Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

7/1/2021
10:00 AM
Rick van Galen
Rick van Galen
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Stop Playing Catchup: Move From Reactive to Proactive to Defeat Cyber Threats

One-time reactive measures can't keep up. It's time to be proactive and pick our swords and not just our shields.

Breaches are now happening with such frequency that a reactive response is no longer the correct answer. Historically, a breach would happen, a company would respond, and their customers would update passwords and move on.

Related Content:

Reactive or Proactive? Making the Case for New Kill Chains

Special Report: Building the SOC of the Future

New From The Edge: 7 Powerful Cybersecurity Skills the Energy Sector Needs Most

These breaches and attacks are happening daily, sometimes more. Over the course of 2020, losses from cybercrime rose sixfold. In the United Kingdom alone, nearly half of businesses reported some form of cybersecurity attack, and the average business cost of a data breach is close to $4 million.

These indications could mean a bunch of things. The news may come out easier, as journalists find it easier to report on them. Criminals may become more numerous and better organized. What stands out to me at least, is that more and more organizations are not ready for the world of security threats relevant in 2021.

As we adjusted to the pandemic, cybersecurity trended — quite unfortunately — in the wrong direction. While our work lives merged with our home lives, many businesses relaxed their security protocols to accommodate this shift. In a recent IDG survey, nearly 80% of IT security leaders felt their organization lacked sufficient protection against cyberattacks. And recent news indicates that many of those are being caught red handed.

The time for one-time reactive measures is over. It's time to be proactive and pick our swords, not just our shields.

So then, how can an organization even begin to build their defenses against would-be attackers? While the major fixes to outdated software and systems will take time to develop and update, there are steps that can be taken to help both in the short-term as well as building a foundation for the future.

Build a Culture of Security
Security should be a team effort — with every single employee involved. 

What this means is that security should no longer just be the responsibility of under-resourced security teams, but something everyone thinks about and deals with as part of their day-to-day work. It might start with creating a security handbook, or having a monthly security lunch-and-learn. But ultimately, empowering employees to secure their own work through training, tooling, and ongoing learning will make both your business as well as your team far more secure.

Of course, all of this begins with leadership that recognizes the security needs of modern companies, puts security first, and are ready to build the aforementioned culture of security within an organization. This can be a challenge during a time where good security experts are in high demand. Every organization is looking to bolster their defenses, so while you work on your culture of security, what else can you do?

Add a Second Factor to Your Logins
Multifactor authentication (MFA) adds a second layer of protection and should be used wherever it is available. It doubles down on identity verification and requires an authentication code after the correct password has been entered. MFA can be managed digitally on your phone or by using hardware-based authentication, which relies on a physical device such as a YubiKey.

If there's ever a case where your password has been compromised, two-step authentication makes it more difficult for hackers to access the account.

Most modern tools now have MFA as an option, and many such as Google Workspace (formerly G Suite) have the ability to enable MFA for every user in the organization. 

If you aren't sure which of your tools has MFA as an option, 2fa.directory, a community curated directory, lets you search by name, and even shows you how to enable it!

Test, Test, and Test Again!
Thankfully, as well as a world full of bad actors looking to thwart your security and breach your systems for nefarious gains, there is another, equally clever group of people who want to use their security and technical abilities to help you.

White-hat hackers, penetration testers, security researchers, and more are all available (for a fee) to break into your systems at your request and tell you what needs fixing, and how. Running a bug bounty is a great way to encourage this behavior. The researchers get a financial reward for their efforts, and you get consistent, ongoing feedback on the state of your security. 

You might think this is just advice for software vendors or IT data centers, but even if your company just has a website, you need to think about this. Every company, not just technical ones, must incorporate regular testing and auditing of how they and their suppliers process information.

A Life-Long Effort
To wrap up, I have something to say here that you might not like. This is going to take you the rest of your company's life to figure out: Attackers don't sit still, and attacks are getting more complex by the day. It's an ever-evolving picture. It also might cost you some money, but it's probably going to cost a lot less than doing nothing would. This is not a one-time project; a security culture needs to evolve and adapt.

Accepting a new IT world that is built on strong authentication and endpoint security not only makes IT more resilient against modern threats, it also helps companies transition into a remote-first world.

Rick van Galen is a security engineer at 1Password, the leader in providing private, secure and user-friendly password management to businesses and consumers globally. Based in Toronto, he spearheads the company's reputational and industry-leading security protocols. Rick is ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-26587
PUBLISHED: 2021-09-27
A potential DOM-based Cross Site Scripting security vulnerability has been identified in HPE StoreOnce. The vulnerability could be remotely exploited to cause an elevation of privilege leading to partial impact to confidentiality, availability, and integrity. HPE has made the following software upda...
CVE-2021-36878
PUBLISHED: 2021-09-27
Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing plugin (versions <= 2.0.5) makes it possible for attackers to update settings.
CVE-2021-37539
PUBLISHED: 2021-09-27
Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remote code execution.
CVE-2021-33907
PUBLISHED: 2021-09-27
The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate the certificate information used to sign .msi files when performing an update of the client. This could lead to remote code execution in an elevated privileged context.
CVE-2021-34408
PUBLISHED: 2021-09-27
The Zoom Client for Meetings for Windows in all versions before version 5.3.2 writes log files to a user writable directory as a privileged user during the installation or update of the client. This could allow for potential privilege escalation if a link was created between the user writable direct...