By: John Hathaway, Regional Vice President, iMEA, BeyondTrust
As we come to the end of the first quarter of 2022, we should be clear-headed about the challenges ahead. And when it comes to cybersecurity, resolutions alone will not be enough to keep us safe. We know that digital transformation is accelerating. According to a investigation by solutions firm Rimini Street, 72% of GCC-based industry and technology leaders believe digitalization is key to moving forward in 2022.
Most of us now operate in multi-cloud environments with standard remote work. This widens the attack surface. In January 2021, a global field survey by SpeedTest of nations’ 5G networks found the United Arab Emirates to be the the fastest in the world. This impressive leap presents a wealth of possibilities in ICT solutions, including IoT, but it also expands the attack surface.
The bucket fought more than 1.1 million phishing attacks in 2020 and reports on ransomware reported that some companies in the country have paid over US$1 million to bad actors and are still facing downtime. As no one expects cyberattacks to slacken in 2022, what businesses need is a cyber security survival guide — a roadmap for recalibrating security postures to meet the challenges posed by today’s threat actors in a context of digital transformation.
- Protect privileged identities
We need to prevent attackers from exploiting inadequate controls to hijack accounts and move laterally through our environments. We now know that many breaches can be traced to compromised privileged credentials. We need to enforce unique credentials and rotate passwords frequently. We must be vigilant on dormant VPN accounts, setting up alerts to report their use.
Additionally, we may implement just-in-time issuance of credentials for third parties such as contractors or consultants. And we can focus on session activity that involves privileged identities, while implementing multi-factor authentication (MFA) and embedding passwords into any non-human component that requires access.
- Secure remote access
Any remote connection exposes credentials to a local computer, which can be compromised. Threat actor techniques such as “man-in-the-middle” can steal identities. All of our privileged access best practices, such as least privilege, password management, and session monitoring, should be implemented outside of our traditional perimeters.
Traffic should be encrypted and connections negotiated through a single channel. And every remote connection should be outbound to reduce connection options and separate remote access from Internet threats. We need to enforce network zoning to account for cloud environments and re-implement least privilege controls and just-in-time provisioning. And robust BYOD management can ensure device security if we move from mobile device management (MDM) to enterprise mobility management.
- Apply endpoint privilege management
Since modern attacks tend to involve more lateral movements than in the past, we need to keep software and system privileges to a minimum. Again, we need to use least privilege in the environment. We also need to assign specific Unix and Linux commands that IT admins can run without using sudo or root. Distinguish between function and privileges to ensure that any account or process is properly provisioned and nothing more. And enforce advanced application controls and least-privilege application management to ensure that only trusted processes can run.
- Apply hardening and vulnerability management
Given the threats posed by remote elements, including home networks and personal devices, we need to devise ways to configure, control and remediate these elements. Hardening the IT environment means removing unnecessary software, applications and privileges, closing unused ports and regularly patching endpoints. Part of the hardening process is protecting the BIOS by ensuring passwords are strong and unique.
- Prevent endpoint tampering
The flights are coming. But if a device is stolen, you can’t afford to assume a threat actor isn’t involved. To ensure that sensitive data is not easily accessed, implement disk encryption. Also use built-in hard drives like SSDs.
You can get devices that use proprietary screws, which ensures that thieves cannot easily take them apart. This is especially useful if the bad actor has a short access window to the device. Additionally, you can use security cables to secure a device to a desk. Some vendors use BIOS Tamper Protection, which monitors devices for signs that they have been opened and alerts a management platform if necessary.
- Secure and empower your service desk
The pandemic has caused service desks to be overloaded with new tools that have created significant scalability and security challenges. Once again we come back to the need for strong privileged access controls. Sessions must, of course, use strong encryption, and security teams must ensure that support tools work through firewalls without VPN tunnels (which can compromise perimeter security). Support customers should be segmented across single-tenant environments, so data is never mixed.
MFA authentication should be implemented in all sessions and credentials should be automatically injected without ever being revealed to the user or remote support personnel.
- Perform remote worker penetration testing
This is a challenge that can lead to jurisdictional friction. An employee will likely consider their home environment off-limits, so penetration testing teams should exercise caution. But other probes that don’t require direct access to private or third-party assets can still be run, such as assessing employee reactions to phishing, vishing, or SMishing attacks, or testing the vulnerability of the company-owned equipment that is used remotely.
warned is warned
Now that you have a roadmap, you can take on the rest of 2022 on your own terms. There are strong indicators of lucrative business opportunities across all industries in the region, but only if we innovate. As this requires digital transformation, this cybersecurity survival guide will help businesses manage change without exposing themselves to costly lessons.