The COVID-19 crisis has limited the resources available – forcing the enterprise security teams to work on their efficiency and their performance by delivering more with less
It’s definitely not the time when business operations are as usual. Threat actors are taking complete advantage of the uncertainty by launching the most innovative cyber-attacks ever, leveraging tactics such as ransomware, phishing, and credential stuffing. As per the VMware Black threat research, the ransomware attacks have alone skyrocketed 148% in the past month.
Many firms are being forced to delay the implementation of planned IT security projects and downsize staff. More than ever, it’s crucial to focus on defense strategies now to ensure improved resilience while stretching their budget. The ESG research predicted that 62% of enterprises are poised to enhance their cybersecurity spending in 2020. About 32% of the survey respondents confirmed that they would invest in cybersecurity technologies using ML and AI threat detection, about 31% focus on data security, 30% on network security, and cloud application security at 27%. Though, these all factors have now turned upside down as the “new normal” requires re-structuring and rethinking traditional security strategies.
To improve cyber resilience, it’s vital to focus on the effectiveness of the security controls in the context of hackers’ techniques, tactics, and procedures ― often referred to as TTPs. Such an approach will help security leaders to defend their operations against the cyber adversaries in the face of budget cuts and reduced staff.
The following are the five best practices, based on an analysis of threat actors’ TTPs, that can improvise the cyber resilience without the need for increasing resources:
Boost the Infrastructure Immunity
The ransomware attacks have spiked over exponentially in the last two months with no relief is in sight. The basic best practices to implement are security awareness programs, regular data back-up, and apply for the least privilege access. These can minimize the firm’s exposure to ransomware threats.
Avoid Taking the Phishing Lure
Stealing valid credentials through phishing attacks and misusing them to access a network is less risky, more comfortable, and more efficient than exploiting other existing vulnerabilities. Phishing emails have got spiked by over 600% since the February end, as confirmed by Barracuda Networks. Cybersecurity defenses need to promptly adapt to this reality by – user education and modernizing the organization’s authentication systems.
Multi-Factor Authentication Game
Threat actors are no more “hacking in” for data breaches. Instead, they are efficiently exploiting default, stolen, weak, or otherwise compromised credentials. Hence, multi-factor authentication (MFA) remains the most basic but reliable option for augmenting the enterprise’s existing access controls. Replacing or supplementing password and username authentication with MFA pulls up the bar and costs for the hackers, pushing the rate of compromise close to zero.
Establish Secure Remote Access
With remote working being implemented globally, this remains one of the critical factors to consider. Enterprises are focusing solely on the workforce productivity to get the daily operations up and running, but this is where the cyber threats are seeping in. During a crisis, organizations should, in fact, focus more on revisiting their remote access deployments to assure both IT admins and employee accounts access to protect them from threat actors.
Enforce Least Privilege
Forrester Research estimates that about 80% of all security breaches are a result of compromised privileged credentials. Imposing better controls over the human element leading to data breaches remains a crucial factor that leads to significant improvement. For IT admins and super users, least privilege access based on just-in-time privileged access management (JIT PAM) is the most recommended practice.
With IT budgets getting cut back due to the economic contraction caused by the pandemic, security teams should focus on delivering more with less. Focusing on these essential factors as a security perimeter will be an efficient and effective way to mitigate cyber-threats and risks.