Protecting With Pre-Cognizance

Date:   Monday , December 28, 2015

Headquartered in Abingdon, UK, Sophos develops data management, network security and threat management products to protect organizations against malwares and other cyber attacks.

From financial press to daily newspapers, headlines quoting cyber attacks and data-breach incidents have become a fact of life. Can we deny that? It\'s like a catch-22 situation, for we need to thrive in an increasingly digital world. But if we choose to do so, there are challenges or threats that are waiting to ambush us, bringing our information, trade secrets, sensitive personal and financial data in the cross-hairs of attackers. Such recurring incidents nudge us to inquire as to why cyber-threats and advanced attacks have become almost like an epidemic. Although I have spent almost two decades innovating network security, I would not find it a matter of surprise if someone argues for god\'s sake, we are living in 21st century; we have been to the moon and back; they are building colonies on Mars; they have invented cure for cancer and AIDS, what is this cyber risk taboo?. I think this kind of reaction should be seen as a very natural response to increasing dominance of cyber threat incidents on our daily lives. Having said that, we still need to show respect towards this inquiry or ambiguity as others see it, for those who are guardians and in the role of securing need to reflect on such contemplations with a strong sense of awareness, commitment and responsibility.

Built-In and Not Bolt-On
As Richard A. Clarke puts it, \"Cyber war skips battlefield. Systems that people rely upon, from banks to air defense radars, are accessible from cyberspace and can be quickly taken over or knocked out without first defeating a country\'s traditional defense\". This may sound too far-fetched to a na\'ve person. However, it simply can\'t get any real than that. We need to evolve our thinking of how digital universe operates and how today\'s cyber adversaries think. Our private data is a part of those terabytes of information assets that lie across vast information network on the Internet. If we analyze security incidents that compromised data or exploited IT vulnerabilities, we see one commonality. And that is, security continues to be an afterthought. We are fighting an unknown and unforeseen adversary (it could be anyone from a rogue terrorist outfit like ISIS or a coordinated network of hackers that are after healthcare data, financial data, trade secrets or others) and security incidents continue to prove that these threats have managed to stay ahead of the curve.

Most security practitioners get it wrong; they grapple to find intelligence from obsolete security practices. The truth is, it\'s about making security intelligent, more coordinated and capable to allow us pre-cognizance into the build-up of threats, bringing us timely signs and capabilities to interpret network, user and device activities as potential risk indicators. While security challenges are becoming complex, time and again, same mistakes are repeated. Here\'s a listing of security recommendations which organizations can include as a must in their security checklist:

- Discard legacy systems. If you can\'t, then mend lose ends: It was revealed that some of the enterprise IT systems were reportedly over 20 years old and written in early generations of machine languages like COBOL, which were not designed to enable security but deliver processes. The battleground that hackers target extends to embedded computers in industrial control systems, as the Stuxnet virus showed us. We can learn from system hacks made to SCADA systems in the Middle East and other countries.

- Take Data Security seriously, do not ignore Encryption: For many organizations, it takes a data breach to start working to encrypt data and foster authentication for network access. Ashley Madison (adult dating website) breach that took place early this year showed how the so-called \'100% discreet service\' could not guard personal data and privacy for their thousands of users, when the hacker exposed nearly 60 gigabytes of membership data online. As threat surface is expanding, it is important to implement proven-in-the-field Encryption on online systems, email service and mobile devices.

- Beware of malware scare from Social Engineering, Water-holing and Phishing attacks: Always be wary of the fact that the first level of vulnerability is an organic one - people or users. Even if the systems are to be encrypted, it may not prove effective if attackers succeed in mining genuine credentials via a target social engineering attack or phishing scam. Firewalls or a sand-box can\'t be the be-all and end-all, for it takes promoting awareness into security best practices. The barriers to entry for those who want to launch cyber attacks are dropping since cyber crime is just as organized (perhaps more) as any other industry. Attackers enjoy seamless access to vast catalogues of pre-engineered malware, exploit kits and more; and such tools are crafted to evade protection, allowing hackers to fly under the radar.

- Implement Multifactor Authentication: Yes, put it in place, it certainly helps. Have some peace of mind and steal some from hackers. Also, never allow weak passwords. If they are keeping hashes (which is a good practice), prevent them from being stolen.

- Be mindful about distributing Privileged Access: It might appear later that giving privileged access to China-based subcontractors was not a very sound decision! Before you give keys to the castle, make sure that the user or the third-party has security practices in sync with what you practice.

- Make security technologies work in concert: One thing that hackers have and security teams lack is \'context\'. This is because today\'s enterprise network comprises of a multitude of users, networking and personal devices. Cloud-based data and increasingly mobile work environments need capabilities that help accelerate threat discovery and automate threat response, which goes beyond prevention and enables proactive intelligence into potential signs of anomalies. It\'s time to replace overlapping and isolated security systems with a more aligned arrangement between Network, Endpoint and Cloud aided security capabilities.

Indeed this list is not the be-all and end-all of security best practices; it nonetheless captures essential aspects for IT and Network Security teams. I hope this helps them overhaul security systems and practices and bridge gaps.