Connect with us

Expert Speak

Seven Strategies for CSO Cybersecurity Survival

Published

on

Written by Amr Alashaal, Regional Vice President – Middle East at A10 Networks

CSOs, CIOs, and CISOs have never had it so tough. Alongside their traditional responsibilities of safeguarding the corporation’s physical assets on a day-to-day basis and preparing crisis management strategies, they must now face a cybersecurity threat environment that is growing exponentially. Today, ransomware has become one of the greatest network security threats organisations have to deal with. Increasingly sophisticated and distributed at a high speed via the internet and private networks using military-grade encryption, today’s ransomware attacks demand multimillion-dollar ransoms.

But ransomware is only one of the many threats organisations have to deal with. There are also distributed denial of service (DDoS) attacks, Man in the Middle (MitM) attacks, social engineering, insider threats, malware, and advanced persistent threats (APTs) to contend with – and those are just the most common network security threats. Below are seven strategies to make cybersecurity professionals’ organisations safer from the countless network security threats they’ll be facing in the near future:

Create a “Security-first” Culture
The problem for CSOs is that, while most employees have some basic knowledge of cybersecurity best practices, that is pretty much all they have. Without ongoing training, knowledge testing, and awareness, staff behaviour is one of the biggest cybersecurity risks that organisations face.

A study by Accenture revealed that less than half of new employees receive cybersecurity training and regular updates throughout their careers. Just four in ten respondents said insider threat programs were a high priority. Organisations must look to create a robust and distributed digital immune system with a radical re-engineering of staff behaviour. Business leaders need to have accountability for cybersecurity; security teams need to collaborate with business leaders to create and implement policies that will actually work, and those policies need to be routinely re-evaluated and tested.

Create a Continuous Security Education Program
A “security-first” culture requires that all members of the culture appreciate the concept of network security threats. For this to actually have an impact on culture, however, staff must be trained routinely to ensure that their knowledge is current.

Implement a Zero-Trust Model Throughout the Business
Well-trained staff and a monitored environment are crucial to the successful protection of any organisation but without a foundational Zero Trust environment, defenses will be intrinsically weak. The Zero Trust model is a strategy for preventing network security threats that all enterprises and governments should be using to defend their networks. It consists of four components:

  • Network traffic control: Engineering networks to have micro-segments and micro-perimeters ensures that network traffic flow is restricted and limits the impact of overly broad user privileges and access. The goal is to allow only as much network access to services as is needed to get the job done. Anything beyond the minimum is a potential threat.
  • Instrumentation: The ability to monitor network traffic in-depth along with comprehensive analytics and response automation provides fast and effective incident detection.
  • Multi-vendor network integration: Real networks aren’t limited to a single vendor. Even if they could be, additional tools are still needed to provide the features that a single vendor won’t provide. The goal is to get all of the multi-vendor network components working together as seamlessly as possible to enable compliance and unified cybersecurity. This is a very difficult and complex project but keeping this strategic goal in mind as the network evolves will create a far more effective cybersecurity posture.
  • Monitoring: Ensure comprehensive and centralised visibility into users, devices, data, the network, and workflows. This also includes visibility into all encrypted channels.

At its core, the Zero Trust model is based on not trusting anyone or anything in the company. This means that network access is never granted without the network knowing exactly who or what is gaining access.

Implement SSL Visibility – “Break and Inspect”
TLS/SSL inspection solutions that decrypt and analyse encrypted network traffic are key to ensuring policy compliance and privacy standards in the Zero Trust model. Also called “break and inspect”, TLS/SSL inspection bolsters Zero Trust in three major ways. It allows for the detection and removal of malware payloads and suspicious network communications, prevents the exfiltration of sensitive data, and enables the Zero Trust model to do what it’s supposed to do – provide in-depth and rigorous protection for networks from internal and external threats. For any organisation that hasn’t adopted a Zero Trust strategy combined with deep TLS/SSL traffic inspection, now is the time to start rethinking its cybersecurity posture.

Review and Test DDoS Defences Regularly
Routine testing against a checklist of expected configurations and performance standards, as well as random tests of security integrity, is crucial to detecting a distributed denial-of-service attack. Network performance testing should be executed daily because a distributed denial-of-service attack isn’t always a full-bore assault. It can also be a low-volume attack designed to reduce, but not remove, connectivity.

Secure all Inbound and Outbound Network Traffic Using SSL/TLS Encryption
When users’ computers connect to resources over the internet, SSL/TLS creates a secure channel using encryption, authentication, and integrity verification. Encryption hides data communications from third parties trying to eavesdrop, while authentication ensures the parties exchanging information are who they claim to be. The combination ensures the data has not been compromised. Any un-secured traffic must be constrained to specific secured network segments and monitored closely.

