The cybersecurity environment facing businesses is more challenging than ever. Cybercriminals have vast resources, great skills and sophisticated tools to attack organizations of every size in every industry.
To make matters worse, more nation-states are taking up offensive cyber capabilities against the U.S., said Rick McElroy, security strategist for Carbon Black, during a presentation at the CDW Managing Risk Summit this week in Las Vegas. "The bad guys have become emboldened," he added.
McElroy and other speakers at the summit suggested a number of tools and tactics that businesses can use to address the growing cyberthreat.
Separate Critical Systems with Network Segmentation
Unpatched systems remain a common vulnerability. Even after exploits have been widely publicized, many organizations still are unable to completely update their systems with patches. The attackers who carried out the Equifax breach of 2017, which affected 143 million people, gained initial access through an unpatched server, said author and security expert Brian Krebs, in a keynote at the summit.
Internet of Things (IoT) systems, which often are located in remote areas too far from IT staff to implement a patch, can be particularly susceptible to this vulnerability. Experts at the summit identified segmentation as a key solution to address vulnerable unpatched systems. Segmentation uses tools such as firewalls and virtual local area networks to split networks into separate segments so that unauthorized traffic cannot travel between points on the network. A similar strategy, microsegmentation, breaks the network down into even smaller pieces, restricting more granular traffic.
These approaches can limit the spread of malware such as ransomware and keep attackers who penetrate one system from gaining access to others, said Elton Fontaine, systems engineering director for Palo Alto Networks. Fontaine said segmentation can be complicated. He suggested that IT teams start their efforts with mission-critical systems such as IoT networks and financial databases to protect the most valuable data.
IT Must See Threats Clearly and Act Quickly
Speakers at the summit also highlighted the need for visibility into all data and traffic as part of an effective security strategy. Raja Patel, vice president and general manager of corporate products for McAfee, summed up the situation simply: "You can't protect what you can't see."
The evolution of IT infrastructure has made establishing visibility even more challenging. Mobile devices and cloud solutions extend the boundaries of where data traditionally traveled within an enterprise. Tools such as next-generation firewalls and security incident and event management systems can provide visibility into where and how data is transmitted across the network. This can help IT teams spot anomalies that could be a sign of trouble. "We should know more about our behaviors and systems than the bad guys do," McElroy said.
Many security solutions also incorporate artificial intelligence and machine learning capabilities to detect new attacks. Tools that provide the necessary visibility into data and traffic produce vast amounts of data that must be analyzed. This flood of data is more than humans can effectively analyze. Automated solutions that rely on machine learning can produce results much more quickly.
Speed is critical in the modern security environment, noted Sadik Al-Abdulla, director of security solutions with CDW. It takes the average organization 191 days to discover a data breach, according to a 2017 study by the Ponemon Institute. Identifying a breach sooner can significantly reduce the impact of an attack. "As security groups, we've got to figure out how to become more agile," Patel said.
Go On the Offensive to Deceive Malicious Actors
One promising solution that can help organizations in the fight against cyberattackers is deception technology. McElroy pointed to the campaign of French President Emmanuel Macron as a successful example of the use of this technology. Macron's campaign had email stolen by Russian hackers, but the campaign flooded the attackers with false email traffic as well, making it difficult for the attackers to identify what was legitimate and what was bogus. The release of the stolen documents on websites such as 4chan and WikiLeaks was reported to have been a "dud."
Tools that enable security teams to carry the fight to attackers may become more important in the future. As cyberthreats become more sophisticated and dangerous, businesses will need all the help they can get.
For our full array of articles and videos from the conference, check out BizTech’s coverage of the CDW Managing Risk Summit here.