How to Create a Cyber-Resilient Enterprise with Branches All Over the World
Yves Mulkers
I turn Data Pains into Business Gains | Host of Data Strategy Guru's Podcast | Thought Leadership & Brand Awareness | Data Strategist at 7wData | Speaker & Mentor
While organizations proceed with their digital transformation efforts, and investments, threat actors are also becoming much more sophisticated and increasingly well organized.
The objective isn’t so much to prevent attacks, since there is no such thing as 100% cyber security. Instead, the goal should be to maintain operations through cyber resiliency.
According to the U.S. National Institute of Standards and Technology (NIST), cyber resiliency is “the ability to anticipate, withstand, recover from and adapt to adverse conditions, stresses, attacks or compromises on systems that include cyber resources.” Meaning, as threats continue to attempt to thwart your operations, your company won’t be compromised over the long term.
As a holistic approach, a cyber-resilient enterprise looks at all aspects of the organization from lines of business to the C-Suite and the employees. In addition, this isn’t a one-size-fits-all program or a set-it-and-forget-it strategy - it demands continuous improvement.
A balance should be made between protection, detection, and effective incident response. Moreover, ongoing investments should be made around applications, networks, development, design, and infrastructure. Next, it is critical to develop an employee culture that embraces cyber resiliency.
For every successful digital company, with global reach, cyber security has always played a significant role. Yet, the consistent deluge of attacks and a rapid expansion of attack surfaces have turned traditional practices using firewalls and antivirus applications upside down.
A decade or so ago, companies had static network boundaries - which, made cyber security much more straightforward. Today, those boundaries have been obliterated by mobile and remote employees, IT services, the cloud, smart devices, IoT, and more. As the attack surface continues to increase, it becomes even more challenging to determine where efforts should be focused.
Based on a 2019 Malwarebytes cyber resilience report, 75% of companies expect a data breach within the next three years. So then, businesses are starting to rethink their security posture to align it with resilience - this ensures they can ensure operations proceed as usual and that recovery is stable.
To be fair, cyber security practices have evolved - just not as fast as many would like. For a vast number of businesses, the truth is their environments are riddled with disparate and overlapping platforms.
Not to mention the inherent complexity involved with trying to integrate hundreds of varying solutions. Nonetheless, you can’t expect to protect everything, all the time. As Frederick the Great has once said: “He who defends everything defends nothing.”
Building resilience requires orchestration, automation, and threat visualisation. Keep reading to learn more.
Threats and sectors under siege
Each and every day, it feels like there are multiple cyber attack headlines. Actually, there are so many they don’t even make headline news any longer. Today, many of the breaches occur through employee mobile devices or IoT devices.
According to Cybint Solutions, 62% of businesses experienced a data breach in 2018 - and, that percentage continues to grow. RiskBased found that 4.1 billion records were left exposed by data breaches during the first half of 2019. And, the University of Maryland has found that hackers attack around 2,244 times per day. As of 2019, the average cost of a data breach is estimated at $3.92 million.
One of the most recent AI-assisted mass cyber attacks happened in April 2018 when 3.75 million TaskRabbit users had their bank account and Social Security numbers stolen. The threat actors used an AI-powered botnet using slave machines to execute a massive DDoS attack on TaskRabbit’s servers. As TaskRabbit’s site was disabled, over 141 million users were impacted.
If you want to discuss sectors, all sectors are under siege.
What about the pain points?
The digital era hasn’t come without its fair share of complexities including necessary data protection regulation and compliance requirements such as the GDPR and others like it. Global companies must adhere to multiple regulations in different locations.
Plus, the regulatory environment is evolving as well. With noncompliance comes exorbitant fines, perhaps even shuttering a business or line of business. Successfully navigating, and ensuring cyber security, within a maze of compliance regulations isn’t for the faint of heart.
Nonetheless, another pain point comes in the form of the significant cost of a data breach and this isn’t just about revenue, it’s also about risking customer loyalty and business disruption which could lead to negative and long-term ripple effects. In addition, many customers reserve the right to take legal action if they discover their personal data has been compromised.
And, it can take years for a business to come back to its previous level of performance and profit generation. These pain points, and more, are creating an urgency for companies to quickly design and implement a cyber-resilient framework.
Where can we find opportunities?
Right now, you have an opportunity to make cyber resilience and comprehensive threat visualisation a reality. These are the keys to success moving forward. To mitigate risks, create a thoughtful business continuity plan.
