By Rick McElroy,
Principal Cybersecurity Strategist, VMware Carbon Black
If the past year taught
us anything, it's that people and data are two of the most valuable assets a
company can protect. As the pandemic began to spread worldwide, organizations
took the proper measures to protect the health of their employees transitioning
to remote workforces. With this sudden shift, many quickly realized there would
be new challenges and threats when it came to protecting their data, especially
as organizations accelerated cloud adoption. An IDC report indicated that 59 Zettabytes of data would be created, captured, copied, and consumed this year alone
with no sign of that slowing down.
The increased
diversification of threats online continues to put the security of this data at
risk, with cybercrime as a business exceeding $1.5 trillion each year. More personally identifiable information such as credit cards, birth dates and social security numbers are being sold on the dark web every day for small
dollar amounts, but costing those impacted by attacks a great deal more.
Together, this is jeopardizing the consumer and stakeholder trust while
creating steep fines and consequences. While data privacy and protection can
seem daunting, CISOs, CIOs and all leaders should consider the following best
practices to improve both data protection measures and cybersecurity
initiatives:
- Understand where vulnerabilities lie: Get a baseline understanding on where
vulnerabilities lie. A "Red Team" or "Purple Team" (using third party plus
in-house security experts) audit and/or cyber-hunt exercise can help
expose where systems are vulnerable and where increased controls need to
be applied. Pen tests and general audits are also recommended.
- Use multi-factor authentication: Multi-factor authentication with "just in time"
administration should be deployed to Web servers and servers holding key
data. Websites that are accessible to the general public should be
reviewed for accuracy continuously.
- Deploy application control: Whitelisting on critical servers can help
ensure they do not touch the public Internet. Place them in high
enforcement and only allow approved programs to run. Stop all unauthorized
file or memory modifications.
- Create a micro-segmentation strategy: A comprehensive micro-segmentation strategy
should be executed again to help protect the business network. Flat
networks are much more easily hacked.
- Deploy endpoint detection and response
(EDR) technology: EDR, as well as
non-signature based next-generation antivirus (NGAV), uses unfiltered data
to detect and remediate advanced attacks. Remember, the endpoint is the
easiest attack surface for hackers.
- Secure workloads against modern attacks: Attackers have increasingly been using advanced
hacking techniques in order to bypass traditional security tools, allowing
them to stay in an organization's data center undetected for weeks on end. Taking advantage of advanced workload protection can
block both known and unknown attacks, keeping your most valuable assets
safe.
- Educate! Stay up to date on the latest attack
methodologies and attack vehicles. Ensure that everyone in your network,
your administration and your leadership team understand the importance of
cybersecurity, how to avoid phishing attacks, and how to maintain a secure
environment.
With many hopeful that
the vaccine will bring us all back to the office sooner, it's critical that
organizations understand the impact this past year has had on the critical need
to improve data privacy and cybersecurity measures. A great example of this
being put in motion is by states like California, which in November voted to
enact the CPRA, a
stricter version of the original CCPA as a means to strengthen data protection.
James Alliband, Security Strategist at VMware Carbon Black, recently noted
"It's never been more important to take on a security-first mindset not just in
business, but in personal life as well, for a stronger, more well-rounded security
posture. Organizations can help make this possible by providing the necessary,
regular training to empower employees, without feeling vulnerable. In the end, it's all about providing people
with the proper tools, assets and resources they need to do their jobs safely
and empowering them with the knowledge and responsibility to do so." As a
privacy advocate, I agree that this type of education could significantly
improve the security landscape as it stands now.
Today, CISOs share
responsibility for privacy enforcement, adding more pressure to the
traditionally strained role. Moving forward, to allow security roles to learn
more about privacy, organizations will either have to invest in automation and
the proper tooling to bolster cybersecurity measures or appoint Chief Privacy
Officers in a new role focused solely on data privacy. Overall, the practices
discussed today should serve as a guide for corporations and consumers as we
continue to navigate this rapidly evolving digital landscape.
##
ABOUT THE AUTHOR
Rick McElroy, Principal Cybersecurity Strategist at VMware Carbon
Black, has 20 years of information security experience educating and advising organizations
on reducing their risk posture and tackling tough security challenges. He has
held security positions with the U.S. Department of Defense, and in several
industries including retail, insurance, entertainment, cloud computing, and
higher education.
McElroy's experience ranges from performing penetration testing to building and
leading security programs. He is a Certified Information Systems Security
Professional (CISSP), a Certified Information Security Manager (CSIM), and
Certified in Risk and Information Systems Control (CRISC). As a United States
Marine, McElroy's work included physical security and counterterrorism
services. His current role takes him all over the world working with
organizations to improve their security strategies and speaking on security and
privacy.