In a recently released statement, EasyJet, a budget airline in the UK revealed that data from over 2,000 credit cards were stolen in a new data breach. The attack has been identified as highly sophisticated and was obtained through a fraudulent third-party attack. In total, the third-party access managed to sneak information of over 9 million customers.
This is the latest example of third-party cyber-attacks, which remain on the rise, thanks to the rising number of VPNs globally. Such attacks present major challenges for enterprises as these not only lead to operational halts, but also cumbersome costs in potential liabilities. David Strom, an expert on internet technologies and network spoke to IDG on securing IT infrastructure from third-party attacks. According to David, organizations require more comprehensive solutions than the traditional model of limiting cybersecurity to risk assessment on spreadsheets.
According to David, cybersecurity has evolved into a complex procedure and requires more involvement from all departments of organizations. He says supply chains are increasingly under stress due to the ongoing pandemic. Moreover, due to legislation like GDPR, and CCPA, businesses face more stringent compliance. He believes reliance on spreadsheets quickly becomes outmoded. This mechanism is often error-prone and lacks data visualization capabilities. On the other hand, according to David, enterprises can support collaboration and corporate policies around risk management.
Below are David Strom’s 3 practical recommendations for enterprises.
Chief Trust Officer
David says it is important for organizations to create a position like the chief trust officer. According to him, this person will help stakeholders work together, as well as ensure they get the right set of tools for risk management. Moreover, he believes such authority can promote more trust and additional efforts across various teams. A Chief Trust Officer can also provide necessary authentication access and seamless procedures for risk management, as well as productivity.
According to David, enterprises need to integrate advanced security practices across all their endpoints. One of these key practices includes integration of multi-factor authentication for email clients and endpoints. According to the latest reports, security automation in areas like network security is also a great way to reduce costs in managing network security. He also recommends enterprises to embed security automation wherever possible. Integrating the user’s perspective as primary, while sharing best practices between risk management teams, and IT security is also a useful practice.
Zero Trust Security Model
David recommends enterprises to integrate zero-trust security models in their cybersecurity practices. This model has lately been in the news due to rising cybersecurity products in the category, and the growing inability of traditional approaches to deal with cyber threats. Due to the Covid-19 pandemic, the agency managing services in the White House witnessed a 900% increase in telework, and 483% increase in VPN usage. The agency guided by Cybersecurity and Infrastructure Security Agency (CISA) deployed a Zero Trust approach that relied on multiple layers of security, multiple parameters, and additional security checks to provide complete security. While security for enterprises may not need such intensive work, the basic processes like multiple-layers and multi-factor authentication remain the need of the hour.