2021 Security Review Part 2: 5 Strategies for Staying Secure in 2021
In Part 1 of our 2021 Security Review series, we reviewed this year’s top cybersecurity trends and how they could already be affecting businesses like yours. In this post, we’ll revisit these trends and discuss what you can do to address them and stay secure in 2021.
The recent attack on Nine Entertainment highlights the potential impact for every business. The Australian reported that Nine’s ad revenue had taken a hit as the network attack had crippled the companies advertisement booking and placement system potentially costing them $1m.
When it comes to securing your company, knowing the latest security threats is only half the battle— the other half is protecting yourself against them!
Even then, any effective security strategy must be an ongoing, active effort. While being aware of the latest security threats and tools is certainly important, the true value in any strategy lies in the actual implementation, no matter how small.
To help get your company secure as fast as possible, this post will focus on direct, actionable strategies that you can use to combat this year’s biggest threats. Thankfully, getting started is not only relatively straightforward but many of the methods we’ll discuss are very easy to implement— some even requiring less than an afternoon’s effort. Though some changes may be small, they can still deliver big results.
But what if you already have a security strategy in place?
While your existing strategy may already be doing a good job, it’s still worth reevaluating— especially given the massive changes to the IT and security landscapes in the last year. Read on to learn what you can do to address these changes and stay secure.
Five Strategies for Addressing 2021’s Top Cybersecurity Trends
The rise of remote work caused by the COVID-19 pandemic has placed increased importance on access control and cloud infrastructure. Combined with the continued growth of artificial intelligence and other novel technologies, many companies are facing completely new – or at least previously overlooked – cybersecurity challenges.
Which one of these IT and cybersecurity trends could already be impacting your organisation?
Protect remote workers with MFA/2FA and device management
The Trend: Remote workers have become prime targets for hackers.
With many connecting to company resources using personal devices and potentially unsecured networks, even the most secure platforms are facing new vulnerabilities that are proving difficult to control.
Hackers have identified many ways to exploit remote workers, the most common are:
- Social engineering
- “Man in the middle” attacks
So far, ransomware has been the most common of these attacks over the past year. A type of malware, ransomware “locks” a user’s computer until they give up credentials, data, or, in many cases, money—essentially holding them for ransom! When users aren’t trained to deal with ransomware correctly, they may feel no other choice than to hand over money or information rather than remove the ransomware.
Social engineering attacks have also seen a surge since the shift to remote work, which themselves often lead to ransomware on user devices. In any case, with remote workers now communicating primarily through email and conferencing software, hackers now have more avenues than ever to impersonate emails, login portals, and even company personnel.
Remote workers connecting to company resources over unsecured networks (such as public Wi-Fi) have also become victims of “man in the middle attacks,” where a hacker connected to the network can “listen” to data sent over the network— including login credentials and correspondence.
While these attacks may seem varied and difficult to tackle, they all share a common means of prevention.
The Solution: Secure remote access with multi-factor authentication (MFA) and upgraded device management tools.
Remote work or not, passwords are always at risk of getting stolen. As a result, the most effective security strategies assume that passwords will – not just might – get stolen eventually and that additional layers of authentication are crucial for ensuring secure access.
Enter in multi-factor authentication (MFA). Here, instead of only using a password to log in, users must also enter a second form of authentication such as a one-time security code. This code is often sent to a personal phone or some other device.
The benefits of utilising MFA are well known: According to Microsoft, MFA can block over 99.9 percent of unauthorised logins. Plus, with today’s security tools, MFA is easier than ever to implement, no longer requiring the external hardware devices or user disruptions it has in the past.
MFA isn’t just a crucial part of an effective security strategy—it’s a minimum requirement. However, that doesn’t mean it should be your only tool in securing remote access.
In addition to utilising MFA, consider adopting forms of device management, especially at the policy and procedure levels. As a minimum, establish clear rules about network connections, ransomware, device updates and usage, and so on. By giving users clear guidelines on how to connect safely while also utilising MFA, your organisation will eliminate most of the risks associated with remote connections. Want to know how to enable MFA/2FA or device management? Ask an expert today. Contact an expert at Blackbird IT here.
Review and upgrade cloud security
The Trend: Cloud security remains an afterthought even as companies rush to adopt cloud-based collaboration tools.
Cloud-based collaboration tools have become essential for the recent (and massive) shift to remote work. However, the transition hasn’t been comfortable: With more day-to-day operations and workers supported by the cloud than ever before, even the best-equipped companies have scrambled to implement and scale cloud resources.
