove ourselves in some other way is an approach that shows how far we have come from our recent past. Here we not only assume that we will be attacked; We assume we are already there. It is a grim but justifiable assumption that accurately reflects the world we live in.
But do not be disappointed. Horror headlines may hint at the inevitability of becoming a cyber victim, but their post-mortem autopsy also reveals a path to risk resolution. There are tools you can procure, policies you can enact, and steps you can take to make sure your organization’s name doesn’t appear on the following media pages.
About the author
Omar Zarabi is the founder and CEO of Port53 Technologies.
Growing up in a small, family-run organization, I have seen firsthand the challenges faced by resource-constrained IT teams in an ever-changing technology environment. I received my BA in Economics from UC Davis and started my cybersecurity career at OpenDNS. There, I was responsible for providing DNS security solutions to small businesses in the US and Asia. I’ve worked with thousands of IT professionals in the SMB space, and I’ve truly learned their biggest challenges, two rather new and fluid trends in the SMB IT space, especially when it comes to cloud adoption and cybersecurity.
In September 2016, just over a year after Cisco acquired OpenDNS, I founded Port53 Technologies and its CEO. Port53 focuses on providing enterprise-grade, cloud-delivered security solutions that are easy to deploy, easy to manage, and highly effective, helping customers achieve a more integrated and automated approach to security, as well as big data and predictive approaches. do. .
Omar Jarabi (Twitter, Facebook, LinkedIn )
on port 53 port 53 (Facebook, Twitter, LinkedIn, Youtube)
Fair Use Notice: “Fair use” laws allow other authors to make limited use of the original author’s work without permission. Under 17 US Code § 107, “It is not copyright infringement to use copyrighted material for purposes such as criticism, commentary, news reporting, education (including multiple copies for classroom use), scholarship, or research.” As a matter of policy, fair use is based on the belief that the public is free to use portions of copyrighted material for the purposes of comment and criticism. Fair use privileges are perhaps the most important restrictions on the exclusive rights of copyright owners. Cyber Defense Media Group is a news reporting company that reports cyber news, events, information and more free of charge on its website Cyber Defense Magazine. All images and reporting are conducted exclusively in accordance with the fair use of US copyright laws.