Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

7/1/2021
10:00 AM
Rick van Galen
Rick van Galen
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Stop Playing Catchup: Move From Reactive to Proactive to Defeat Cyber Threats

One-time reactive measures can't keep up. It's time to be proactive and pick our swords and not just our shields.

Breaches are now happening with such frequency that a reactive response is no longer the correct answer. Historically, a breach would happen, a company would respond, and their customers would update passwords and move on.

Related Content:

Reactive or Proactive? Making the Case for New Kill Chains

Special Report: Building the SOC of the Future

New From The Edge: 7 Powerful Cybersecurity Skills the Energy Sector Needs Most

These breaches and attacks are happening daily, sometimes more. Over the course of 2020, losses from cybercrime rose sixfold. In the United Kingdom alone, nearly half of businesses reported some form of cybersecurity attack, and the average business cost of a data breach is close to $4 million.

These indications could mean a bunch of things. The news may come out easier, as journalists find it easier to report on them. Criminals may become more numerous and better organized. What stands out to me at least, is that more and more organizations are not ready for the world of security threats relevant in 2021.

As we adjusted to the pandemic, cybersecurity trended — quite unfortunately — in the wrong direction. While our work lives merged with our home lives, many businesses relaxed their security protocols to accommodate this shift. In a recent IDG survey, nearly 80% of IT security leaders felt their organization lacked sufficient protection against cyberattacks. And recent news indicates that many of those are being caught red handed.

The time for one-time reactive measures is over. It's time to be proactive and pick our swords, not just our shields.

So then, how can an organization even begin to build their defenses against would-be attackers? While the major fixes to outdated software and systems will take time to develop and update, there are steps that can be taken to help both in the short-term as well as building a foundation for the future.

Build a Culture of Security
Security should be a team effort — with every single employee involved. 

What this means is that security should no longer just be the responsibility of under-resourced security teams, but something everyone thinks about and deals with as part of their day-to-day work. It might start with creating a security handbook, or having a monthly security lunch-and-learn. But ultimately, empowering employees to secure their own work through training, tooling, and ongoing learning will make both your business as well as your team far more secure.

Of course, all of this begins with leadership that recognizes the security needs of modern companies, puts security first, and are ready to build the aforementioned culture of security within an organization. This can be a challenge during a time where good security experts are in high demand. Every organization is looking to bolster their defenses, so while you work on your culture of security, what else can you do?

Add a Second Factor to Your Logins
Multifactor authentication (MFA) adds a second layer of protection and should be used wherever it is available. It doubles down on identity verification and requires an authentication code after the correct password has been entered. MFA can be managed digitally on your phone or by using hardware-based authentication, which relies on a physical device such as a YubiKey.

If there's ever a case where your password has been compromised, two-step authentication makes it more difficult for hackers to access the account.

Most modern tools now have MFA as an option, and many such as Google Workspace (formerly G Suite) have the ability to enable MFA for every user in the organization. 

If you aren't sure which of your tools has MFA as an option, 2fa.directory, a community curated directory, lets you search by name, and even shows you how to enable it!

Test, Test, and Test Again!
Thankfully, as well as a world full of bad actors looking to thwart your security and breach your systems for nefarious gains, there is another, equally clever group of people who want to use their security and technical abilities to help you.

White-hat hackers, penetration testers, security researchers, and more are all available (for a fee) to break into your systems at your request and tell you what needs fixing, and how. Running a bug bounty is a great way to encourage this behavior. The researchers get a financial reward for their efforts, and you get consistent, ongoing feedback on the state of your security. 

You might think this is just advice for software vendors or IT data centers, but even if your company just has a website, you need to think about this. Every company, not just technical ones, must incorporate regular testing and auditing of how they and their suppliers process information.

A Life-Long Effort
To wrap up, I have something to say here that you might not like. This is going to take you the rest of your company's life to figure out: Attackers don't sit still, and attacks are getting more complex by the day. It's an ever-evolving picture. It also might cost you some money, but it's probably going to cost a lot less than doing nothing would. This is not a one-time project; a security culture needs to evolve and adapt.

Accepting a new IT world that is built on strong authentication and endpoint security not only makes IT more resilient against modern threats, it also helps companies transition into a remote-first world.

Rick van Galen is a security engineer at 1Password, the leader in providing private, secure and user-friendly password management to businesses and consumers globally. Based in Toronto, he spearheads the company's reputational and industry-leading security protocols. Rick is ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-42258
PUBLISHED: 2021-10-22
BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can include ...
CVE-2020-28968
PUBLISHED: 2021-10-22
Draytek VigorAP 1000C contains a stored cross-site scripting (XSS) vulnerability in the RADIUS Setting - RADIUS Server Configuration module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username input field.
CVE-2020-28969
PUBLISHED: 2021-10-22
Aplioxio PDF ShapingUp 5.0.0.139 contains a buffer overflow which allows attackers to cause a denial of service (DoS) via a crafted PDF file.
CVE-2020-36485
PUBLISHED: 2021-10-22
Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted JPEG file.
CVE-2020-36486
PUBLISHED: 2021-10-22
Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting (XSS) vulnerability via the 'path' parameter of the 'list' and 'download' exception-handling.