Threat Management, Security Strategy, Plan, Budget

Mind these five mistakes when responding to infosec threats

Five security mistakes

Cybercrime has become much easier to commit. Everyone has access to incredible open-source resources for learning attack tactics and techniques. At the same time, they also have an entire cybercrime underground at their disposal. They can simply outsource cybercrime activities to cyber mercenaries. The cyber mercenaries-for-hire model brings together skilled individuals capable of executing each step of the cybercrime lifecycle, from data gathering to exploitation to money handling – with targeted expertise.

Interestingly, the threats aren’t new, but the techniques are. On the other hand, organizations have access to all the security tools they need to combat cyber incidents. Companies need to adjust their approach to ensure they architect their defenses correctly.

Here are a five common mistakes businesses keep making despite having the right tools and talent on board:

The myth of outrunning the bear

Organizations sometimes wrongly believe cybercriminals might prefer pursuing the easier target if they can get leverage over neighboring organizations with a product, like multi-factor authentication (MFA) or a next-gen firewall. Unfortunately, the “outrun the person, not the bear” approach does not apply to cybersecurity. Determined cyber attackers will keep probing an organization’s defenses if they consider it, or anyone in its supply chain, a good enough target. So, it’s no longer about having additional security layers more than a local mom-and-pop, but establishing a holistic defense-in-depth strategy to ward off persistent attackers determined to go after a particular target.

Treating cyberattacks as a single point of failure

Many companies also look at an attack as a set of siloed events. Phishing, malware, network discovery, lateral movement, password stealing, and even ransomware, are all part of a complete attack lifecycle. It isn’t a single weak password or a vulnerable system, or a phishing attempt that causes devastating attacks. Threat actors must bypass each security layer to orchestrate a successful attack. When organizations focus too much on a single point of failure, they fixate on perfecting a single element, such as establishing phishing resiliency, while leaving other attack avenues open. Instead, organizations should look at the complete attack lifecycle, in which the defenders have many different choke points with opportunities to detect, mitigate or prevent the attack. To do that, organizations need full visibility across their networks and the ability to centrally enforce their security policies. It’s something a converged security stack with centralized visibility and management can achieve, not a set of point solutions with siloed visibility and no context sharing.

On-prem thinking and point solutions

Phishing, social engineering, malware, and even ransomware have been around for a long time. Cyberattacks themselves are often the same, but organizations have moved to the cloud, embracing remote working and BYOD. Threat actors have adapted accordingly. Needless to say, security strategies and solutions must adapt to today’s cloud-first environments. On-prem thinking and solutions based on multiple security boxes in multiple locations are no match for today’s ubiquitous networks and threats. Attackers can use any unmonitored and unsecured channel, so companies need to gain full visibility. Next, they need to contextualize the data to paint a bigger picture. Finally, have a single policy the security team can apply  anyone, anywhere. Security teams can’t do this with multiple siloed point solutions with overlapping functionality, visibility loopholes, and no contextual and situational awareness. Organizations need well-integrated, cohesive security capabilities delivered over the cloud, as in secure access service edge (SASE) architectures. A unified, cloud-based architecture can also boost preparedness for future threats. Instead of purchasing a point solution each time a new need or threat arises, a cloud-based security architecture can allow organizations to simply switch on the capability they need.

The curse of inconsistent policies

Cloud and work-from-home adoptions can often lead to inconsistent policies. Organizational security policies must remain consistent for all users, endpoints, and connection types. The policy must follow the user across networks, locations, and devices. Admins must also apply security patches, policies, and controls instantly to any user, application, or device anywhere. To achieve that, all network traffic flows must consist of a single pass engine, contextualized based on situational awareness, and monitored via a unified management console.

  • Resisting newer technologies.

Cybercriminals are savvy and adapt to newer technologies and paradigms much faster than organizations and their teams. While organizations are contemplating if technologies like Catgut can replace security products and people, cybercriminals may use it to better tune, localize, and distribute existing attack vectors. Instead of being apprehensive and resisting newer technologies, organizations must evaluate how they can harness their power to strengthen their defenses and stay ahead of malicious threat actors.

Cybersecurity has become a business issue rather than a purely technical one. Just as threat actors share data and collaborate to form cybercrime syndicates to execute evasive attacks, organizations should also get various disciplines on board to create an all-encompassing cybersecurity strategy.

Etay Maor, senior director of security strategy, Cato Networks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.