Cybersecurity comment: A holistic approach to threat vulnerability

Issue 5 2020 Cyber Security

Hi-Tech Security Solutions asked a few cybersecurity experts to tell us about the current threat landscape, including what individuals and companies can do to protect themselves.

This article features insights from Dane Walker, cloud infrastructure manager, LanDynamix.

Dane Walker

In assessing the threat vulnerability of an organisation, it is necessary to look at the full spectrum of the issue and ensure all points are adequately covered.


Dane Walker.

Edge protection

Protecting the network edge has become more important than ever. As networks expand, so do potential attack points, because of the increasing number of endpoints organisation rely on, including but not limited to desktops, laptops, mobile and IoT devices.

At an absolute minimum, a well configured next generation firewall (NGFW) needs to be put in place that makes use of web filtering, application control and intrusion prevention to aid in the protection of the network edge.

Larger organisations may need to look at specific appliances such as web application firewalls and application delivery controllers for additional layers of security – the one caveat is that this approach can be quite costly.

Is your data safe because it’s in the cloud?

Replication does not constitute backup. Your data is not safe just because it’s in the cloud. Most cloud offerings provide neither a backup nor data security option out of the box. The number one defence against malware is backup. If there is no option other than wiping your system and starting again, you need to ensure that adequate backup is in place.

Your work/personal machine could be hit by malware, but you’re working on data stored in OneDrive, Dropbox, Google Drive, etc. The malware can easily find its way to any of these storage facilities and infect other files. Cloud backups (as opposed to simple replication) are thus no longer optional but rather an essential.

Other solutions include:

• Next generation firewalls – providing intrusion prevention, botnet and command and control (C&C) protection. Ideally, malware should be dropped at the edge. Configuration of the firewalls and password security is therefore of the utmost importance. One example would be having remote desktop protocol (RDP) open from the Internet – this is still one of the most common threat vectors. Even with IPS enabled, weak passwords can be guessed, or brute forced in no time at all without the IPS picking it up. Ideally in this case, RDP should only be accessible via more secure methods.

• Password security - weak passwords are a hacker’s dream. Password complexity and change requirements should be enabled wherever possible. This is a cost-effective starting point for any organisation.

• Antivirus – a reputable and, ideally, a managed solution is an absolute must for endpoint devices. Network security is almost defunct when most users head home after work, or now during the COVID-19 lockdown, during work. You must ensure threats are negated before the user enters your network.

• Network segmentation – often thought to be within the budget realms of larger organisations only, there are solutions available for smaller companies. Especially in the age of BYOD, you want to ensure that you keep personal devices off the corporate network.

The insider threat: Focus on a zero-trust network model

This has become more complex to mitigate. Access control lists, both from a network and user perspective, as well as physical security of data storage, have in the past been used to prevent a breach. The trouble nowadays is that data needs to be easily accessible, and with that comes added risk.

The following tools can be used to help prevent the threat from within:

• Multi Factor Authentication (MFA) – an effective and relatively inexpensive way to limit access to data. Users are required to verify identity through an authentication code before company resources can be accessed. This can be deployed via SMS or – better still – a more efficient authenticator app.

• Switches – this technology has been around for some time. If the right hardware is in place, one could look at deploying technologies such as 802.1x where every device on the network needs to be authenticated before it can gain access to network resources.

• Data Leak Prevention (DLP) – this is something that most well-known firewall brands should have enabled. Depending on the technology being used, DLP allows you to prevent sensitive information – bank account details; ID numbers, etc. – from leaving your network.

Server and data centre security

This area has a few similarities to edge protection in that servers and data centres are still sitting on their own network edge. Depending on requirements, a capable NGFW should be one of the first things to look at deploying. Dedicated security appliances for web and application security can be an asset. Servers and data centre resources are generally more exposed to threats as this is where most of an organisation’s crucial data or applications sit.

