Many security vendors are published their threat reports and making recommendations to CISOs and other leaders for better protection of security assets. After reading many of these reports, following is a summary of major risks identified by these reports and strategies to mitigate these.
RISK – Ransomware is a form of malware that disables systems by encrypting data. The attackers demand ransom money to provide keys to decrypt data. Many organizations in diverse industry sectors have fallen victim to these attacks.
- Verifiable backup and mock exercise for timely restoration of systems
- Patching for vulnerabilities to avoid infection by Ransomware
- Monitoring network traffic for command and control centers activity and timely response to attacks
- Network segmentation to stop lateral propagation
RISK – Verizon Data Breach Investigations Report (DBIR) shows that phishing emails are one of the major point of entry for Cyberattacks. Employees fall victim to these emails and click on embedded URLs causing installation of a malware, creation of backdoors, or exfiltration of confidential information to attackers.
- Robust awareness program
- Web and Email content filtering
- Include executive leadership in tabletop exercises (executives are being targeted more, per DBIR)
RISK – Verizon DBIR and other industry reports show that Espionage is a real threat and accounts for 23% of data breaches, overall. Some industry sectors and public organizations with intellectual property are larger targets for espionage activity compared to others.
- Understanding and document your risk profile and potential attackers
- Build threat hunting and dark web investigations practice
- Active monitoring of threats on networks and network segmentation
- Effective awareness program
Move to Cloud
RISK – Most organizations are moving to Cloud or have a Cloud strategy. However, many organization have low skills to fully understand and implement controls for Cloud infrastructures (both at network and app levels) resulting in data breaches due to errors and misconfigurations.
- Better integration of network with Cloud virtual environment
- Monitoring Cloud environment for potential misconfiguration issues
- Implement Cloud security strategy and controls such as Cloud Access Security Broker (CASB)
Security of Emerging Technologies
Risk – Emerging technologies such as machine learning, blockchain, IoT, and others are bringing new opportunities and at the same time creating additional attack surface.
- Create internal expertise and a learning culture for these new technologies
- Proactively create policies and procedures for security of emerging technologies
- Engage with internal teams who are planning for using these technologies for better collaborative strategies