Establish and Test Disaster Recovery Plans
A key part of a disaster recovery plan involves backups. However, it is surprising how often restoring from backup systems in real-world situations doesn’t perform as expected. It’s important to know which digital assets are and are not included in backups and how long it will take to restore content. CSOs should plan the order in which backed-up resources will be recovered, know what the start-up window will be, and test backups as a routine task with specific validation checks to ensure that a recovery is possible.

Staying Secure
The CSO’s job isn’t getting any easier, but solid planning using the seven strategies will help ensure an organisation’s digital safety. In addition, partnering with top-level enterprise cybersecurity vendors will ensure that critical security technology and best practices are central to the organisation’s cybersecurity strategy.

Artificial Intelligence

How AI is Reinventing Cybersecurity for the Automotive Industry

Published

on

Written by Alain Penel, VP of Middle East, CIS & Turkey at Fortinet (more…)

Continue Reading

Cyber Security

Positive Technologies Study Reveals Successful Cyberattacks Nett 5X Profits

Published

on

Positive Technologies has released a study on the dark web market, analysing prices for illegal cybersecurity services and products, as well as the costs incurred by cybercriminals to carry out attacks. The most expensive type of malware is ransomware, with a median cost of $7,500. Zero-day exploits are particularly valuable, often being sold for millions of dollars. However, the net profit from a successful cyberattack can be five times the cost of organizing it.

Experts estimate that performing a popular phishing attack involving ransomware costs novice cybercriminals at least $20,000. First, hackers rent dedicated servers, subscribe to VPN services, and acquire other tools to build a secure and anonymous IT infrastructure to manage the attack. Attackers also need to acquire the source code of malicious software or subscribe to ready-to-use malware, as well as tools for infiltrating the victim’s system and evading detection by security measures. Moreover, cybercriminals can consult with seasoned experts, purchase access to targeted infrastructures and company data, and escalate privileges within a compromised system. Products and tools are readily available for purchase on the dark web, catering to beginners. The darknet also offers leaked malware along with detailed instructions, making it easier for novice cybercriminals to carry out attacks.

Malware is one of the primary tools in a hacker’s arsenal, with 53% of malware-related ads focused on sales. In 19% of all posts, infostealers designed to steal data are offered. Crypters and code obfuscation tools, used to help attackers hide malware from security tools, are featured in 17% of cases. Additionally, loaders are mentioned in 16% of ads. The median cost of these types of malware stands at $400, $70, and $500, respectively. The most expensive malware is ransomware: its median cost is $7,500, with some offers reaching up to $320,000. Ransomware is primarily distributed through affiliate programs, known as Ransomware-as-a-Service (RaaS), where participants in an attack typically receive 70–90% of the ransom. To become a partner, a criminal must make a contribution of 0.05 Bitcoin (approximately $5,000) and have a solid reputation on the dark web.

Another popular attack tool is exploits: 69% of exploit-related ads focus on sales, with zero-day vulnerability posts accounting for 32% of them. In 31% of cases, the cost of exploits exceeds $20,000 and can reach several million dollars. Access to corporate networks is relatively inexpensive, with 72% of such ads focused on sales, and 62% of them priced at under a thousand dollars. Among cybercriminal services, hacks are the most popular option, accounting for 49% of reports. For example, the price for compromising a personal email account starts at $100, while the cost for a corporate account begins at $200.

Dmitry Streltsov, Threat Analyst at Positive Technologies, says, “On dark web marketplaces, prices are typically determined in one of two ways: either sellers set a fixed price, or auctions are held. Auctions are often used for exclusive items, such as zero-day exploits. The platforms facilitating these deals also generate revenue, often through their own escrow services, which hold the buyer’s funds temporarily until the product or service is confirmed as delivered. On many platforms, these escrow services are managed by either administrators or trusted users with strong reputations. In return, they earn at least 4% of the transaction amount, with the forums setting the rates.”

Considering the cost of tools and services on the dark web, along with the median ransom amount, cybercriminals can achieve a net profit of $100,000–$130,000 from a successful attack—five times the cost of their preparation. For a company, such an incident can result not only in ransom costs but also in massive financial losses due to disrupted business processes. For example, in 2024, due to a ransomware attack, servers of CDK Global were down for two weeks. The company paid cybercriminals $25 million, while the financial losses of dealers due to system downtime exceeded $600 million.

Continue Reading

Expert Speak

What the Bybit Hack Reveals About the Future of Crypto Security

Published

on

Written by Oded Vanunu, Chief Technologist & Head of Product Vulnerability Research at Check Point (more…)

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.