There’s an old adage about how an ounce of prevention is always worth more than a pound of cure. The challenge when it comes to cybersecurity is there are so many vectors that cybercriminals can potentially exploit it’s often difficult for cybersecurity teams to determine where best to focus their efforts. That’s especially true in the midst of an ongoing security crisis that requires security teams to pivot from one attack to another on sometimes a daily basis. No one really focuses on fire prevention in the middle of a blaze.
Nevertheless, there are four areas in the wake of the COVID-19 pandemic that clearly warrant more attention as part of any effort to proactively reduce the total number of incidents that any cybersecurity team needs to manage. They typically span:
Endpoint Protection: Cybercriminals target endpoints because the people that employ these devices are the weakest link. With the bulk of end users now working from home, many of them are employing older consumer-grade systems and wireless networks to access sensitive data. In an ideal world, end users should be employing the latest generation of hardware to take advantage of the latest security capabilities. Security is now a primary reason to upgrade.
Data protection: End users are fallible. Mistakes will be made regardless of how much training is provided. Too many security teams think of data protection as a backup and recovery task that is managed by an IT operations team. Unfortunately, most of the processes relied on to backup and then recover data are deeply flawed. Most of the time no one has tested whether the data that has been backed up can be recovered. In the event of a ransomware attack instead of a pristine copy of data being available organizations find their data is corrupted because of one flawed process or another. Sometimes they even discover the malware employed to encrypt their data has already found its way into the backup copies they were counting on to thwart the attack. Cybersecurity teams need to become a lot more involved in data protection processes to make sure that the most critical files are backed up and that they are indeed recoverable.
Cloud Security: Cloud platforms themselves are arguably more secure than on-premises IT environments. However, the way they are provisioned by developers with little to no security expertise using infrastructure-as-code tools results in countless misconfigurations. IBM reports vulnerabilities in cloud applications are growing, totaling more than 2,500 vulnerabilities for a 150% increase in the last five years. Almost half of the more than 2,500 disclosed vulnerabilities in cloud-deployed applications recorded to date were disclosed in the last 18 months. Cybersecurity teams need to proactively scan for misconfigurations in cloud resources and then make certain those issues are remediated. Otherwise, all cybercriminals need to do to wreak havoc is scan for an open port.
Software Supply Chain: Most of the recent high-profile security breaches have involved a breach of a software supply chain. Cybercriminals have become more adept at implanting malware in upstream application development projects that result in malware being distributed across a wide range of downstream IT environments that wind up running code infected with malware. Sonatype, a provider of tools for scanning applications for vulnerabilities, reports attacks against software supply chains increased 650% in the last year. Cybersecurity teams need to collaboratively engage developers in a way that results in a set of best DevSecOps practices that thwarts that attack vector. The more automated those processes are the more robust application security will become simply because any task that gets in the way of writing code is likely to be ignored by developers. As unfair as that may seem, application developer productivity still trumps security.
There is, of course, no such thing as perfect security. However, there are some proactive measures that can be taken to help reduce the total number of security incidents. Given the current level of burnout among cybersecurity professionals, that result in a high rate of turnover, it’s in the best interest of all concerned to make sure the fundamentals of security hygiene are observed if for no other reason than preserving the sanity of security teams that are already chronically understaffed.
Mike Vizard has covered IT for more than 25 years and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb, and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.