The pandemic has completely changed how we work. As millions of people login from their homes and remote locations, the paradigm of 'normal' has completely changed. Today, working from home is the new normal. This has huge implications from a data and cyber security point of view, as cyber criminals are taking advantage of this new normal and finding new sophisticated ways to target organisations, and evading detection controls in place.
As most employees do not have the same level of security infrastructure preparedness or awareness, there is huge risk of data being stolen or corporate networks being infiltrated by hackers. Cyber criminals have been quick to exploit this vulnerability.
When perimeter has extended, more assets are needed to be secured means broaden the attack surface. In many ways, it has become a huge challenge for organizations to keep themselves one step ahead of the attackers. In times like these, it is high time for organisations to rethink their security approach and align their security needs with current market and technology landscape.
We recommend the following key best practices that must be undertaken on priority to protect your organisations:
#1 Secure corporate Applications access and end points
"A verify first, trust later approach" solution must be encouraged. Organizations must put in place a strategy to adopt a zero trust framework and allow user access on "need to know", "least privilege" basis. User access to corporate applications must be provided by creating a system of checks and balances. End points are the weak link in the security chain, but are most critical. Hence, organizations must deploy Endpoint Detection and Response (EDR) solutions to combat advanced attacks.
#2 Pay attention to Databases too
We have not heard much on database security, which is a critical asset of any organisation. In many places, this is managed by third party administrators. Databases have critical information and in current situation, most databases are open to access from outside the organisation. Without database security, business tasks can be interrupted and confidential information may disclosed. Hence, there is a need to prioritize database security to discover and classify files containing sensitive data. Organizations need to put controls in place to continuously monitor data access and protect sensitive data across the enterprise. This will help in preventing unauthorized or suspicious activities by privileged insiders and potential hackers.
#3 Monitor User Behaviour
By now, most organisations have realised that the change in work culture, environment will remain longer than expected. Hence, there is a need to shift security priorities to meet current challenges. Users are accessing (via different channels i.e. corporate VPN, Internet etc. ) from home not only to access corporate assets but also mediums such as social platforms, shopping sites etc. This is translating to an increase in overall security incidents and even exposing employees to more threat vectors like targeted phishing attacks. To prevent these issues, continuous user behaviour analytics is the need of the hour.
#4 Continuous security alert detection and monitoring
A SIEM solution to continuously monitor, alert and respond to alerts is very much required for every organisation. This is required not only for compliance but is also an essential elementary step in the journey towards becoming a secure enterprise. Most of the organisations have integrated critical devices with SIEM platform to have continuous security log monitoring in place. For organizations who have not prioritized yet, it is time for them to think about integrating their critical applications with SIEM platform to provide round the clock application monitoring.
#5 Digital Risk management
Unregulated digital sprawl has opened up new security threats for organisations. Further, increased remote working is doubling up risks of data leaks. While open threat intelligence is useful, it has huge amount of unwanted information.Hence, finding relevant intelligence is like finding “Needle in a haystack”. So, commercial contextual threat intelligence to cover brand monitoring, deep/dark/surface web monitoring, infrastructure monitoring is essential to have quick, timely, actionable intelligence to secure an company's digital footprint.
#6 Secure unmanaged privileged identities
Current situation is also pushing us to think through on identities. Employees have direct and privileged account access to critical assets, and they are commonly not monitored extensively like other security technologies which allows for a lot of internal fraud and abuse to go unnoticed. Privileged identity monitoring helps to track who is doing what and helps in fraud investigation as well.
Re-prioritizing security goals in line with above mentioned best practices and monitoring, managing overall security landscape through a SOC will help organisations to keep themselves one-step ahead of adversaries.
The quote below sums up the new normal, and outlines how organizations must prepare to fight this new security battle.
“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle - Sun Tzu, Art of War”