printer friendly version

Cybersecurity comment: A holistic approach to threat vulnerability

Hi-Tech Security Solutions asked a few cybersecurity experts to tell us about the current threat landscape, including what individuals and companies can do to protect themselves.

This article features insights from Dane Walker, cloud infrastructure manager, LanDynamix.

Dane Walker

In assessing the threat vulnerability of an organisation, it is necessary to look at the full spectrum of the issue and ensure all points are adequately covered.

Dane Walker.

Edge protection

Protecting the network edge has become more important than ever. As networks expand, so do potential attack points, because of the increasing number of endpoints organisation rely on, including but not limited to desktops, laptops, mobile and IoT devices.

At an absolute minimum, a well configured next generation firewall (NGFW) needs to be put in place that makes use of web filtering, application control and intrusion prevention to aid in the protection of the network edge.

Larger organisations may need to look at specific appliances such as web application firewalls and application delivery controllers for additional layers of security – the one caveat is that this approach can be quite costly.

Is your data safe because it’s in the cloud?

Replication does not constitute backup. Your data is not safe just because it’s in the cloud. Most cloud offerings provide neither a backup nor data security option out of the box. The number one defence against malware is backup. If there is no option other than wiping your system and starting again, you need to ensure that adequate backup is in place.

Your work/personal machine could be hit by malware, but you’re working on data stored in OneDrive, Dropbox, Google Drive, etc. The malware can easily find its way to any of these storage facilities and infect other files. Cloud backups (as opposed to simple replication) are thus no longer optional but rather an essential.

Other solutions include:

• Next generation firewalls – providing intrusion prevention, botnet and command and control (C&C) protection. Ideally, malware should be dropped at the edge. Configuration of the firewalls and password security is therefore of the utmost importance. One example would be having remote desktop protocol (RDP) open from the Internet – this is still one of the most common threat vectors. Even with IPS enabled, weak passwords can be guessed, or brute forced in no time at all without the IPS picking it up. Ideally in this case, RDP should only be accessible via more secure methods.

• Password security - weak passwords are a hacker’s dream. Password complexity and change requirements should be enabled wherever possible. This is a cost-effective starting point for any organisation.

• Antivirus – a reputable and, ideally, a managed solution is an absolute must for endpoint devices. Network security is almost defunct when most users head home after work, or now during the COVID-19 lockdown, during work. You must ensure threats are negated before the user enters your network.

• Network segmentation – often thought to be within the budget realms of larger organisations only, there are solutions available for smaller companies. Especially in the age of BYOD, you want to ensure that you keep personal devices off the corporate network.

The insider threat: Focus on a zero-trust network model

This has become more complex to mitigate. Access control lists, both from a network and user perspective, as well as physical security of data storage, have in the past been used to prevent a breach. The trouble nowadays is that data needs to be easily accessible, and with that comes added risk.

The following tools can be used to help prevent the threat from within:

• Multi Factor Authentication (MFA) – an effective and relatively inexpensive way to limit access to data. Users are required to verify identity through an authentication code before company resources can be accessed. This can be deployed via SMS or – better still – a more efficient authenticator app.

• Switches – this technology has been around for some time. If the right hardware is in place, one could look at deploying technologies such as 802.1x where every device on the network needs to be authenticated before it can gain access to network resources.

• Data Leak Prevention (DLP) – this is something that most well-known firewall brands should have enabled. Depending on the technology being used, DLP allows you to prevent sensitive information – bank account details; ID numbers, etc. – from leaving your network.

Server and data centre security

This area has a few similarities to edge protection in that servers and data centres are still sitting on their own network edge. Depending on requirements, a capable NGFW should be one of the first things to look at deploying. Dedicated security appliances for web and application security can be an asset. Servers and data centre resources are generally more exposed to threats as this is where most of an organisation’s crucial data or applications sit.

• Backup – as mentioned under malware threats, this is of the utmost importance.

• Antivirus (AV) might seem like an obvious thing to consider, but there are several things that organisations can overlook. You need to consider if the AV solution you are using is designed to be run on server infrastructure. Servers are far more complex by design than a normal PC and often run applications and systems that need AV solutions that can work with these.

• From a data centre perspective, central management of the AV is another key factor.

Protecting communications

Several of the above-mentioned solutions will greatly aid in this regard, however, if we refer to what most people perceive as communications (voice and mail) there are a few tools that can additionally be considered.

• Mail security – at the very least a solution that can detect and mitigate spam, viruses and phishing attempts should be implemented. Some products also offer archiving services which can be useful in a case of data loss, whether accidental or malicious.

• Voice security – with more and more organisations moving over to VoIP services, risk concomitantly increases with it. The following questions need to be answered:

◦ Handsets – are the devices running firmware with known vulnerabilities?

◦ Network security – is there a firewall in place that can provide an adequate level of voice security, especially when running on broadband links without causing issues with voice quality and reliability?

◦ CloudPBX – does the provider run an up to date platform that has solid security and network infrastructure to support it?

Last and most certainly not least: phishing protection

One of the best defences against phishing attacks is education. Threat actors are finding ways to bypass mail and other security systems by composing authentic looking emails and directing users to authentic looking, as well as genuinely authentic websites. These sites would then ask for sensitive information which is promptly sent to the attacker. Three simple tips will help in stopping phishing attacks from being successful:

1. If something looks too good to be true, it probably is. Do some research and ask around if you’re not sure.

2. If you’re not expecting a PO or payment instructions from someone, report the mail to IT immediately.

3. If your CFO or other high-ranking exec has asked you to expedite a payment, report to IT immediately so they can confirm that the email address that the mail originated from is actually from the true source and not bogus. 

For more information contact Dane Walker, LanDynamix, danew@landynamix.co.za, www.landynamix.co.za

Share this article:

Further reading: