Enterprise Insight of the top Ten Cyber Security Initiatives for 2020
10. Anti Virus or Application Whitelist Technologies. While Anti-Virus tools are affective against known signature threats the industry is struggling to keep up with ever evolving virus and malware threats. Application whitelisting or micro using various layers of security is the best way to protect your environment. For application white listing you can use tools like Carbon Black, Cylance, or Sentinal One. For micro segmentation of networks you can utilize tools such as Cisco ACI, Tempered Networks, or Dark Trace. While none of these solutions are perfect all the vendors listed have great solutions that can add layers into your Cyber Security Stack. The key is to avoid paralysis by analysis and pick a solution and move forward with implementation. Doing something is better than doing nothing.
9. Cyber Range – Just like the military, local law enforcement, or personal protection services the people providing these levels of service vary drastically. The personal protection services are typically basic security people. Really just tasked with checking name badges. The police have some more skilled training but have to juggle many other duties while protecting and serving. This leaves us to military level security people who are highly trained individuals who are ready at a moment’s notice to fulfill a mission with very high precision and effectiveness.
What level should your security team be up to? Well that’s a decision the business must make and support. For some it is simply the act of checking off the box. For others its wanting to maintain basic knowledge in house to provide best effort solutions. Then you have the high twitch Cyber Security Professionals who are using Cyber Security Technologies to not just protect but actively defend the business from real world Cyber Threats. Typically, this group is aware of what is happening in the Cyber World and has intimate knowledge of steps that should be taken to defend, remediate, and recover should a Cyber Security event occur at their organization. I can tell you even the largest of Fortune 500 organizations struggle with what level of support they want in-house. More often than not they demand Porter-House Steak level Cyber Security support when in reality they are only checking off the boxes and supporting their staff on Super Sized Value Meal Cheese Burger budgets.
8. According to Microsoft over 44 million weak passwords or already compromised accounts are actively in use on the Microsoft Cloud or Azure Active Directory Environment. Many users use the same email address and passwords for multiple sites. I have seen cases where a high valued asset at a large corporation used their corporate email address and password for an online forum. This is not an uncommon practice among many users. Surfing the dark web you can find gigs of user credentials. Whether or not they’re still valid is up to the user disseminating and using the data.
7. Multi-Factor Authentication. According to Microsoft over 99 of automated Cyber Attacks are thwarted by the use of multi-factor requirements. The right type of Multi-Factor authentication can make it almost impossible for a Cyber Attacker to gain access into your system. There are many solutions that will allow you to enable multi-factor in your environment. The first couple that come to mind for securing Active Directory is Azure Multi Factor Authentication and Duo Multi Factor. A great personal multi-factor tool and one that I use daily is Authy. Start with your Active Directory God accounts and then move to IT, Executive Staff, then to the general users. This will have the largest impact and help support the case as you move through the business units.
6. TitanFox and C2. This is malware that may perform many malicious tasks, such as downloading and executing additional malware, receive commands from a central command and control server, update or delete itself, steal login and password information, logg keystrokes, participating in a Distributed Denial of Service (DDoS) attack, or locking and encrypting the contents of your computer and demanding payment for its safe return. The malware dropper even has some anti-AV logic built in that allows it to go undetected by Anti-Virus Products. The dropper is typically delivered in a Microsoft Word macro script but has been seen in other documents as well.
5. Artificial Intelligence (AI). Not only is AI useful for Cyber Security Experts but it also is very useful to Cyber Crime Organizations. Cyber Criminals are utilizing AI data collection to learn user habits to maximize the potential effectiveness of a launching a phishing email or malware to setup camp on a victim’s pc. Once the malware is planted the Cyber Attacker will again use AI to determine the best options to self-propagate malware and determine the maximum impact and timing to launch an attack.
4. DNS over HTTPS. It has been known for some time that most Malware depends on DNS to successfully execute its code. Many organizations have recognized this and setup DNS systems or subscribed to services that are designed to prevent a malicious DNC call out. However, Cyber Attackers have caught on to these tricks and are now using DNS over SSL. Essentially connecting to a secure web connection and transferring DNS requests over a secure connection.
This type of SSL connection is very similar to the type of connection you make when you login in to your bank account from a web browser. The data between your pc and the bank is shared over a private secure tunnel that only you and the Bank can decipher.
Is it really that secure? I can share with you there are tools used by organizations to decipher SSL encryption. The purpose of SSL decryption is to do a deeper inspection of the traffic passing through the environment to ensure any malicious code is not making it through the front gate. Top malware communicators are DNS, TCP, SSL, HTTP, and SMB
3. Insights. Phishing is the source of more than 95% of all Cyber Security Breaches in 2019. Phishing attacks are expected to more than double in 2020 and include email spoofing. These type of attacks will be the reason for an increase in ransomware attacks and business operation disruptions going into 2020.
2. The use of cloud technologies has further complicated matters from a Cyber Security perspective. While there are operational efficiencies to be gained from moving to the cloud there are also new Cyber Security risks associated with the cloud that business cannot overlook. A business’ cloud environment should be treated the same as a new physical data center would be treated.
1. The key to combating any type of cyber-attack is to build a system that gives you visibility into your environment. The utilization of a SIEM system is the best tool to collect these type of logs. Implementation of a SIEM will build insight into your environment to help identify what cyber threats are actively hitting your business. More often than not just collecting this data and reporting the facts have allowed businesses to ensure they are spending their Cyber Security budget in the right areas and make better security driven decisions. A primary example, I have seen business dump millions of dollars into new firewall technologies thinking this was going to have the biggest impact on their Cyber Threat Surface, however, after analyzing data it was discovered that integrating Multi-Factor Authentication was the immediate need as their systems were being access daily from legitimate accounts that were compromised from the web.
This does not mean firewalls are not important. It just meant that in their current environment the primary Cyber Attack vector was something they did not even consider. They did not consider account compromise because the business was not even aware the attacks were taking place. The old adage is you cannot protect what you do not know and knowing what needs to be protected is only half the battle….
As I report more on Cyber Security moving into 2020 I will dig into each one of these items and provide some insight into each area.
If you or your business has Cyber Security related questions or need help implementing any of these technologies, please feel free to reach out. I’ll be glad to schedule some time with you to talk about your business needs and help you develop a strategic plan to reduce your overall Cyber Security attack surface. You can contact me at [email protected]
Kip Kirchberg is an International Cyber Security Expert who has experiance building Cyber Security Teams and working with fortune 500 organizations. Experiance includes but is not limited to Building SIEM paltforms Endpoint Security 3rd Party Remote Access Industrial Control Systems NextGen Firewall’s Helping Organizations Identify Cyber security Risks Generationg Reports that lead to actionable data Build and maintain Incident Reponse Team Draft and Adopt Corperate Cyber Security Governance Internal and External Pen Testing plus much more….