Winning The Cyberwar: Are You Well -Equipped?

Manikant R Singh, Chief Information Security Officer, DMI Finance | Thursday, 03 February 2022, 14:22 IST

Revisit It!
It is an agreeable aspect that the dominant and small players in the business and industrial sectors are embracing new technologies. It has become an essential thrust area for today's organization. But the sad part is that the most players are not prepared for the new level of  attack ecosystem.

I know, you are nodding now!
In this new age, we are connected more digitally. At the same time, we are defenceless to the cyber criminals who comprehend the underlying technologies.

Indeed, we are!
The multi fold growth in digital economy has tossed various cybersecurity concerns especially with Personally Identifiable information (PII) data.

If you are a CXO of a company or an individual who has sensitive information, then, friend, this theme is  for you.

"Common vulnerabilities and mis-configuration include default accounts with default credentials, open unwanted ports, privileges misconfigured or automatic login is enabled"

In the new age era, as more things are getting connected, cybersecurity is an ever relevant topic. Cybersecurity has become a big concern for an individual and the Nation as well. The CXOs are working toward building a secure environment. The Nation and organization have increased their cybersecurity spending to prevent embarrassing state sponsored attacks and costly breaches.

The global cybersecurity market size is estimated to reach $395 billion by 2025 owing to rise in data breaches at global level, Adroit Market Research reports. Many governments are issuing new laws and regulations which compel the organizations to have the right  cyber security control.

While everyone has put their basic security in place focusing on the big picture of Physical, Logical, DB, and role based access, one of the important data pertaining to device connecting to the internet has certainly got under the carpet.

At the perimeter, firewall keeps filtering unauthorised access with predictable rule based engine and Intrusion prevention systems. A decent Antivirus/Anti Malware program is there to block malware or the viruses. However, these Antivirus/Anti Malware cannot combat the advanced attacks (APT), leaving the endpoint much more vulnerable.  

What are these endpoints?
Endpoints are often a convenient entry point where criminals gain access to devices and victims' sensitive data. The agonizing thing is that this is also the most effective route to enter any organisation via the legitimate ports. Security researchers have identified that over 70 percent of breaches originates from endpoint.

Believe me, I say hackers are not at all a threat to our organization, but endpoints are!
Insider threats are the managed concerns which can open doors for casual and offensive attackers. Poor intelligence and management fails us more often than we expect or know.

You need a more thoughtful maintenance strategy for endpoint security.

Endpoint security trend reports say that there occurs an encryption failure at any point of time in the device population. Several devices might have missing or outdated AV/AM tools and devices requires at least one patch management repair every thirty days. Of course, with some endpoints, you can set it and forget it.

The question is where we lagged in ensuring the protection of our devices?

Where did we fail to do so? What can go wrong?
For every managed asset, there is a known and unknown vulnerability which needs to get handled either by flags or by enforced policies. One of the key factors for compromise is the Endpoint complexity. Business disruption comes from misconfiguration attacks.

Common vulnerabilities and misconfiguration include default accounts with default credentials, open unwanted ports, privileges misconfigured or automatic login is enabled. Study says 27 percent of the organisations accept their configuration mismanagement at their Endpoint Security which poses a great challenge.

What can be done to reduce this?
Predictions say, out of global IT security spend about $128 billion in 2020, 24 percent security spend is expected to be allocated to endpoint security. This investment would significantly grow in this decade.

Simple Steps to reduce endpoint security challenge
To continue, let's have a look at the basic essentials to address endpoint security challenge.

Endpoint Security Strategy - Basic essentials
·Discovery:
 Auto or manual discovery of the connected devices/endpoints. Routine vulnerability scanning can help updated inventory besides protecting the unprotected endpoints.

·Monitoring: Deploying cloud based centralized end point management tool will enable consistent monitoring of the connected devices and help feeds to threat hunting network.

·Protection: Strategically implement an advanced anti-virus/anti-malware solution which will be sufficient to monitor, analyse and upscale

·Alert: Besides having a well documented incident response policy, and implemented, have a quick remediation which is integrated with your network management tool to ensure faster response in the event of breach.

A final note
Hackers are getting more efficient. They ensure that there are no foot prints left behind for forensics leading to difficulty in detecting the breaches.

No worries! Have persistent approach to make your organization resilient.

To measure your security posture, you need to know whether your endpoints are behaving as expected.

To support, there are only few tamper proof endpoint visibility and control solution in the market like Crowd Strike, Carbon Black, Sophos, TrendMicro, etc.

It's not about what you implement it's about how you implement. What do you say?