Now, more than ever, cybersecurity teams are seeking to become more agile. They help organisations meet regulatory compliance requirements, align to industry best practices, and accelerate business transformation initiatives. Effective cybersecurity acts as a business enabler – building customer, shareholder, and employee trust. This enables organisations to protect and enhance their reputation and reduces the risk of the many negative consequences of a cybersecurity breach.
By providing value to the business, cybersecurity helps differentiate in an otherwise crowded marketplace and improves users’ and customers’ experience. From on-premise IT, mobile devices, connected operational systems, to public, private, and hybrid technology deployments, cybersecurity leaders need the confidence that their infrastructure and data are adequately protected.
For several years now, Dimension Data publishes an Executive Guide that provides insights in and analysis from the shifting threat landscape, with best practice guidance and practical measures to bolster cybersecurity defences, including the following:
- Cryptojacking, also known as coin mining, cryptomining, and cryptocurrency mining, isn’t necessarily all unlawful: for instance, users may install a coin mining programme on their personal system to generate cryptocurrency for themselves, using their own computing resources. But it becomes illegal when they use someone else’s resources – CPU power and energy – without their knowledge or permission, to mine cryptocurrency for their own financial benefit. In 2018, cryptojacking, while still in its infancy, caught many organisations off-guard and represented a significant amount of hostile activity. Protect your organisation from the threat of cryptojacking by applying ‘least privilege’ controls and implementing egress and ingress filtering restrictions, as well as browser plugins to limit site functionality. Also, deny Stratum protocol usage, and segment your network environments.
- Credential theft isn’t a concept that’s new to most people – but in the context of cybersecurity, it’s become increasingly prevalent over the last few years. Credentials are the ‘keys to your kingdom’, protecting your organisation’s networks and data from unauthorised access. This makes stolen credentials a valuable target for threat actors. Dimension Data’s observations reveal that phishing and malware are cybercriminals’ techniques of choice when it comes to launching credential theft campaigns and sees a spike in the number of credential theft attacks targeting cloud platforms. Successfully fending off credential theft attacks on your business involves implementing multi-factor authentication, segmenting your network environment, and enforcing ‘least privilege’ and segregation of duties. Other recommendations include implementing network activity monitoring and data loss prevention, as well as educating your employees to be vigilant about phishing attacks.
- Web-based attacks aren’t new and have been frequently o-rved for some years. Dimension Data, however, has seen an alarming increase in recent cyberattacks in this area. In fact, they doubled year-on-year, accounting for 32% of all attacks detected during 2018, representing the top type of hostile activity. Web-based attacks target web-application and application-specific vulnerabilities in technologies frequently used by many businesses. Any organisation that has a web presence is exposed to these attacks: the larger their web presence, the greater the attack surface. Compounding the challenge is that today, more companies’ applications are being housed in the cloud which exposes the organisation to new attack types. Dimension Data’s advice to help protect yourself from web-based attacks includes prioritising patching, segmenting your network environment, and enforcing secure coding practices. Also consider deploying application-aware firewalls and performing regular vulnerability scanning.
- Regulatory compliance is a well-known IT risk management challenge faced by many organisations. Last year, data protection and privacy dominated media headlines, spurred by the introduction of the General Data Protection Regulation (GDPR) which came into effect in Europe in May 2018. This caused a stir globally regarding data protection principles and personal privacy rights. Subsequently, a number of other countries have implemented new data protection regulations or are ‘beefing up’ their existing compliance frameworks and regimes. Data protection principles and personal privacy rights should put cybersecurity firmly on the boardroom agenda. Dimension Data recommends ensuring that executives understand how cybersecurity and data protection can deliver (or, if ignored, can potentially erode) tangible business value. This will gain their attention and help secure the appropriate investment and drive a top-down focus on changing the behaviours and culture throughout the organisation regarding these issues.
While the threat landscape will continue to evolve, and the emergence of new, more sophisticated vulnerabilities and attack vectors is inevitable, we should constantly prepare for fighting cybercrime. Keeping an eye on and investing in cybersecurity innovations will ensure that you remain agile and that your business is geared to adapt to the ever-evolving threat landscape. But bear in mind that you’ll need to adapt and change your mindset as well: security must be embedded into the business’ strategy upfront, not as an afterthought. (Source: Dimension Data)