Revising Our Approach to Cybersecurity to Face Contemporary Challenges
Posted by David Ratner | February 2 2022
As cyber attacks become more sophisticated and prevalent, organizations simply don’t have the resources to protect everything. That’s why security prioritization is more important than ever.
With a constantly evolving global regulatory environment and the recent proliferation of ransomware attacks to contend with, businesses today face a uniquely challenging cybersecurity landscape. Simply protecting the corporate edge will no longer suffice. Due to the pandemic and advances in technology, workers are moving to remote positions in droves and relying on multiple cloud service providers to operate effectively. This new normal has blurred the line that delineates the corporate edge and complicated the ways to ensure that adequate protective measures are in place, meaning every organization has to prioritize what is critical to protect in order to move their business forward.
The easy answer is your “Crown Jewel” assets, those most critical to your business operating successfully. But what does this really mean, especially when considering the highly dispersed nature of the corporate infrastructure across multiple cloud service providers (CSPs)? Modern businesses are also forced to contend with the question of whether to rely on their CSP’s security controls and posture or layer in their own protective measures. So what does an organization do when the effort, cost, and time required to protect all of their assets is prohibitive?
You can sum it up In three words: keep it simple.
First, provide measures that help employees protect the organization. This includes employee awareness training, endpoint protection, and improving threat intelligence — including the identification of known phishing domains and campaigns.
Next, identify which systems or services have the greatest impact on the organization. These may be as simple as your enterprise resource planning (ERP) systems or as complex as the infrastructure supporting client service delivery. An easy way to figure this out is by asking a simple question, “What can our business survive without and for how long?” For example, most businesses can survive for a few days without their ERP if they had to (yes, they’d have to rely on spreadsheets and paper, and yes, that sucks), but they could not survive four hours without their e-commerce solution. (The loss of money and customers would have too great an impact.) So, in this example, the most critical thing to protect is the e-commerce solution and its associated infrastructure.
Taking it a step further, once we know we need to protect an asset, we can look closer and determine the best security measures to take. This could include host-based IDS/IPS, system hardening, and protective DNS — the latter of which ensures that traffic between your infrastructure and external sources is legitimate.
Finally, cast a big net. Just because an asset isn’t necessarily identified as a priority, doesn’t mean it should be left to fend for itself. Monitoring and identification of something amiss in the ecosystem combined with the ability to track its attribution will go a long way in protecting the organization. As we’ve seen with the recent high profile ransomware cases, early detection and attribution can reduce the damage caused by the ransomware, and by association protects the organization’s brand and revenues.
Organizations can’t protect everything, but having a solid idea of what to protect and how will reduce complexity and frustration while saving time and money.
If you’re unsure of what to protect, how to protect it, or how to improve your current threat intelligence, HYAS has the expertise, knowledge, and technical solutions that will help protect your enterprise and allow your business to continue moving forward. Contact us today.
