By: John Hathaway, Regional Vice President, iMEA, BeyondTrust
As we reach the end of the first quarter of 2022, we should be clear-headed about the challenges ahead. And when it comes to cybersecurity, resolutions alone will not keep us safe. We know that digital transformation is accelerating. According to a survey by solutions company Rimini Street, 72% of GCC-based line-of-business and technology leaders believe digitisation is key to getting ahead in 2022.
Most of us now operate in multi-cloud environments with remote work a given standard. This expands the attack surface. In January 2021, a global field survey by SpeedTest on nations’ 5G networks found the UAE’s to be the fastest in the world. This impressive leap presents a slew of possibilities in ICT solutions, including IoT, but this also expands the attack surface.
The UAE fought off more than 1.1 million phishing attacks in 2020 and reports on ransomware have indicated that some firms in the country have paid out more than US$1 million to bad actors and still faced downtime. With no one expecting a let up in cyberattacks in 2022, what businesses need is a cybersecurity survival guide — a roadmap for the recalibration of security postures to meet the challenges posed by today’s threat actors amid a surge in digital transformation.
- Protect privileged identities
We must stop attackers exploiting inadequate controls to hijack accounts and move laterally within our environments. We now know many breaches can be traced back to compromised privileged credentials. We must enforce unique credentials and rotate passwords frequently. We must be vigilant of dormant VPN accounts, implementing alerts to flag their use.
In addition, we can implement just-in-time issuance of credentials for third parties such as contractors or consultants. And we can zero in on session activity that involves privileged identities, while also implementing multi-factor authentication (MFA) and embedding passwords in any non-human component that requires access.
- Secure remote access
Any remote logon exposes credentials to a local computer, which may be compromised. Threat-actor techniques such as “man in the middle” can steal identities. All our privileged-access best practices — such as least privilege, password management, and session monitoring — must be put to work outside our traditional perimeters.
Traffic should be encrypted, and connections brokered through a single access pathway. And every remote connection should be outbound to reduce the options for login and segregate remote access from Internet-based threats. We should enforce network zoning to account for cloud environments and again implement least-privilege controls and just-in-time provisioning. And robust BYOD management can keep devices secure if we shift from mobile device management (MDM) to enterprise mobility management.
- Apply endpoint privilege management
As modern attacks tend to involve more lateral movement than in days gone by, we should restrict software and system privileges to a minimum. Again, we must use least privilege across the environment. We should also assign specific Unix and Linux commands that IT administrators can execute without using sudo or root. Distinguish between function and privileges to ensure any account or process is aptly provisioned and no more. And apply advanced application controls and least-privilege application management to ensure only approved processes can run.
- Apply hardening and vulnerability management
Considering the threats posed by remote elements, including home networks and personal devices, we need to devise ways of configuring, controlling, and patching these elements. Hardening the IT environment means removing unnecessary software, applications, and privileges, closing unused ports, and routinely patching endpoints. Part of the hardening process is the protection of BIOS by ensuring passwords are strong and unique.
- Prevent endpoint tampering
Thefts happen. But if a device is stolen, you cannot afford to assume that a threat actor is not involved. To ensure that sensitive data cannot be easily accessed, implement disk encryption. Also, use embedded hard disks like SSDs.
You can procure devices that use proprietary screws, which ensures thieves cannot readily take them apart. This is particularly useful if the bad actor has a short window of access to the device. In addition, you can use security cables to secure a device to a desk. Some vendors use BIOS tamper protection, which monitors devices for signs they have been opened, and alerts a management platform when necessary.
- Secure and empower your service desk
The pandemic led to overwhelmed service desks with new tools that created significant challenges in scalability and security. Once more, we return to the need for strong privileged-access controls. Sessions should, of course, use strong encryption, and security teams should ensure that support tools work through firewalls without VPN tunneling (which can compromise perimeter security). Support customers must be segmented via single-tenant environments, so data is never co-mingled.
MFA should be implemented in all sessions, and credentials should be automatically injected without ever being revealed to either the user or remote support staff.
- Perform remote worker penetration testing
This is a challenge and may involve jurisdictional friction. An employee will likely consider their home environment off limits, so pen-test teams need to tread carefully. But other probes that do not require direct access to private or third-party assets can still run, such as evaluation of employees’ reactions to phishing, vishing or SMishing attacks, or the vulnerability testing of company-owned hardware that is being used remotely.
Forewarned is forearmed
Now you have a roadmap, you can face the rest of 2022 on your own terms. There are strong indicators of lucrative business opportunities ahead across all industries in the region, but only if we innovate. As that requires digital transformation, this cybersecurity survival guide will help enterprises manage the change without leaving themselves open to costly lessons.