• Backup – as mentioned under malware threats, this is of the utmost importance.

• Antivirus (AV) might seem like an obvious thing to consider, but there are several things that organisations can overlook. You need to consider if the AV solution you are using is designed to be run on server infrastructure. Servers are far more complex by design than a normal PC and often run applications and systems that need AV solutions that can work with these.

• From a data centre perspective, central management of the AV is another key factor.

Protecting communications

Several of the above-mentioned solutions will greatly aid in this regard, however, if we refer to what most people perceive as communications (voice and mail) there are a few tools that can additionally be considered.

• Mail security – at the very least a solution that can detect and mitigate spam, viruses and phishing attempts should be implemented. Some products also offer archiving services which can be useful in a case of data loss, whether accidental or malicious.

• Voice security – with more and more organisations moving over to VoIP services, risk concomitantly increases with it. The following questions need to be answered:

◦ Handsets – are the devices running firmware with known vulnerabilities?

◦ Network security – is there a firewall in place that can provide an adequate level of voice security, especially when running on broadband links without causing issues with voice quality and reliability?

◦ CloudPBX – does the provider run an up to date platform that has solid security and network infrastructure to support it?

Last and most certainly not least: phishing protection

One of the best defences against phishing attacks is education. Threat actors are finding ways to bypass mail and other security systems by composing authentic looking emails and directing users to authentic looking, as well as genuinely authentic websites. These sites would then ask for sensitive information which is promptly sent to the attacker. Three simple tips will help in stopping phishing attacks from being successful:

1. If something looks too good to be true, it probably is. Do some research and ask around if you’re not sure.

2. If you’re not expecting a PO or payment instructions from someone, report the mail to IT immediately.

3. If your CFO or other high-ranking exec has asked you to expedite a payment, report to IT immediately so they can confirm that the email address that the mail originated from is actually from the true source and not bogus. 

For more information contact Dane Walker, LanDynamix, danew@landynamix.co.za, www.landynamix.co.za




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Exploiting the global pandemic
Issue 7 2020 , Cyber Security
Cyber criminals targeting remote work to gain access to enterprise networks and critical data reports FortiGuard Labs.

Read more...
Integrated security is key to Huawei Mobile Services
Issue 7 2020 , Cyber Security
To ensure sufficient mobile device security, the technology giant incorporates security into its chip, device and cloud capabilities.

Read more...
Cybersecurity becomes key enabler of sustainable business growth
Issue 7 2020 , Cyber Security
The adoption of rushed digital transformation strategies has left many facing unintended complexities and challenges.

Read more...
Challenges healthcare is facing
Issue 6 2020 , Cyber Security
The healthcare industry has been forever changed by digital transformation, but cybercriminals are targeting the healthcare sector now more than ever.

Read more...
Secure IoT devices and networks
Issue 6 2020, Technews Publishing , Cyber Security
Check Point Software’s IoT Protect solution secures IoT devices and networks against the most advanced cyber-attacks.

Read more...
SentinelOne Protects the AA
Issue 6 2020 , Cyber Security
National provider of 24-hour motorist assistance stays on the road thanks to accelerated, AI-powered threat prevention, detection and response.

Read more...
Protecting database information
Issue 6 2020 , Cyber Security
SearchInform has officially released Database Monitor, a solution for the protection of information stored in databases.

Read more...
Work from home securely
Issue 5 2020 , Cyber Security
First Consulting provides enterprise-level IT security to working-from-home employees at more than 40 South African organisations.

Read more...
Agility, meticulous alignment and testing
Issue 5 2020 , Cyber Security
Data loss can put the nails in the coffin for unprepared businesses. Investing in cyber resilience is key to succeed in the age of digital transformation.

Read more...
Email security in COVID-19 times
Issue 5 2020 , Cyber Security
MJ Strydom, MD of cybersecurity specialist company, DRS, takes a look at email security in the era of COVID-19 and beyond.

Read more...