Unfortunately, the result of this “scramble” has often been cloud platforms that are only “good enough” to support it. As a result, many important configurations remain, well, unconfigured— security being one of them.
While cloud security is a subject in and of itself, most cloud platforms face similar security challenges:
- Larger attack surfaces
- Lack of flexibility in user permissions and scalability
- Decreased visibility and control of resources
- Complex environments and infrastructure
- Compliance requirements
In summary: It’s often difficult to get a complete view of cloud resources and how they’re used. As a result, many administrators are left dealing with surface-level control panels and user interfaces, neglecting the finer points of security beneath the surface.
This lack of visibility comes with several consequences. In addition to often having only a vague picture of resources and usage, breaches and other attacks often fly under the radar. Further, day-to-day administration is often stifled, as granting user permissions and scaling resources become murky processes.
Thankfully, a couple of straightforward changes are often enough to remedy most cloud security woes.
The Solution: Adopt a “zero trust” approach and increase visibility into cloud applications.
As hinted above, visibility and access control are the key components of cloud security. By increasing visibility alone, you’ll gain a greater understanding of everything – and everyone – under your cloud.
But how can you “increase” visibility? And just how “visible” does the cloud need to be?
Generally, your cloud should be visible enough for you to view the following data:
- Cloud users (including user activity, location, and devices)
- Cloud data (including data locations, data usage, and statistics)
- Sharing (how users are sharing and/or downloading data)
Gaining this level of visibility depends on your chosen cloud platform. While some platforms might make some of this data available, a complete view usually requires a specialised cloud security platform. Most cloud security platforms interface with your chosen cloud platform’s application developer interface (API) to extract and analyse this data.
However, a greater view isn’t enough: Access control and user permission are equally crucial. Here, a “zero trust” approach has become the favourite, especially as flexibility and scalability requirements make user permissions ever-changing and risky to allocate.
True to its name, the zero-trust approach makes it so that no user is trusted until verified— in or out of the network. Even within the network, users are only given the least amount of access and resources possible. This approach contrasts with many traditional security approaches that only verify users upon login, which does little to secure the network should a hacker manage to “sneak in.”
Though the zero-trust approach may sound restrictive, it’s often the opposite in practice: Here, instead of carefully allocating user permissions with every system change, users are given exactly what they need in any given session, often in an isolated environment. This dynamic not only enables greater flexibility throughout changes and updates to the platform but also ensures that any suspicious activity remains separated from more sensitive resources and data.
In practice, implementing a zero-trust approach comes down to administration. When you or a managed service provider are setting up user permissions, keep a close eye on how – and when – they’re allocated. Further, ensure that users are given only the bare minimum of what they need in isolated segments of your overall cloud infrastructure.
Augment (but don’t replace) security with automation
The Trend: While automation is replacing many of the most repetitive security tasks, it’s become an equally useful tool for hackers.
From log review to malware detection, security tasks are often repetitive and, frankly, underwhelming— especially when some of the most “urgent” alerts turn out completely benign!
As a result, it’s easy for security professionals to develop a sense of “alert fatigue” that causes them to turn a blind eye to the subtle, important details required for monitoring tasks. Though automation can help here, it can also compound the issue and let threats slip by unnoticed.
To make matters worse, hackers are also using automation to handle repetitive tasks of their own: From organising botnets to brute-forcing password attempts, hackers have perhaps made better use of automation than security professionals!
While it’s possible to fight fire with fire (read: automation with automation), the most effective approach still requires a keen human eye.
The Solution: Use automation to augment only the most repetitive tasks and obvious threats.
Using the right security tools and managed services, it’s possible to automate many of the most repetitive security tasks. Some of the most commonly automated security tasks include:
- Log review and alert handling
- Detecting and removing malware
- Email monitoring
- File quarantining and deletion
With more to monitor than ever, automation has become essential, especially for data enrichment (such as log review). However, it’s crucial that automation only augments these tasks rather than replaces them; in other words, your automation tools should only automate the work of verifying benign events so that you can have more time to focus on suspicious activity.
Implementing automation into your security procedures comes down to your choice of security tools or managed security services. In many cases, a managed service can help you implement automation into existing security tools or help you implement new tools more suited for your business and security needs.
Implement new technologies carefully
The Trend: The rapid adoption of new technologies can result in security blind spots.
