The pandemic has completely changed how we work. As millions of people login from their homes and remote locations, the paradigm of 'normal' has completely changed. Today, working from home is the new normal. This has huge implications from a data and cybersecurity point of view, as cybercriminals are taking advantage of this and finding new sophisticated ways to target organizations, evading detection controls in place.
As most employees don’t have the same level of security infrastructure preparedness or awareness, there is huge risk of data being stolen or corporate networks being infiltrated by hackers. Cybercriminals have been quick to exploit this vulnerability.
When the perimeter has been extended, more assets are needed to be secured, and this broadens the attack surface. In many ways, it’s become a huge challenge for organizations to keep themselves one step ahead of the attackers. In times like these, it’s high time for organizations to rethink their security approach and align their security needs with the current market and technology landscape.
We recommend the following key best practices to protect your organization:
1. Secure corporate applications access and end points
‘A verify first, trust later’ approach must be encouraged. Organizations must put in place a strategy to adopt a zero-trust framework and allow user access on ‘need to know’, ‘least privilege’ basis. User access to corporate applications must be provided by creating a system of checks and balances. Endpoints are the weak link in the security chain, but are most critical. So, organizations must deploy endpoint detection and response (EDR) solutions to combat advanced attacks.
2. Pay attention to databases too
We have not heard much on database security, which is a critical asset of any organization. In many places, this is managed by third-party administrators. Databases have critical information and in the current situation, most databases are open to access from outside the organization. Without database security, business tasks can be interrupted, and confidential information may be disclosed. There is therefore a need to prioritize database security to discover and classify files containing sensitive data. Organizations need to put controls in place to continuously monitor data access and protect sensitive data across the enterprise. This will help in preventing unauthorized or suspicious activities by privileged insiders and potential hackers.
3. Monitor user behavior
By now, most organizations have realised that the change in work culture and environment will remain longer than expected. There is therefore a need to shift security priorities to meet current challenges. People are using different channels (i.e., corporate VPN, internet etc.) from home, not only to access corporate assets but also mediums such as social platforms, shopping sites, etc. This is translating to an increase in overall security incidents and even exposing employees to more threat vectors like targeted phishing attacks. To prevent these issues, continuous user behavior analytics are necessary.
4. Continuous security alert detection and monitoring
A SIEM solution to continuously monitor, alert and respond to alerts is required for every organization. This is not only for compliance, but it’s also an essential step in the journey towards becoming a secure enterprise. Most organizations have integrated critical devices with SIEM platform to have continuous security log monitoring in place. For organizations who have not prioritized this yet, it’s time for them to think about integrating their critical applications with their SIEM platform to provide round the clock application monitoring.
5. Digital risk management
Unregulated digital sprawl has opened up new security threats for organizations. As well as this, increased remote working is doubling up risks of data leaks. While open threat intelligence is useful, it has huge amounts of unwanted information. Hence, finding relevant intelligence is like finding a needle in a haystack. So, commercial contextual threat intelligence to cover brand monitoring, deep/dark/surface web monitoring and infrastructure monitoring is essential to have quick, timely, actionable intelligence to secure a company's digital footprint.
6. Secure unmanaged privileged identities
The current situation is also pushing us to think through our identities. Employees have direct and privileged account access to critical assets, and they are commonly not monitored extensively like other security technologies, which allows for a lot of internal fraud and abuse to go unnoticed. Privileged identity monitoring helps to track who is doing what and helps in fraud investigations as well.
Re-prioritizing security goals in line with the above mentioned best practices, and monitoring and managing the overall security landscape through a Security Operations Center (SOC) will help organizations to keep themselves one step ahead of adversaries.
The quote below sums up the new normal, and outlines how organizations must prepare to fight this new security battle.
‘If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.’
Sun Tzu, Art of War