7 Ways to Avoid Worst-Case Cyber Scenarios
In the wake of devastating attacks, here are some of the best techniques and policies a company can implement to protect its data.
Source: avionymous via Alamy Stock Photo
While technology has changed the world for the better, this rising dependence has also increased cyber risks. From an exponential increase in online scams to a growing number of human-error problems, there's a greater need to prepare for worst-case cybersecurity scenarios.
But this kind of preparation requires a proper understanding of what the worst-case scenarios are and how they can be managed. "By definition, the worst-case scenarios for cybersecurity are when human life is at risk due to an attack," says Matthew Warner, CTO and co-founder of Blumira, a detection and response platform that enables faster resolution of threats to help stop ransomware attacks and prevent data breaches. For businesses, this can mean a loss of important, sensitive information that puts lives in danger or threatens to shut down the company.
Fortunately, awareness around cybersecurity is widespread. Governments are issuing recommendations and passing laws, and companies are actively deploying measures to safeguard data. Here are some of the best ways to prepare for the worst-case cyber scenarios.
Source code being stolen and leaked is a longtime pattern, going back to Microsoft Windows in 2004 and Diebold voting machines in 2006. Warner says, "These days source code is often stolen either by accessing accounts through poorly configured MFA and credential stuffing; vulnerabilities that allow access to local files remotely, e.g., local file inclusion; or rogue git repositories that were improperly made public."
The best way to prevent source code from being stolen is to protect all data equally and follow least-access privilege principles whenever possible, he adds. For example, only people who must work on source code should have access to it.
But the problem with this approach is that it interferes with developers' workflow. "Loss prevention for source code often competes against developer productivity and quality of life issues that few companies can afford to compromise on," says Casey Bisson, head of product and developer enablement at BluBracket, a platform that protects software supply chains by preventing, finding, and fixing risks in source code. "Developers don't want to work in environments where they face access barriers to getting things done, and when companies that grant broad access can innovate and grow faster than those that don't, the market has a way to force change," he says.
So the best option is to ensure that secrets, passwords, and keys are never present in the source code. Moreover, there are software packages that aim to prevent both accidental and intentional leaks, such as data loss prevention software that scans emails and other network traffic for sensitive data, suggests Jason Hong, professor at the School of Computer Science at Carnegie Mellon University. Researchers are also looking to develop heuristics to detect insider threats so there will be more solutions available in the future, he adds.
The biggest failures in avoiding cloud breaches and exposed systems because of configuration issues spring from configuration accidents and configuration problems due to risk ignorance.
"Configuration accidents can include everything from true mistakes or oversights — failure to require 2fa to access a sensitive resource — to systems that provide too little protection against social engineering — no visibility to typo-squatting attacks," Bisson explains.
Fortunately, there are many solutions for this. Hong suggests that companies should set better defaults — e.g., everything is private by default, and you have to take explicit steps to make certain parts publicly visible. He also recommends having strong, unique passwords for cloud services and using two-factor authentication, since incidents like the Colonial Pipeline attack happened because of a compromised password.
Warner adds it's important to regularly assess your attack surface through vulnerability scanning and Internet-scanning tools like Shodan and Censys. Bisson also recommends the We Hack Purple mini-course on incident response.
Ransomware can be a huge nuisance (and an economic loss) for companies, but few are actively working on preventing such attacks. "Large companies have enormous installed bases of legacy software full of vulnerabilities," Bisson says. "For many companies, they have to compare the cost and disruption of upgrading those systems against the risk of a ransomware attack and the payout needed to recover."
While some businesses may see ransomware as a matter of profit and loss, for organizations like hospitals, it's a matter of life and death, Bisson adds.
While these attacks can't be completely avoided, companies can get leverage over the attackers by having a backup. Implementing strong procedures to trigger any critical priority processes to restore backups will go a long way in mitigating the risks of ransomware attacks, Warner says.
Data breaches and ransomware attacks can lead to companies losing a lot of important data because it's difficult and expensive to create multiple backups of all the data required to keep the business running.
