Our Security Architect, Callum Butler, gives his view on the security challenges of the past year, and the cybersecurity trends to keep an eye on.
Securing the digital workspace
So, we are almost at the close of 2020, and what a year it has been within security. We started the year with a ransomware attack and ended the year with eye-watering vulnerabilities. It has been a fun one for us all. Oh, and if that wasn't enough, we had the whole pandemic to deal with whilst trying to keep our estates secure and remote workers safe in unknown networks.
But whilst it has been difficult, we have learnt to adapt in ways we never thought possible. For example, rather than attending my usual security conference in person in the hot Las Vegas sun, I participated virtually, comfortably installed at my regular desk and chair. It has been one to remember.
AI has been an enormous helper in the security space this year with security orchestration and automation tools helping SOC’s (Security Operations Centres) globally fight cyber-attacks. Better yet, solutions such as Defender ATP or Cylance are helping to prevent and mitigate the actions of 0-day attacks. This is when attackers take advantage of a security vulnerability on the same day that the vulnerability becomes publicly known. Moving forward, we are likely to see AI-driven security become an ever-more powerful tool in the Security Analyst’s arsenal.
Educating end users
So, what should we be executing in 2021? Firstly, we need to help end-users understand that their actions can cause disruption. This year we have seen phishing cases soar through the roof with small to medium-sized businesses being targeted the most. Implementing an email security solution helps mitigate that. For example, solutions such as Mimecast, Proofpoint or even Defender 365, can help reduce the amount of spam. Taking this one step further, linking these types of solutions into mail exchanges allows IT admins to remove unknown emails from a user’s mailbox, preventing unwanted interaction.
In my opinion, running a rigorous training program that employees are encouraged to follow, can be the difference between your company facing a breach, or not.
With regards to the endpoint, ensuring you have monitoring in place again is vital if you need to analyse a particular machine. With many devices being out of the network, having users stay behind an IPS can be difficult - even non-existent if they choose not to connect via a corporate VPN. Investing in solutions such as SIEM allows for effective monitoring of your endpoints. Couple this with technologies such as Defender ATP, that use AI to protect your user's end device, and this can dramatically reduce the impact an incident can have on your end user.
Securing remote workers
We shouldn't forget about internal infrastructure. In some cases, gung-ho changes have been made to ensure users can work from home. This has been confirmed by internet search engine Shodan. They reported the number of RDP ports open spiked by 41% - which is worrying*. These remote access protocols can be a gateway into your network, and in most cases, are. Especially if you are a smaller business with no real in house IT proficiency. Ensuring solutions such as VPN's are in place and locked to corporate machines is critical. Couple this with strict user access, and you can help mitigate the possibility of lateral movement from malware attacks.
And finally, it’s important to be both reactive and proactive. In other words, having solutions to find vulnerabilities is one thing, but regular testing that goes above-and-beyond is another. Look for providers that offer you both a vulnerability management solution whilst also tapping into various threat intelligence feeds for information gathering. Both provide invaluable information about what resides on an endpoint as well as your infrastructure.
From a security perspective, 2021 is all set to be an exciting year as 2020 was, if not more so. Look out for new solutions from cybersecurity start-ups as well as the new vulnerabilities and exploits being developed by the red teaming community.
And hey, if we are lucky, the security teams can reunite in Vegas once again.
Security Architect, CANCOM