How to Avoid Cybersecurity Whack-a-Mole
Published 01/31/2023
Originally published by Nasuni on November 8, 2022.
Written by Jason Patterson, Nasuni.
Although Cybersecurity Awareness Month is behind us now, that is no reason to take the focus off the subject. This year’s theme – “See Yourself in Cyber” – highlighted the fact that strong security really comes down to people.
At the organizational level, as we look to 2023 and beyond, it’s now more important than ever to have a comprehensive cybersecurity strategy. The threat surface is constantly evolving and as security practitioners we need to stay current with what is happening to better protect our systems.
The challenge that most organizations struggle with is keeping everything safe. Cybersecurity is like a game of whack-a-mole. You protect one thing, and the threat actors attack a different system. So, you protect that one better and then they are on to another system. The more tools and systems we expose outside our internal network, the greater the struggle becomes.
1. Unfortunately, the end-user is still the largest threat that we continue to see. As companies move more and more applications and services out of their datacenters and into the cloud or to SaaS providers, the risk of credential compromise increases. Ransomware continues to be a threat because of the simplicity of the attack and the high payback the threat actors see from the victims. Lastly, as we have seen with a couple of large companies this year, the risk of the insider threat persists.
So how do we stay ahead of malicious actors?
2. There is a lot of talk about going to a password-less model for access and only using access tokens. This makes sense because the thing that most breaches have in common is the leaking or theft of the user’s credentials. It will be interesting to see how or whether that plays out.
Next, you have to expect the unexpected. You must continue to think of all the ways a threat actor can get into your systems and try to be one stop ahead.
And you have to protect with 2FA and monitoring tools capable of detecting an attack if it happens – even as it happens. The sooner you can lock down your systems and quarantine the impacted users, the better. There are some good AI-driven tools that show promise of detecting an attack as it is beginning and then shutting down the compromised account automatically.
A system that automatically updates to account for the latest ransomware variants and other threats is also a necessity, given the constantly changing landscape. That’s the only way to avoid playing cybersecurity whack-a-mole all day.
At the same it is important to continue to provide end user training so your own people can help you detect and report the scams. The more they know, the better, and making it an organizational requirement to interact with a learning management system that uses current industry incidents as training examples is great practice.
Finally, it’s important to have a complete cybersecurity plan that addresses all phases, including protection, detection, response, and recovery.
Related Articles:
10 Fast Facts About Cybersecurity for Financial Services—And How ASPM Can Help
Published: 12/20/2024
Decoding the Volt Typhoon Attacks: In-Depth Analysis and Defense Strategies
Published: 12/17/2024
Threats in Transit: Cyberattacks Disrupting the Transportation Industry
Published: 12/17/2024
Top Threat #7 - Data Disclosure Disasters and How to Dodge Them
Published: 12/16/2024