Authored by: Jerry Tng, Vice President APAC, Ivanti
Data privacy is commonly linked with users’ awareness of data hazards, yet it is also important to be aware of the importance of securing the growing multitude of connected “things” which have access to our data, even if we don’t realise it. Gartner has said that around 21 billion IoT devices will be in use by 2020, yet worryingly, PwC found that very few organisations plan to assess IoT risk this year and ownership of IoT management and security tends to be passed around from department to department within organisations.
To defend against the nation-state attack, any organization with sensitive information or valuable IP needs to remain vigilant. Consider the following when you evaluate your cyber defenses:
Know what information is stored on your systems and passing through your network. The more sensitive the information, the more at risk you are to a nation-state threat. This is particularly important, not just for government entities, but also for any organization collecting sensitive data or retaining trade secrets or specific IP such as law firms, manufacturers, financial services organizations, utilities, retail, and media companies. It’s also important to have deep visibility into traffic patterns across your network—so you can recognize both large, high-volume DDoS attacks and short-duration, low volume attacks such as stress tests, for example.
Consider the origin of the vendors you do business with. Carefully vet any new technology you acquire from companies based in those nations that post the greatest threats to minimize intrusion on your network. The National Institute of Standards and Technology (NIST) is another useful resource to review for recommended restrictions on purchasing from certain suppliers or countries.
Isolate your internal networks from the Internet. When access to the Internet isn’t required for application workloads or internal datasets, isolate those internal networks from the Internet. Proper network segmentation and isolation can help to prevent external, unauthorized access to critical data and build a defense against IP spoofing and “man in the middle” attacks where a malicious party intercepts the communication between two friendly parties.
Employ defense-in-depth best practices with diligence. Be sure to have a complete picture of what is going on in your environment, both authorized and unauthorized activity – because you can’t protect or defend against anything you don’t know about. Also, use technologies and processes to reduce your attack surface, detect attacks that do get through, and take rapid action to contain malicious activity and vulnerabilities. Technologies such as patch and vulnerability management, application whitelisting, privilege management, identity management, file and media protection, and ransomware remediation, to name a few, will help defend against the potential of nation-state attacks. Finally, rely on solutions that provide rich data and insights to consistently analyze your security posture and help demonstrate compliance.
Train, train, train your employees. Your employees can become your greatest weakness or your most valuable defense. Be sure you train them repeatedly on how to spot and report malicious activity, and then test their knowledge. Having an army of well-trained employees just might give your organization the extra layer of defense you need to keep malicious nation-state actors from breaking through.
Share your knowledge. If you have insight into a cyber threat, whether you’ve been attacked or targeted by a failed threat, share what you learn with others. The more insight we all have on new threat trends and vulnerabilities that may be exploited, the better all organizations can be in defending against the potential of a nation-state attack.
Continuous Vulnerability assessment and Patch Management – Continually assess and update the OS and Applications vulnerabilities. Patching is the action of plugging a vulnerability, so no Vulnerability Management strategy is complete without comprehensive patch management to plug the vulnerabilities. This attack is a prime example of the need to keep up with software updates. The doc and pdf exploit method is effective for two reasons. Duping a user is a statistical game and there will always be another software vulnerability if Office, Acrobat, etc to exploit.
Privilege Management – reclaim admin rights wherever possible. If a system becomes compromised an attacker can utilize a variety of tools like Mimikatz to compromise credentials or tools like DoublePulsar to allow a backdoor into an environment that that will allow them to move laterally throughout the environment and introduce new payloads into the mix as needed. By restricting administrative permissions you can slow an attacker and cause them to work harder to move around the environment.
Application Control – block untrusted applications from running. The doc or pdf that a user opens is not the real threat in most cases. The payload that the file will launch is the real threat. The ability to block untrusted applications form running will remove many tools from a threat actors toolkit. This also provides zero day defense when a update was not yet available to block the vulnerability at a patch level. Traditional whitelisting can be difficult at times so dynamic trust models and contextual rules are essential to reduce the traditional pains of setting up and maintaining Application Control.
Organisations must make a conscious effort to take IoT security more seriously because ultimately more endpoints means more risk to sensitive data within an organisation, with this issue having become even more poignant under the GDPR. A gap in IoT Security could now cost an organisation up to 4% of their annual turnover.
The only way to control the explosion of IoT enabled endpoints is by establishing greater visibility into the IT environment and tooling up service management teams with a unified and automated set of technologies including patching, application whitelisting and device control, all of which are designed to offer true defence in depth. With IoT endpoints continuing to grow faster than IT resources, automation needs to also be deployed to free up technical staff so that they can focus on more strategic areas of the business.
PS: What can Ivanti do to mitigate up to 85% of the cybersecurity risk?
We believe that cybersecurity needs to be approached with multi-layer approach as the threats to each layer are different. We summarise the recommendations from ASD, CIS, NSA and other national cybersecurity agencies, and found that you can mitigate up to 85% of the risks by doing these 5 simple steps:
Patch your OS - accordingly research, most of the vulnerabilities are exploited through the operating systems, e.g. Windows, OS X, Linux, iOS, Android, etc. The first recommendation is to keep your OS patch up to date.
Patch your applications - major vendors have regular updates to their software, many of which are not patched regularly. Some hackers will exploit older versions or unmatched of these software, so keep your software up to date.
Application Whitelisting - as opposite to blacklisting, which you deny access to certain software, application whitelisting only allows certain people to access particular software. Application whitelisting is seldom adopted due its complexity in deployment.
Privilege Management - a large number of exploits require the user to have administrator access or superuser access to the OS or the application. It is important that the right amount privilege is endowed to the user according to the legitimate purpose, and lock down the rest.
Install an AV and keep it updated - it's the basic layer of protection, but many install and forget to keep it updated.
Ivanti Endpoint Security suite provides solutions to mitigate your cybersecurity risks by performing all 5 steps in a unified, single agent manner from a single vendor. You may get more information here, or better still, arrange a demonstration of our capabilities on our website.