As new technologies develop at a continuingly dizzying pace, it’s becoming difficult to track the vulnerabilities that come with them. Even so, identifying vulnerabilities is essential, especially as emerging technologies such as the Internet of Things (IoT) and 5G are set to become ever-prevalent into the next year.
Hackers have already been quick to identify many of these vulnerabilities for themselves. According to Threatpost, IoT devices are already being used for botnets, which could have the potential to commit even greater distributed denial of service (DDoS) attacks using 5G’s increased bandwidth.
Of course, 5G and IoT aren’t the only emerging technologies to keep an eye on—they only serve as convenient and relevant examples. No matter the technologies you choose to adopt, the following strategy can help you guarantee their security.
The Solution: Carefully monitor data sent by all devices in your stack and stay aware of potential vulnerabilities.
How you monitor data sent by your devices will depend on – you guessed it – the devices themselves. However, since IoT is becoming increasingly commonplace, we’ll touch upon it briefly as an example.
As we discussed in the last post, almost every new device and appliance technical counts as an IoT device: With everything from watches to refrigerators connecting to the Internet, almost everything can now serve as an attack vector into a network or one of the thousands of bots in a botnet.
With many private IoT networks having potentially hundreds of individual devices (such as hundreds of sensors in a smart factory), keeping track of every bit of data sent between them quickly becomes tedious and time-consuming. However, it’s still important: If a single sensor or smart device is compromised, then it could place the rest of the network at risk.
To mitigate this risk, make sure that your chosen security tools or managed service are capable of monitoring all data sent by IoT devices—and not just the immediately important data. Also, like with cloud security, compartmentalise and isolate devices from the rest of the network while assuming a “zero trust” approach whenever possible.
Utilise security tools and managed security services
The Trend: The growing cybersecurity talent gap is leaving companies unequipped to face the latest security challenges.
Cybersecurity experts are in high demand, with Cybercrime Magazine reporting an estimated 3.5 million open positions expected in 2021. Unfortunately, the demand will likely remain unsupplied as the global cybersecurity talent gap continues to grow—even as threats continue to mount.
Unable to get the right talent, many companies have resorted to “do-it-yourself” security options, using out-of-the-box security tools and suites in a hope of securing their resources. While many in-house IT professionals are proving capable of handling the extra responsibility and setup, many have not; as it turns out, security is often a full-time job.
However, that doesn’t mean that the tools themselves aren’t useful. The key to effective security, it seems, is finding the right people to help without having to hire in-house.
The Solution: Utilise a managed cybersecurity service if you can’t hire in-house security staff.
Though cybersecurity may be a full-time job, it doesn’t have to be a full-time commitment: Using a combination of security tools and managed cybersecurity services, many companies are achieving the same results as they would with an in-house security team without actually having to hire in-house employees.
Given the cost savings and the ever-growing cybersecurity talent gap, hiring a managed security service will likely remain the most cost-effective security solution for small- to mid-size companies and public institutions.
Another benefit of a managed cybersecurity service is that it doesn’t always require a long-term commitment: If a company is confident in managing security but needs help setting up the right suite of tools and resources, then a managed service makes for an ideal solution.
In any case, companies need to do something to fill the talent gap in some way, whether that means hiring in-house, hiring a managed service, or setting up their chosen security tools the best they can. Truly, some protection is always better than no protection!
Takeaways: 6 Security Upgrades to Implement Right Now
Phew! That was a lot of information. Thankfully, it all comes down to just a few key upgrades that will help you stay secure in 2021:
- Implement multi-factor authentication (MFA/2FA)
- Adopt a zero-trust security approach everywhere (especially in the cloud!)
- Make cloud resources visible and traceable
- Use security automation to augment the most repetitive security tasks
- Stay updated on system vulnerabilities and device activity
- Utilise the latest security tools or a managed cybersecurity service
Still not sure how to implement these changes into your organisation? Don’t worry! Stay tuned to the Blackbird IT blog or contact us to learn more about how our managed cybersecurity and IT services can help you stay secure and maintain a competitive advantage.
About Blackbird IT
Blackbird IT strategically implements technology in workplaces to deliver powerful operational efficiencies, competitive advantage and innovation for every business. See some of our client case studies and partnerships here. Enabling a security-minded culture for the Australian business community is our goal and we pursue an outcome-driven approach for managing all your technology needs, and to help you realise your potential.