Six Targets to Keep on Your Cybersecurity Radar
By Michael O’Connell, Security Solutions Architect at Aspire Technology Partners
There are six targets that CISOs and CIOs need to keep on their Cybersecurity Radar with the aggressive stance of cybersecurity threats and attacks becoming stronger and bolder.
As if the past year and a half hasn’t provided enough challenges for businesses to keep their operations up and running across offices and remote workplaces, cybersecurity threats have spiked beyond previous levels. Crypto mining, phishing, trojans, and ransomware were the most active threats reported in Cisco’s 2021 Cybersecurity Threat Trends report*. These threats are targeting vulnerable businesses – large and small – and traditional, premise-based security solutions have proven ineffective as much of the workforce remain off-site.
Reality is Scarier than Fiction
Recently, we worked with one company, a specialty-food product maker and distributor, that had to shut down its entire manufacturing facility – literally unplugging devices from the wall – following a ransomware hack. The organization had been receiving security alerts for over 30 days, but they mistakenly disregarded the email alerts as spam. The result caused the organization to be down for an entire workweek – no network, no orders, no computing. For some organizations, that could be a death sentence. While we were able to get the client up and running as quickly as possible, it could have been faster if they had a few vulnerabilities on their radar.
In another malware attack that took a manufacturing organization down for an extended period of time, a user’s account with administrative rights was compromised remotely and used to access corporate server and network resources where malicious programs were then executed. The manufacturer’s entire infrastructure had to be restored from off-site backup storage. Full production deployment was down for over five business days. This could have been mitigated if Multi-Factor Authentication (MFA) was required for all application and Virtual Private Network (VPN) access.
Six Targets for CISOs & CIOs to Keep on Their Cybersecurity Radar
As you can see, real-world challenges facing CISOs and CIOs can be scarier than some made-up use cases for cybersecurity. Along with a plan and vigilance, we have found that there are specific vulnerabilities and areas of concern that every organization needs to keep an eye on to ensure a secure enterprise computing environment.
- Watch your offsite asset visibility – For many years, IT teams have deployed firewalls to keep their enterprise networks safe from outside threats. Today, the enterprise network has expanded to include client sites when your workforce is out on a call, homesites when your workforce is working remotely, and any number of remote and mobile sites when your workforce is just grabbing a coffee from beyond the cover of traditional corporate walls. I call this your “offsite asset vulnerability” and has become one of the biggest security concerns for most businesses. Tools like Cisco Umbrella can provide DNS-level security to your expanded enterprise network when they are beyond the protection of traditional corporate firewalls.
- Review your security maintenance and support – The next concern for most IT teams is the frequency and results of maintenance and scheduled security scans. It can be overwhelming with large multi-user networks that also support large numbers of servers, but missed patches, maintenance, or security scans can result in hidden vulnerabilities in your network. Ensuring that endpoints are protected with up-to-date security patches, antimalware and antivirus is critical. Cisco Endpoint Protection (its former Advanced Malware Protection or AMP product) helps increase endpoint protection for your remote workforce across any device, in any location, and at any time.
- Actively monitor alerts and events – Cybersecurity threats can come from anywhere and at an unpredictable time. It has become necessary to remain vigilant, monitoring alerts and events in your network 24/7/365 to immediately respond when a breach to your security occurs. Obviously, it is not always possible for most organizations to provide the around-the-clock security necessary to actively support their environment. That’s why Aspire built and developed our Network and Security Operations Center, or NSOC, that comprised of well-trained and certified staff who monitor, detect, and mitigate security threats on a 24/7/365 basis. Aspire security analysts and incident responders expose potential adversaries by prioritizing threat activity to identify which events require action. Built-in automation, threat intelligence, and customized playbooks reduce the mean time to detect and contain threats with relevant recommendations and prioritized response actions.
- Keep an eye on your enterprise inventory – What comprises your enterprise computing inventory today? It can be much more than the servers in your data center and the workstations in your offices. As we discussed earlier, your inventory may also include remote workstations, or even Wi-Fi-enabled printers in your offices. And let’s not forget the mobile devices that walk into or connect to your corporate network every day. Bring your own device or BYOD remains a significant vulnerability to your network. What are you doing to provide a baseline of security for these devices? Using a security protocol, like Cisco DUO, can help you prevent data breaches using strong multi-factor authentication. Cisco Duo can protect your organization utilizing multi-factor authentication options including text, mobile device application push, and voice calls. These MFA options can help protect your applications, machine login access and remote VPN access.
- Get granular with your network access – How are you verifying today that the people on your network possess the appropriate level of access to the network? Different employees have different roles and require specific access to resources. No employee needs, nor should they have, “free reign” to your entire network. We use tools like Cisco Secure Network Access to automate, secure, and scale network connectivity to the appropriate users and devices to provide just the access they require – and no more.
- Look into continuous end-user cybersecurity training — Finally, your end users have become the biggest vulnerability to your network. This is not a surprise, they are on the front lines, receiving outside communications, accepting email invitations, and sometimes clicking suspect links that appear to be social media advertisements. End-user cybersecurity training must be an integral part to any organization on at least a quarterly basis.
Turning your network into a security platform keeps your users and IT assets safe while supporting your evolving digital business processes.
Aspire provides industry-specific expertise to help transform your information security program from policy to action. Let us help you build a strategic security roadmap that will enable digital business, improve cyber resilience and meet compliance requirements. Want to learn more? Schedule a free consultation today.
* Source: 2021 Cyber security threat trends – phishing, cryptomining top the list:
Aspire Technology Partners is a Cisco Gold Integrator and Provider engrained in solution pillars that set us apart as a true Cisco solutions provider. We are committed to the continuous improvement of expertise and skillsets around Cisco initiatives that enable us to help and guide customers in the adoption and management of technology architectures designed to transform their organization. We hold four Master Specializations – Collaboration, Security, Networking, and Cloud & Managed Services and are one of only 25 partners in the US to receive the Cisco Advanced Customer Experience Specialization.