Chris Haas, director of information security and research at Automox, discusses how to shore up cybersecurity defenses and what to prioritize.
Last year and early spring has been undoubtedly tough for cybersecurity. We’ve seen one of – if not the – worst cyberattacks on U.S. companies and government agencies in the last decade; and the ProxyLogon Microsoft Exchange vulnerabilities continue to be dangerous.
Knowing just how vulnerable many companies are to organized malicious actors, IT teams are re-evaluating their shortcomings and processes when it comes to building their organizations’ security infrastructure. Looking into the rest of the year, companies will need to adopt new strategies, procedures and technologies to become more resilient to the onslaught of cyberattacks.
Here are the three strategies that IT teams should prioritize going forward: Zero-trust approaches; patching; and automation.
1. Put Security First and Implement Zero-Trust
IT teams need to build a security-first infrastructure and adopt new technologies to prevent and mitigate the dangers of cyberattacks. This involves a comprehensive review of an organization’s existing infrastructure, and identifying shortcomings and vulnerabilities to understand which areas need improvement. From there, companies need to establish a strategic plan to make improvements (with support from company stakeholders such as the organization’s leadership) to both IT and security teams.
When it comes to redesigning security architecture, zero-trust has become an increasingly popular approach to improving cybersecurity. By limiting access to sensitive data for all employees and executives regardless of credentials, common cyberattacks such as malware and ransomware will be less effective even if they enter a company’s network. Combined with technologies and tactics such as two-factor authentication and network segmentation, organizations can reduce their overall attack surface and the dangers of data breaches.
Poor cyber-hygiene practices are often what gives bad actors easy access to an organization’s most valuable assets. Organizations that do not have security-first architectures risk reputational and financial damages in breach events, especially in cases where regulatory and compliance rules were not upheld. This is why it is important for IT teams to reexamine the flaws of their current systems, and for company leadership to take cybersecurity seriously and with a sense of urgency.
2. Prioritize Patching to Avoid Critical Vulnerabilities
Once you have a new infrastructure in place, prioritizing patching is the logical next step. Having good cyber hygiene requires a consistent practice of patching systems and keeping software up to date. Many organizations, however, have yet to prioritize patching as a fundamental security practice as 60 percent of data breaches are traced back to unpatched vulnerabilities. While many IT teams have neglected patching last year as they’ve been overwhelmed with the transition to remote work, it is crucial that it retakes priority for 2021.
IT teams can approach patching with a categorization strategy to ensure the most critical patches are applied as early as possible to protect against newly discovered vulnerabilities. When it comes to internally developed software, organizations need to ensure proper documentation during development. Having accurate and detailed documentation of how code runs in a certain software will assist IT teams in identifying vulnerabilities and performing updates more efficiently and effectively. Patching is a core practice that is admittedly tedious, and therefore often overshadowed by other pressing needs, but it is vital for preventing highly dangerous cyberattacks.
3. Reduce Workload with Automation
Once an organization has a solid security infrastructure in place and has established consistent cyber-hygiene practices, they should look at ways to increase flexibility and automation to streamline their IT operations. Most IT teams have a multitude of responsibilities, but often lack the resources to manage everything, including security. Leveraging technology will allow them to optimize and automate routine tasks and reduce their workload, so they can focus on more strategic and impactful tasks. For example, they can automate the tedious work of patch management and prioritization, which can be a huge time-saver for organizations with a large workforce.
Flexibility and automation are key when it comes to streamlining an cybersecurity strategy, so IT teams should review old processes and decide whether or not a transition needs to be made in a different direction. With the prevalence of remote work, cloud operations and services can help teams automate and simplify the management of remote employee systems. Of course, while automation is a powerful and helpful tool, it builds on the maturity and investments of a solid security infrastructure and an understanding of IT operation needs. Automation should come once the foundations are set and established, in order to make the most out of it.
Revisiting the Fundamentals
While 2020 and this year has so far has presented major challenges for IT operation teams, there are also valuable lessons for reevaluating cybersecurity strategies and technologies. After reflecting on the shortcomings of existing systems and practices, IT teams need to optimize their infrastructure with a security-first mindset. They must re-establish the common practice of patching as an integral part of their routine, and look to automation as a way to save valuable time on simple but tedious tasks. IT teams and organizations have shown incredible perseverance in adapting to remote work — so rising to the challenge of meeting heightened cybersecurity demands will be no different.
Chris Hass is director of information security and research at Automox.
Enjoy additional insights from Threatpost’s InfoSec Insider community by visiting our microsite.