Cybersecurity has acquired critical dimensions in today’s digital-first economy. Enterprises have become more dependent on technology than ever before. Working from home, collaborating with remote partners, and eCommerce has become the norm. But such online activities create new risks for the enterprise. The tech landscape has become complex, multi-faceted, and constantly changing. These changed realities place the spotlight on security.
1. The inadequacy of traditional approaches to cybersecurity
Traditional network security stacks include firewalls, anti-malware suits, and email security solutions. These work fine when the enterprise network does not extend outside the physical walls of the office. But today the bulk of the enterprise traffic is outside the firewall. Remote employees connect through their unsecured home networks. Travelling executives connect through private, unsecured airport wifi.
The profile of the threat actors has also changed. Today’s cyber adversaries include professional enterprises. They leverage AI-based tools to identify vulnerable networks and launch precision attacks. No enterprise is immune, be it a small business, a government department, a Fortune 500 firm, or any other organisation, from their crosshairs.
The primary cybersecurity tools such as anti-malware software and firewalls remain relevant even today as the first line security deployments. But relying solely on these tools leaves the network vulnerable. Enterprises need to overhaul their security tools and take a proactive approach toward cybersecurity.
The first step is to upgrade to the latest versions of the firewall and anti-malware suites. The next-generation web application firewalls and application delivery controllers protect against remote threats. These tools also offer advanced functionality, such as:
- Linking IP addresses with physical locations.
- Checking for hidden malware in web-proxy and URLs
- Reverse-proxy, to safeguard the network identity from attackers.
- It is sandboxing to isolate and prevent suspicious traffic.
These features suit the connected enterprises, where most traffic comes from outside the network. Older generations of the same firewalls do not offer such advanced features.
2. Co-opt newer cybersecurity tools
Anti-malware suites and firewalls worked as the primary tools in first generation computing. Today, with most data being in motion, encryption and network monitoring have become essential tools for cyber security.
Enterprises skip network monitoring at their peril. Advanced network monitoring tools linked to AI-powered analytic engines identify the most covert or sophisticated threats. Robust analytics monitor device health, access requests, and other events with security implications. The network monitoring and analytics combo identifies threat baselines and enables risk-based authentication.
Elastic log monitoring entails pulling in and centralising enterprise log data. Analysing such data logs unearths potential compromises.
With traditional encryption, users have to decrypt the data before use. With decryption, the risks manifest again, especially when today’s professional hackers need only a brief window to steal the data. The latest homomorphic encryption allows users to work with encrypted data without decryption. Recent computational capacity breakthroughs make homomorphic encryption practical for wider applications.
3. Counter the latest sophisticated attacks
Cyber hacking is today a multibillion-dollar industry. Gone are the days of independent rogue hackers. Today’s cyber-criminals are professional organisations, more efficient than the companies they hack. They have robust R&D, institutional hierarchies, and deep pockets. They deploy the most advanced tools, powered by artificial intelligence and automation. They identify vulnerable companies and launch precision attacks.
A case in point is Emotet, an advanced malware targeting banks. The malware leverages AI to change the nature of the attack and escape detection by conventional tools. It also uses automation to send contextualised phishing emails, including COVID-19 communications.
The easy availability of ransomware-as-a-service has reduced the cost and difficulty. The perpetrators also accept payment in cryptocurrencies. Ransomware operators especially exploited the initial wave of COVID-19. Ransomware attacks increased by 148% across the globe during the first three months of the pandemic. Phishing attacks increased by a whopping 510% during the same period.
Several enterprises use automation to handle routine and lower-risk security processes, and free up resources to pay attention to higher-value activities. For instance, they automate patching, configuration, and software upgrades. Advanced automation processes higher-level tasks, such as responses to malicious encryption.
Automation is also the panacea to counter sophisticated AI-powered cyberattacks. Leading cyber defence teams automates identity and access management (IAM), security operations centre (SOC) countermeasures, and reporting. They deploy Artificial Intelligence to counter AI-based attacks.
4. Ensure effective data governance
Mobility and remote work have become the norm. But these modes depend on high-speed and always-on access to data. It also involves dealing with large data sets.
To understand customer behaviour, today’s enterprises collect extensive customer data, including consumption patterns and financial transactions. They set up data lakes to aggregate data and grant access to several people, including employees and third-party partners.
All these increase the likelihood of a breach.
Many recent high-profile attacks exploited expanded data access. The infamous 2020 Sunburst hack is a case in point, where malicious code spread to customers during regular software updates. Another big attack on a hotel used compromised employee credentials to access five million guest records.
It requires effective data governance to safeguard against such threats.
Implement a zero-trust approach with granular enforcement of policies. Tailor the adoption of zero-trust to the threat and risk landscape faced by the enterprise. Ensure a dynamic approach to the policy, factoring in the frequently changing business environment landscape.
Deploy robust authentication protocols to verify the user before granting access. Multi-factor authentication has now become an essential requirement. Going through multiple hoops may be inconvenient, but necessary to keep the cyber assets safe.
Ensure compliance with regulatory norms, such as EU GDPR. Compliance co-opts best practices to keep data safe.
Ensure transparency of all data sources and relationships. Map all data sources. Make sure silos exist only for good reasons, such as safeguarding trade secrets.
Ensure traceability. Maintain a log of all user activity. Identify all users, and shut out anonymous users and users with no valid credentials.
Here are five ways to get data governance right.
Piecemeal approaches no longer work. Adequate cyber security depends on an integrated, proactive approach. Each cyber defence initiative or tactic requires mapping to the overall strategy.
Traditional approaches to cybersecurity are static. Today, the threat landscape is changing. What is relevant today or what constitutes effective security may become inadequate in a few months. Effective cyber security today needs a proactive approach. Enterprises need to evaluate the threats facing their networks in a real-time mode, identify the most relevant threats, and take prompt countermeasures.