However, hoarding an unnecessarily large amount of data never helps. In fact, it can work against you in case of data breaches and ransomware attacks. So the best prevention is conducting a thorough analysis of your existing data and deleting what you don't need. This way, even if your systems are attacked, you're able to safeguard what's truly important.
Alert fatigue is real. There are only so many times humans can actively respond to security alerts without feeling burned out or dismissive of the constant incoming messages.
That's where automation can help. "Look for tools with prioritized alerts that help you determine the importance of an alert," Warner suggests. "Alerts that are accompanied by context — such as playbooks or related incidents — can also help you understand the severity of the alert as well as how to respond."
To take it a step further, he suggests utilizing the classic defense-in-depth pattern. "If you have multiple places that can detect, stop, and alert when threats are occurring within an environment, then you have multiple chances to stop the threat."
This approach is helpful for security teams of all sizes. Defense-in-depth offers smaller teams a cost-effective, less time-intensive way to toughen up security, while it frees up time and resources for larger security teams to focus on bigger issues.
No matter how tight your security systems are, there's always a chance something will go wrong. You can have the best tools in the world, but attackers are also adapting to new technologies, making their attacks strong and sometimes unpreventable.
In these cases, it's important to plan your recovery process in advance. "Focus on continuous improvement over perfection," Bisson says. "Work assuming failure will happen and plan for how to recover."
There are various ways to do this. Hong suggests implementing measures for prevention, coupled with detection and response. Some example prevention mechanisms include cybersecurity training for staff, strong and unique passwords, and two-factor authentication, he says. On the other hand, detection and response mechanisms include analyzing logs, cybersecurity insurance, and periodically backing up your data.
Along with preparing for prevention on a practical level, it's also important to ensure your mindset is ready to deal with incoming attacks. "A focus on maturing and growing your cybersecurity mindset within your organization with realistic and actual efforts forward is the best way to protect yourself," Warner says.
Echoing this idea, Hong says a lot of computer security is actually rather basic: Have strong, unique passwords for important sites. Use two-factor authentication. Keep your software and your operating system up to date. Don't click on weird or unexpected links. Have backups.
However, the hard part is doing these consistently and at scale. That's where the mindset shift can help.
Being more proactive about security measures, not skipping out on security checks even though they're boring, and having routine audits may seem unnecessary, expensive, and monotonous, but these attitudes can be a game-changer if you're a victim of an attack.
Along with preparing for prevention on a practical level, it's also important to ensure your mindset is ready to deal with incoming attacks. "A focus on maturing and growing your cybersecurity mindset within your organization with realistic and actual efforts forward is the best way to protect yourself," Warner says.
Echoing this idea, Hong says a lot of computer security is actually rather basic: Have strong, unique passwords for important sites. Use two-factor authentication. Keep your software and your operating system up to date. Don't click on weird or unexpected links. Have backups.
However, the hard part is doing these consistently and at scale. That's where the mindset shift can help.
Being more proactive about security measures, not skipping out on security checks even though they're boring, and having routine audits may seem unnecessary, expensive, and monotonous, but these attitudes can be a game-changer if you're a victim of an attack.
While technology has changed the world for the better, this rising dependence has also increased cyber risks. From an exponential increase in online scams to a growing number of human-error problems, there's a greater need to prepare for worst-case cybersecurity scenarios.
But this kind of preparation requires a proper understanding of what the worst-case scenarios are and how they can be managed. "By definition, the worst-case scenarios for cybersecurity are when human life is at risk due to an attack," says Matthew Warner, CTO and co-founder of Blumira, a detection and response platform that enables faster resolution of threats to help stop ransomware attacks and prevent data breaches. For businesses, this can mean a loss of important, sensitive information that puts lives in danger or threatens to shut down the company.
Fortunately, awareness around cybersecurity is widespread. Governments are issuing recommendations and passing laws, and companies are actively deploying measures to safeguard data. Here are some of the best ways to prepare for the worst-case cyber scenarios.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024