Cybersecurity comment: A holistic approach to threat vulnerability

Issue 5 2020 Cyber Security

Hi-Tech Security Solutions asked a few cybersecurity experts to tell us about the current threat landscape, including what individuals and companies can do to protect themselves.

This article features insights from Dane Walker, cloud infrastructure manager, LanDynamix.

Dane Walker

In assessing the threat vulnerability of an organisation, it is necessary to look at the full spectrum of the issue and ensure all points are adequately covered.


Dane Walker.

Edge protection

Protecting the network edge has become more important than ever. As networks expand, so do potential attack points, because of the increasing number of endpoints organisation rely on, including but not limited to desktops, laptops, mobile and IoT devices.

At an absolute minimum, a well configured next generation firewall (NGFW) needs to be put in place that makes use of web filtering, application control and intrusion prevention to aid in the protection of the network edge.

Larger organisations may need to look at specific appliances such as web application firewalls and application delivery controllers for additional layers of security – the one caveat is that this approach can be quite costly.

Is your data safe because it’s in the cloud?

Replication does not constitute backup. Your data is not safe just because it’s in the cloud. Most cloud offerings provide neither a backup nor data security option out of the box. The number one defence against malware is backup. If there is no option other than wiping your system and starting again, you need to ensure that adequate backup is in place.

Your work/personal machine could be hit by malware, but you’re working on data stored in OneDrive, Dropbox, Google Drive, etc. The malware can easily find its way to any of these storage facilities and infect other files. Cloud backups (as opposed to simple replication) are thus no longer optional but rather an essential.

Other solutions include:

• Next generation firewalls – providing intrusion prevention, botnet and command and control (C&C) protection. Ideally, malware should be dropped at the edge. Configuration of the firewalls and password security is therefore of the utmost importance. One example would be having remote desktop protocol (RDP) open from the Internet – this is still one of the most common threat vectors. Even with IPS enabled, weak passwords can be guessed, or brute forced in no time at all without the IPS picking it up. Ideally in this case, RDP should only be accessible via more secure methods.

• Password security - weak passwords are a hacker’s dream. Password complexity and change requirements should be enabled wherever possible. This is a cost-effective starting point for any organisation.

• Antivirus – a reputable and, ideally, a managed solution is an absolute must for endpoint devices. Network security is almost defunct when most users head home after work, or now during the COVID-19 lockdown, during work. You must ensure threats are negated before the user enters your network.

• Network segmentation – often thought to be within the budget realms of larger organisations only, there are solutions available for smaller companies. Especially in the age of BYOD, you want to ensure that you keep personal devices off the corporate network.

The insider threat: Focus on a zero-trust network model

This has become more complex to mitigate. Access control lists, both from a network and user perspective, as well as physical security of data storage, have in the past been used to prevent a breach. The trouble nowadays is that data needs to be easily accessible, and with that comes added risk.

The following tools can be used to help prevent the threat from within:

• Multi Factor Authentication (MFA) – an effective and relatively inexpensive way to limit access to data. Users are required to verify identity through an authentication code before company resources can be accessed. This can be deployed via SMS or – better still – a more efficient authenticator app.

• Switches – this technology has been around for some time. If the right hardware is in place, one could look at deploying technologies such as 802.1x where every device on the network needs to be authenticated before it can gain access to network resources.

• Data Leak Prevention (DLP) – this is something that most well-known firewall brands should have enabled. Depending on the technology being used, DLP allows you to prevent sensitive information – bank account details; ID numbers, etc. – from leaving your network.

Server and data centre security

This area has a few similarities to edge protection in that servers and data centres are still sitting on their own network edge. Depending on requirements, a capable NGFW should be one of the first things to look at deploying. Dedicated security appliances for web and application security can be an asset. Servers and data centre resources are generally more exposed to threats as this is where most of an organisation’s crucial data or applications sit.

• Backup – as mentioned under malware threats, this is of the utmost importance.

