Businesses are increasingly dependent on emerging technology and reaping its benefits to provide better quality of services, change the way they collaborate and interact with employees and customers. Corporate data is being moved to multi-cloud environments, while the adoption of containers helps the fast and agile development of applications. IoT devices and sensors provide businesses with an abundance of data useful for timely and accurate decision making.

An Expanding Threat Landscape

However, businesses are not the only ones taking advantage of this technology. Criminals, as well, are following suit. According to the Verizon DBIR 2020 report, cloud assets were involved in about 24% of breaches. This is not so much an indictment of cloud security as it is an illustration of the trend of cybercriminals finding the quickest and easiest route to their victims. Containerized environments are also threatened: 94 percent of the organizations using containers have experienced a serious security issue in their container environment.

With over 38 billion devices expected to be connected to the internet in 2020, the IoT threat landscape has been gradually shaping up to be one of the threat vectors that can affect both consumers and enterprise level operations, says the IBM X-Force Threat Intelligence 2020 report. IBM X-Force research has tracked multiple Mirai malware campaigns in 2019 that have shifted from targeting consumer electronics to targeting enterprise-grade hardware. Compromised devices with network access can be used by attackers as a pivoting point in potential attempts to establish a foothold in the organization.

There’s no doubt that cybersecurity organizations must deal with a growing, and increasingly complex, attack surface. When asked to rate their organization’s ability to defend against cyberthreats, respondents of the CyberEdge 2020 Cyberthreat Defense Report said they have been most confident about assets that are under their direct control and easiest to monitor, patch, and remediate. These include physical and virtual servers, databases, and websites and web applications. Not surprisingly, IT professionals are mostly concerned about IT components that are relatively new, such as containers, or old and not designed with cybersecurity in mind, such as industrial control systems and SCADA devices.

IBM X-Force data agree with the latter. The IBM report indicates that events in which threat actors targeted Industrial Control Systems (ICS) and similar Operational Technology (OT) assets increased over 2000% since 2018. The convergence of IT/OT infrastructure and the extensive use of IoT devices to aggregate data from the OT world, allows IT and IoT breaches to target OT devices controlling physical assets, which can greatly increase the cost to recover.

Data breaches resulting from vulnerable systems can greatly harm brand reputation and disrupt customer trust. However, businesses can employ security best practices to safeguard their assets.

Strong Access Controls

Let’s face it. The use of all these technologies has rendered traditional perimeter security obsolete. Nowadays, identity is the new perimeter. Therefore, it is important to set up and properly configure and enforce policies to control who gets access to what assets at which location, for how long and for what purpose. It is also important to ensure that the person requesting access to an asset actually is who they claim to be. The primary purpose of any Identity and Access Management (IAM) control is to protect the assets’ confidentiality, integrity, and availability.

The use of Multi-Factor Authentication (MFA) and Single-Sign-On (SSO) must be considered to cornerstones of every organization’s access management. While MFA provides stronger user authentication, it is SSO which removes the burden from the users to access multiple platforms and systems in hybrid environments. The combination of MFA and SSO provides a seamless authentication experience, removing the friction of using multiple passwords to access corporate resources.

In addition to MFA and SSO, organizations need to employ two more access management concepts: least privilege access and adaptive authentication. Applying the principle of least privilege ensures that individuals have only the minimum means to access the assets to which they are entitled, whether on-premise, containers or cloud based. Segmenting information and only allowing role-based access significantly improves your asset security posture.

Finally, authentication and authorization of user access should not be a one-off process. With employees being on the move and account takeover attacks on the rise, the authentication process should be an adaptive one. Being able to monitor the user environment and providing a step-up, risk-based authentication can fortify the authentication process and mitigate man-in-the-middle attacks.

Network Segmentation

Although cybercriminals are in love with our personal data and credentials, when it comes to critical infrastructure, such as healthcare or industrial control organizations, they prefer to perform disruptive operations, such as DDoS attacks. The impact on availability and reliability is as concerning as the confidentiality and integrity compromise from unauthorized access or disclosure.

In addition, threat intelligence has shown that cybercriminals use the stolen or compromised credentials as a first step to set a foothold on corporate networks and then perform surveillance operations by moving laterally across all assets. Hence, it is important to make their lives difficult. Choosing the right network architecture is imperative and the best practice is to perform network segmentation.

There are numerous advantages to segmentation strategies for networks. Except for improved performance and reduced communication problems, segmented networks add greatly to improving the overall security posture. An unsegmented network is considered flat, meaning that all devices, whether on-premise or in the cloud or containerized, are accessible across the network.

Segmentation improves cybersecurity by limiting how far an attack can spread. For example, segmentation can contain a malware outbreak in one section rather than affecting systems in other sections of the organization. Furthermore, segmented networks can stop harmful traffic from reaching devices that are unable to protect themselves from attacks. For instance, a hospital's connected infusion pumps may not be designed with advanced security defenses. Network segmentation can stop harmful Internet traffic from ever reaching them. Finally, segmentation can reduce the costs associated with regulatory compliance by limiting the number of in-scope systems. That way, the expensive compliance requirements and audit processes apply only to the in-scope systems, not the entire network.

How The CISSP Credential Can Help You Succeed

Navigating the complexities of ethics can be a difficult task for any information security professional.  However, those who hold the CISSP credential have a demonstrated and verified commitment to upholding ethical standards.  When an organization needs specialized security abilities, they can rely on those who hold the CISSP designation for a wide breadth of knowledge and experience that is not limited to just information security.

The CISSP is ideal for experienced security practitioners, managers and executives interested in proving their knowledge across a wide array of security practices and principles, including those in the following positions: Director of Security, Security Systems Engineer, or Security Analyst.

ISC2 was the first information security certifying body to meet the requirements of the American National Standards Institute (ANSI) ISO/IEC Standard 17024 and the CISSP certification has met the Department of Defense (DoD) Directive 8570.1.

Read More

To discover more about CISSP read our whitepaper, 9 Traits You Need to Succeed as a Cybersecurity Leader.

Read the White Paper