Enterprise cybersecurity landscape

The field of cybersecurity is always evolving to keep up with the threats out there. Recently, we have been observing some interesting trends that security professionals in enterprises should be aware of. Some of them are based on our client conversations.

Here is an overview of the cyber threat landscape right now. At the end of this article, there is also a brief guide on how to prepare your organisation to tackle them.

Cybercrime is an industry

Ransomware should no longer be considered just a form of a cyberattack – it is clearly made for profit, as are other types of malware.

Hackers even disclose some industry configuration details for other attackers to use in their attempts. The reality is that it’s practically possible to get 24/7 support for performing one’s own cyberattack.

Cybercrime is a big business, and it should be treated as such.

Phishing attacks are the largest cyber threat

Microsoft once reported blocking 2,300 phishing attempts for a fake Office 365 login page in just one day. Bad agents took an opportunistic approach, targeting mainly small businesses with COVID-relief packages.

If it seems like the cybercriminals are getting organised, it’s because they do. In fact, it’s probably easier to find instructions on how to create a phishing email, than on how to identify one.

Around 30% of attacks are based on social engineering, especially phishing. Once user credentials are taken, permissions can be elevated, getting the bad agents further into your environment.

An attack can last a few weeks, during which your corporate information is being downloaded. Then attackers can install ransomware and lock you out of your systems.

By the time you get the payment request, it’s already too late. And if your business information leaks, it’s not good news for your customers nor stakeholders.

Everyone assumes it won’t happen to them, but it will. In fact, it might already be happening.

Identity First and Zero Trust can support your strategy

The security perimeter has changed. Your users are now the weakest point of your network. In addition to protecting identities, you need to make sure every employee knows they’re part of the threat environment. Make them part of the solution, instead of the problem.

It doesn’t mean you need to make everyone an expert, but everyone at your organisation should have a baseline understanding of best practices. Security is everyone’s business.

The Zero Trust approach puts identities at the core of your security. It works on the principle of continuous access evaluation.

You can use tools like Microsoft Graph Security to assess a user’s threat profile at every request. If anything changed since the last session – permissions, resource, connection, device or anything else – reauthentication is triggered.

It’s not just about access and passwords – Zero Trust also applies to developers and apps. When building a new product, we need to think about how to embed security within. It needs to be a part of the package, not an add-on.

Businesses still fail on the cybersecurity basics

The technology to help your business stay secure is already there. In fact, often organisations have the right services already in place and paid for, but they’re not making the most of it.

Your attitude to risk is what can make the difference between an incident and a disaster.

There are easy things you can implement today to make your network safer:

• Multi-factor authentication – it is talked about so often yet still, it’s not implemented often enough. It can significantly reduce the number of incidents with credential phishing
• Conditional-based access – it’s the key to limiting access to your resources, especially the more restricted ones
• Full remote device management – endpoint security is especially important for a remote workforce

Patching – software vulnerabilities leave gaps in your network. Move updating to the cloud, so it’s done automatically. The economy of scale works to your benefit – new patches are rolled out all at once to everyone, so you can take advantage of them.

3 steps to a better security posture

Here is what you can start doing today to improve your organisation’s preparedness when it comes to cyberthreats.

Introduce a culture of security

If you want to stay in business, you need to make security the top priority for your company. It means you’ll need to be an internal ambassador to get the buy-in from the decision-makers. Here is some practical advice:

• Visualise the cost of threats to the board of directors. A kit to set up a phishing attack can cost as little as $6. A single breach can cost a company $4.45 million.
• Think of security as insurance – you always buy one for your car with the assumption that nothing will happen, and more often than not, you won’t need it. The same goes for cybersecurity.
• Show employees what they can do themselves – whether it’s assigning a larger budget, conducting internal training, or implementing best practices in daily work. Work up and down the chain of command.
• Challenge yourself – think about what you don’t know and be curious. A lot has changed in recent years. Keep learning and leading by example.

Don’t panic

Remember the key principle of security, the OODA loop: observe – orient – decide – act.

You can’t act until you understand what’s happening. You’re wasting efforts that way.

Your tools are only as good as your configuration. Specify the key assets to protect and make sure you’ve got your basic processes ready, like offline backup and incident response procedure.

As the famous quote goes: “all of this has happened before, and will happen again”.

So be prepared for the future. Address the basics. Know who has access keys to the backups, and whom to contact when you need help getting back online.

Get support

The thing about cyberattacks is that most organisations will only deal with them once. This means there’s nowhere to get experience with them ahead of time.

But you no longer need a large in-house cybersecurity team. Services like Azure Security Center and Azure Sentinel can provide crucial SIEM and SOAR capabilities.

Even better, security tools – and consultants – are available as a service. Take advantage of it and don’t fight your battles alone.