• Antivirus (AV) might seem like an obvious thing to consider, but there are several things that organisations can overlook. You need to consider if the AV solution you are using is designed to be run on server infrastructure. Servers are far more complex by design than a normal PC and often run applications and systems that need AV solutions that can work with these.

• From a data centre perspective, central management of the AV is another key factor.

Protecting communications

Several of the above-mentioned solutions will greatly aid in this regard, however, if we refer to what most people perceive as communications (voice and mail) there are a few tools that can additionally be considered.

• Mail security – at the very least a solution that can detect and mitigate spam, viruses and phishing attempts should be implemented. Some products also offer archiving services which can be useful in a case of data loss, whether accidental or malicious.

• Voice security – with more and more organisations moving over to VoIP services, risk concomitantly increases with it. The following questions need to be answered:

◦ Handsets – are the devices running firmware with known vulnerabilities?

◦ Network security – is there a firewall in place that can provide an adequate level of voice security, especially when running on broadband links without causing issues with voice quality and reliability?

◦ CloudPBX – does the provider run an up to date platform that has solid security and network infrastructure to support it?

Last and most certainly not least: phishing protection

One of the best defences against phishing attacks is education. Threat actors are finding ways to bypass mail and other security systems by composing authentic looking emails and directing users to authentic looking, as well as genuinely authentic websites. These sites would then ask for sensitive information which is promptly sent to the attacker. Three simple tips will help in stopping phishing attacks from being successful:

1. If something looks too good to be true, it probably is. Do some research and ask around if you’re not sure.

2. If you’re not expecting a PO or payment instructions from someone, report the mail to IT immediately.

3. If your CFO or other high-ranking exec has asked you to expedite a payment, report to IT immediately so they can confirm that the email address that the mail originated from is actually from the true source and not bogus. 

For more information contact Dane Walker, LanDynamix, danew@landynamix.co.za, www.landynamix.co.za




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Cyber Talent: It is more about Talent than Cyber
Issue 7 2020 , Cyber Security
Four million trained workers are needed to fully bridge the skills gap in the cybersecurity field around the world and properly defend organisations against threat actors.

Read more...
Increased cloud visibility and security
Issue 7 2020 , Cyber Security
Sophos adds cloud visibility features from Cloud Optix to Intercept X Advanced for Server with EDR.

Read more...
Ransomware and customer loyalty
Issue 7 2020 , Cyber Security
Arcserve research uncovers links between ransomware, consumer purchasing behaviour and brand loyalty.

Read more...
IoT will transform industrial security
Issue 7 2020, Kaspersky , Cyber Security
55% of organisations globally are confident the Internet of Things will change the state of security in industrial control systems (ICS).

Read more...
BYOD: bring your own danger
Issue 7 2020 , Cyber Security
Five cybersecurity threats that jeopardise the security of mobile devices and the keys to optimising their protection in a connected world.

Read more...
The arms race of AI in cybersecurity
CCTV Handbook 2020, Axis Communications SA , Cyber Security
Cybersecurity goes further than network video and audio, but these are as likely to be targeted as much as any network-connected device.

Read more...
Exploiting the global pandemic
Issue 7 2020 , Cyber Security
Cyber criminals targeting remote work to gain access to enterprise networks and critical data reports FortiGuard Labs.

Read more...
Integrated security is key to Huawei Mobile Services
Issue 7 2020 , Cyber Security
To ensure sufficient mobile device security, the technology giant incorporates security into its chip, device and cloud capabilities.

Read more...
Cybersecurity becomes key enabler of sustainable business growth
Issue 7 2020 , Cyber Security
The adoption of rushed digital transformation strategies has left many facing unintended complexities and challenges.

Read more...
Africa under cyber-attack
Issue 7 2020, Kaspersky , Cyber Security
Kaspersky has reported that South Africa, Kenya and Nigeria saw millions of cyber-attacks in 2020 and the year is not over yet.

Read more...