A decade ago, security officers would have been able to identify the repercussions of an attack almost immediately, as most took place in the top-level layers of a system, typically through a malware attack. Now however, threat actors work over greater lengths of time, with much broader, long-term horizons in mind.
Leaders can no longer assume that their business systems are safe. The only certainty is that nothing is certain. The past year has been evidence of that, as large, well-trusted companies have faced catastrophic breaches, such as the SolarWinds and Microsoft attacks. These organizations were believed to have some of the best systems installed to protect their data, yet they were still successfully infiltrated.
Threat actors are also pervading through underlying networks, passing from router to router and accessing data stored far below the top level in a system. The refinement of their attacks mean that businesses can go unaware of a breach for longer periods of time, increasing the amount of damage that can be done.
Businesses should take all precautions necessary when it comes to security and assume that anything is possible and devise their security plans around the worst-case scenario. This means adopting the attitude that any one employee could be a hacker’s key to access company systems. Anyone could fall for one of the increasingly sophisticated attacks and click on a phishing email, resulting in a rabbit hole of malicious elements.
Visibility and analytics
Moving forwards, visibility and analytics will be instrumental in strengthening a business’ security approach. These elements deliver invaluable insights into a company’s security standpoint and can help identify any vulnerabilities that have gone unnoticed. Where security and connectivity within an organization have been the two main focus points of leaders, visibility and analytics have now become the third and fourth fundamental elements.
The value of this information cannot be overstated. For a company who has identified a breach attempt and shut all systems down, the first challenge is understanding how far the criminals managed to get before being detected, and what data had been accessed.
In the scenario when businesses are faced with threats from ransomware attackers and take part in negotiations, it helps to have an overview of all business systems. For example, if an attack took place over one week and a company is able to see all incoming and outgoing traffic, then they can deduce roughly how far the criminals could have got.
This could be vital in seeing through any deceptions from the hackers, who may claim to have accessed ten terabytes of data, when realistically they may only have secured a couple of files before being shut out. Only with complete visibility will businesses be able to counter a criminal’s threat.
Strengthening the architecture
There are a number of pathways that organizations can take to strengthen their network architecture against threats. Zero-trust approaches are highly recommended for businesses, especially in the age of remote working, as a way of limiting privileged accounts and the general amount of data left easily accessible. Requesting authentication before access not only protects the business’ external perimeter, but also any risks that exist within as well.
A lot of businesses will find themselves needing to re-address the very foundations of their infrastructure before any additional approaches can be taken. Integration is a massive part of strengthening a company’s network architecture as most will have existing technologies that will need to be combined into one fully functioning capability.
Not only will this allow for greater accessibility and flexibility, but it will also simplify the systems so that they are easier to manage. Achieving this integration will provide businesses with greater visibility into their platforms, making it significantly easier to identity and defend against incoming cyber threats.
Ensuring a secure future
Solutions such as Secure Access Service Edge (SASE) can assist in the strengthening of network architecture. SASE is the integration of networking and security solutions, such as zero trust and firewall-as-a-service (FWaaS), into a single service that can be delivered entirely through the cloud. This ability to deploy through the cloud allows for greater flexibility, making it easy to apply security services wherever they are needed. As a lot of applications used are cloud-based, including collaborative communications, seamless and secure transition to and from the cloud are crucial.
Cybersecurity will likely become more of a process model that is part of every new project. It will become imbedded in every business area, regardless of what their main function is. In such an extreme and sophisticated threat landscape, simply educating employees and home workers of security risks cannot be relied upon to protect companies from malicious attacks.
In an era where cybersecurity attacks are inevitable, strong network architecture and end-to-end visibility are the fundamentals to a resilient security posture. Providing a single point of control using solutions such as SASE will enable businesses to create a more streamlined network architecture, whether from remote locations or within the office. Regardless of their current standpoint, all businesses should be working towards one goal – implementing a business approach that combines the three crucial elements: security, network and visibility. Help Net Security