5 strategies to boost your organisation’s cyber threat preparations

CISOs and CIOs know they need to keep their organisation’s IT infrastructure secure at all times but often have limited budget and resources, especially at a time when skilled security professionals are hard to find.

As a result, security teams want to focus on the key strategies that will deliver the best possible protection against current threats and those that will emerge in the months and years ahead.

Of all the strategies currently being adopted by Australian organisations, there are five that warrant particular attention. These are:

1. Focusing on protecting privileged identities
Effectively protecting digital identities is perhaps the most important challenge for IT teams and none are more important than privileged identities. The credentials for these privileged accounts can fast-track access to sensitive data and open up lateral pathways that enable attackers to broaden their sphere of attack.

To get the most value from this strategy, organisations should:

• Automate the discovery and onboarding of all privileged identities: This will eliminate privilege blind spots and bring shadow IT under control.
• Closely manage all privileged credentials: Ideally, you want to eliminate password usage as much as possible. Where that is not feasible, proper management of passwords and keys should include enforcing password complexity and uniqueness, rotating credentials, and injecting them directly into sessions, and never revealing them to the end user.
• Use multi-factor authentication (MFA): This provides added confidence that an identity engaged in a privileged session is who they say they are and who you expect them to be.

2. Ensuring secure remote access for all users

Access to all sensitive resources should be locked down and tightly monitored, especially when large numbers of staff continue to work remotely. One concern is that when credentials are being entered remotely, these are exposed to the local computer and to any malware or attack that can sniff them out.

The path forward to addressing these challenges involves extending privileged access management best practices such as least privilege, privileged password management and session monitoring, beyond the perimeter.

To achieve this, IT teams should:

VIEW ALL

• Broker all connections through a single-access pathway: This will help to control who can attempt to login, while also putting distance between remote access and internet-based threats.
• Arrange proxy access to control planes and other critical software: This will segment and isolate remote access traffic. Also, admin access should be discoverable only to authorised admins.
• Enforce least privilege access controls: This is a powerful method of stopping attackers and malware from gaining a foothold, as well as from performing lateral movement.

3. Apply endpoint privilege management

A least privilege security strategy can not only outright counter many types of malware and other attacks from executing, but it can also maroon attackers who do gain a foothold by sharply reducing the potential for privilege escalation and lateral movement.

Steps to take as part of this strategy include:

• Enforce least privilege across the IT infrastructure: This will eliminate local admin rights, server admin privileges, system, and application privileges to the least amount necessary.
• Manage specific Unix and Linux commands by policy: This will allow IT administrators to execute and run elevated tasks without needing tools like sudo or root. This allows the identification of malformed or inappropriate commands.
• Enforce separation of duties: Separating duties will limit the privileges associated with any account or process. When applied to users, it ensures certain duties can only be performed with specific accounts and identities.

4. Undertake hardening and vulnerability management

Remote and BYOD endpoints pose a significant security challenge with regards to how configurations, controls, and patches are implemented. However, enforcing least privilege and removing admin rights, as covered earlier, is an essential control that can help mitigate these risks.

Steps to take include:

• Harden your IT environment: This involves removing unnecessary software, applications, and privileges, and closing unneeded ports.
• Protect the BIOS: This step should entail enabling password protection for the BIOS and ensuring the password is strong, complex, and unique.
• Implement continuous vulnerability management: The IT team should scan, assess, prioritise, and address software, application, and other system vulnerabilities in an ongoing manner. The team should use automated tools that can help them quickly make smart vulnerability management decisions.

5. Prevent the tampering of remote and mobile endpoints

Some attacks involve criminals breaking into homes or offices and stealing physical devices. Ensuring the integrity of remote and mobile endpoints, and the data that resides on them, is therefore critical.

To achieve this additional security:

• Implement disk encryption: This is the best method for ensuring a cyber criminal cannot access sensitive data if the hard disk is removed.
• Make use of embedded hard disks: This storage medium is not removable like a PCIe or SATA hard disk, but rather the microchips for SSD storage are physically soldered to the motherboard.
• Physically seal devices: The screws that hold a device together can range from standard to proprietary. As trivial as this sounds, if a cyber criminal does not have the tools to open a device, they are less likely to gain access.

By following these strategies, IT teams can be confident they are well prepared to defend against a range of cyber attacks. Taking these steps now will make the organisation more secure in the future.

Scott Hesford is the director of solutions engineering, Asia-Pacific and Japan at BeyondTrust.