Five Steps to Defend Against Opportunistic Cyber Attacks

1st May 2020

Enterprises across the globe are more vulnerable than ever to cyber attacks arising from the pandemic. As COVID-19 sweeps the world, businesses are adapting to a new “business as usual” model to minimise the health risks associated with employees and customers being in close physical contact. This adaptation has pushed millions into remote working structures or online interactions between customers and businesses. With this change in behaviour comes additional information security risks to the confidentiality, integrity, and availability of key information systems. To help manage these risks, EY has identified risk drivers, business challenges, and outlined five risk mitigation’s that can help enable an enterprise to be cyber resilient:

1. Centrally manage and promulgate robust teleworking solutions to empower and enable employees, customers, and third parties.
2. Leverage role-based rather than location-based identity and access management solutions, analytics, and controls.
3. Establish second-factor authentication for formerly in-person processes, such as manual phone calls, a system of shared secrets, or other authentication controls relevant to the formerly in-person process.
4. Provide links to official resources for pandemic-related information to avoid the spread of disinformation within your organisation.
5. Establish formal and transparent channels for corporate messaging to highlight what the enterprise is doing to address this pandemic.

While these solutions are highly effective for protecting remote access, cybersecurity leaders should apply a “belt and suspenders” approach—especially at a time with their attack surfaces are rapidly scaling up and opportunistic threat actors are on the hunt. In the event that a remote employee credential is stolen or falls victim to a social engineering scam, CISOs need to make sure there are sophisticated internal network safeguards in place to limit the spread of an exploit or hacker who gains entry.

Breaching the network perimeter of a flat network allows hackers to establish a beachhead and then move laterally across the network to gain access to credentials, resources, and data. More, the lack of a security infrastructure within the internal network also significantly limits the organisation’s visibility into suspicious traffic behaviours and data flows, which further hinders the ability to detect a breach. It is the reason why the average mean time to identify a threat in today’s networks is 197 days, with another 69 days required to contain and eliminate it. And for small to medium-sized businesses that have fewer security resources available, the problem is even worse, with dwell times exceeding two years.

Implementing internal network segmentation can efficiently translate business goals into the “where,” “how,” and “what” of security segmentation: “Where” establishes the points of segment demarcation and the logic used to segment IT assets, “How” implements business goals with fine-grained access control and maintains it using continuous, adaptive trust, and “What” enforces access control by applying high-performance advanced (Layer 7) security across the network.

These elements operate within the context of an integrated security architecture that connect to and communicate with other network and infrastructure devices. Macro- and micro-segmentation architectures can also be applied, as well as application-, process-, and endpoint-level segmentation, to create smaller, more manageable attack surfaces.

Network Access Control (NAC) solutions can then identify and categorise every device accessing the network to establish and maintain device visibility. Authenticated devices can be automatically assigned to specific network segments based on context such as the kind of device and the role of the user assigned to it. And once devices have been assigned to specific network segments, automated workflow security can create horizontal segments to secure communications and transactions between individuals or groups of devices, including those that span different network environments.

In these ways, organisations can effectively improve their security posture, and mitigate risks, while supporting compliance and operational efficiency across the enterprise without altering their network architectures.