Since IoT will continue to expand, it is crucial to regularly back up data and train employees around cyber security best practices including how to spot a phishing attempt and what to do in response. Then, implement automation of security and privacy controls to keep your operations sustainable even through an attack.
Restrict the attack surface
Take some time to understand your company’s enterprise-wide digital footprint - this includes your branches all over the world. Then, use the data to determine weaknesses and vulnerabilities. Next, run threat simulations and put your infrastructure to the test.
Keep user access secure at all times
The 21st century is all about zero trust. Don’t let anyone access your IT infrastructure unless they can be trusted. One way to improve cyber resiliency is to use multidimensional user profiles for access based on geography, workload, device, employee title, and even project type. Then, additional authentication can be required as needed.
When a successful data breach occurs, it moves fast on purpose and often spreads laterally from the initial endpoint to other endpoints in your system. It’s time to take advantage of automated threat visualisation. In fact, this is the scalable method that doesn’t need to take a break. When deployed accurately, automating threat intelligence can also reduce the number of false positive rates identified from various detection systems.
Utilize automated orchestration tools for improved endpoint visibility with remediation maps for coordination and execution of cyber protection. You should also automate low-level processes between security controls to respond as soon as attacks take place.
Success
Success requires a combination of threat visualisation with vigilance. Additionally, your organization needs to adopt the right tech stack for optimizing monitoring, observation, and response to cyber threats. Cyber resilience is further empowered by a transparent security culture led by company executives.
The IoT
The more vulnerable your systems, the greater the chance of a breach. Cyber criminals always search for the weakest link to exploit, then repeat. With the influx of smart devices, threat actors have more access points via thermostats, intelligent lights, intelligent security cameras, and more. True, the IoT brings us lots of data and lets us execute actions faster than ever before.
At the same time, companies must ensure that IoT devices do not offer easy access to cyber criminals. Just one example, the Mirai botnet, attacked 100,000 endpoints in a huge DDoS attack that disrupted many large businesses throughout the United States.
5G Data
Previously, cell phone networks were based on centralised switching and hardware with a hub-and-spoke configuration. With this type of system, all traffic passed through hardware and data packets could be both cleaned and inspected.
Fast-forward to today, and 5G networks are software-based - meaning there are more nodes to manage without much hardware control. In addition, 5G relies on network tasks dependent on standard Internet Protocol and operating systems. As a result, the digital attack surface is increased.
Virtually, cell site antennas use dynamic spectrum sharing (DSS) which shares bandwidth with several streams of data, each bandwidth prone to a cyber attack. Therefore, cyber resiliency must include dynamic cyber security controls designed for different levels of risk.
The various types of cyber attacks
Every year, cyber crime goes up. And, businesses are attacked every day. It’s imperative to take note of the different types of data breach techniques.
Phishing
In a phishing attack, email is used as a weapon to trick the recipient into clicking an infected link or downloading a nefarious attachment. The cyber criminals start by studying real people, then masquerade as such to gain the trust of their intended recipients. They may also use graphic design to create emails that look like they came from major brands asking for customers to update their login credentials and more.
Phishing isn’t a new technique, in fact, it dates back to the 1990s. But, it is the most prominent because it is easy and there is no coding required.
Social engineering
Social engineering can be similar to phishing in the sense that the cyber criminal uses psychological trickery by studying the intended victim and vulnerable points of entry. Using this information, the attacker tries to gain trust and trick a victim into sharing sensitive information.
DDoS
The objective of a DDoS attack is to overwhelm systems, resources and bandwidth so that they can no longer function properly. Moreover, the point is to compromise systems hence the name distributed-denial-of-service attack.
Zero-Day
Zero-day attacks are quite prominent right around the time that companies intend to disseminate patches or switch to a new operating system during end-of-life. When an OS is no longer supported, or weaknesses are determined, hackers are waiting in the wings to launch an attack.
What are some of the newest cyber attack trends?
One of the most prominent trends is attacking the expanded enterprise surfaces. As companies began the process of migrating their infrastructure to the cloud, they soon realised the cost and time savings. Yet, distributed networks also started expanding giving threat actors more opportunities for access. Then, there is the exponential value of big data. For many companies, data is their product.
Today, big data is the revenue driver ensuring data-driven decisions and increased productivity in all areas of the business. As a result, companies - of every industry - have become insight-driven. Cyber criminals are quite aware of the value of data, it’s often the driving force behind many of the most nefarious attacks.
As systems and technologies evolve, so will attack sophistication. In the past, attacks often occurred at the endpoints. Today, DDoS and ransomware attacks operate laterally. With collaboration tools, AI, IoT, BYOD, and the cloud, the traditional enterprise security posture is no longer viable or efficient.
To achieve true cyber resiliency, businesses need to continuously redefine their strategy to successfully mitigate the current threats - especially in the AI era where hackers are now using botnets and machine algorithms. Each time a botnet attempts an attack, it learns from the experience and gets better.
What about the role of AI in cyber security?
AI can help every enterprise because it helps to improve how cyber security experts understand cybercrime with relevant data. While it may not be practical for every application, it should be used strategically. Invariably, machine learning and AI are transforming the future of cyber security. Imagine incident response in a matter of nanoseconds.
Furthermore, AI-driven security systems can provide invaluable data for enhanced learning about cyber breach tactics and attempts. Machine learning facilitates learning without the need for explicit programming - changes when exposed to different data sets. So then, your security systems don’t need to be programmed where to hunt for cyber threats.
This is great news because it gives security professionals an edge and more time to focus on the most damaging risks. Some of the most widely-used AI-led cyber security tools are listed below:
- Cyber security ratings
- Machine learning
- Biometric login
- Network intrusion detection
With AI, cyber security systems can perform human-like activities with minimal human intervention. Understanding the micro-behavior of malicious attacks, combined with predictive analytics, simply adds an extensive level of cyber security and resiliency.
General thoughts:
According to an IBM study, in over 70% of data security breaches, privileged accounts were abused. Most organizations are surprised to learn how many privileged accounts they actually have.
One of the most cyber-resilient steps a company can take is to effectively secure credentials, business secrets, and privileged accounts. When threat actors want to move laterally, they use privileged access. In fact, some of the most damaging data breaches involved privileged accounts in one form or another.
It is time for industry leaders to make privileged account security a priority. With dynamic environments that include the cloud, and hybrid applications, locking down privileged accounts is no longer optional, it is a must. Yet, it is not just human access, you must also take into consideration privileged access within applications via Robotic Process Automation (RPA).
Invariably, threat actors will always look for an organization’s weakest links and vulnerabilities. Further, risks will continue to evolve from human end users to machines. As a result, agility and flexibility are needed along with a cultural adoption around continuous process improvement. So then, as environments change, your company is much better prepared and more cyber-resilient against persistent threats.
Final thought
Businesses can’t afford to slow down in this new digital economy. Security needs to catch up, and the sooner the better. Focusing on reducing the attack surface, securing user access and neutralizing adversaries can help organizations shift from being cyber reactive to cyber resilient.
In our ever-changing digital economy, businesses can’t afford to take a back seat. Security is playing catch up, and it is now your job to take it to the finish line. Whether it is maintaining secure user access, limiting the attack surface, or stopping cyber criminals in their tracks - the goal should shift from cyber reaction to cyber resiliency.
You’ll know your company is becoming more cyber resilient if you have already taken steps to plan your strategy and supporting technologies. If you want to ensure revenue growth, and preserve operations now and well into the future, then you must have a resilient and strong risk mitigation plan. Not to mention, you’ll help to preserve your brand reputation in the event of an attack.
Founder & President @ GovTech Labs Intelligent Transportation & Connected Community Enthusiast // GovTech Advisor // Californian Living in the Rockies // Optimistic Realist
4 年Yves this really got the old noodle going. What are your thoughts in enterprise(s) that have employees in such remote areas or who live in such disenfranchised communities they have ZERO internet access? How does enterprise digitally transform to a more resilient org with so much digital inequality out there?
Senior Account Director- Talent Solutions
4 年Great read- great insights on how to maintain security best practices!
Founder | IoT Recruiter | SoftNet Search Partners, LLC | IoT Consulting | AI & ML Recruiter | Consulting for Industry 4.0 and IIoT | Smart Manufacturing Solutions
4 年Great read Yves Mulkers hoping to see a real renewwed/ continual interest in digital transformation and IOT/ thanks for the great info..
Head of Go-To-Market @ TestBox
4 年"Security needs to catch up, and the sooner the better." Truer words have never been said!
Principal/Sales, Marketing, Leadership Recruiter @ Edge Connection | Trusted Partner for Top GTM Talent
4 年Although my apple watch just told me to take a moment of deep breathing, this information is awesome. I believe that although work from home life is good for some, it definitely jeopardizes an Enterprise Company's security. Scary stuff but important for companies to recognize as we move out of this economic downturn.