Special Report: How do you protect a borderless network?
A diverse IT landscape demands visibility at numerous touch points
IT security managers face an almost insurmountable challenge-they now have to protect everything in a network with almost no perimeter.
The merging of IT and OT is a good example of this complexity in action.
The convergence of IT and OT is a reality in today’s digital era. But this convergence has connected once-isolated OT systems to a variety of attack paths.
Tenable recently released a report, the ‘Cybersecurity in Operational Technology: 7 Insights You Need to Know’, a study carried out to identify the true extent of cyber attacks experienced by critical infrastructure operators — professionals in industries using industrial control systems (ICS) and operational technology (OT).
The Tenable study confirms that threats to critical infrastructure are real, severe and ongoing. It found out that 90% of respondents stated their environments had been damaged by at least one cyber attack over the past two years, with 62% experiencing two or more attacks.
“The people who manage critical systems such as manufacturing plants and transportation almost unanimously state that they are fighting-off cyberattacks on a regular basis,” says Eitan Goldstein, senior director of strategic initiatives, Tenable.
“Organisations need visibility into their converged IT/OT environments to not only identify where vulnerabilities exist but also prioritise which to remediate first. The converged IT/OT cyber problem is one that cybersecurity and critical infrastructure teams must face together,” Goldstein said.
A related technology is IoT, whose potential is only growing in tandem with security risks associated with it. To cope, organisations in the Middle East are increasingly adopting encryption to protect this data from internal and external threats.
According to the 2019 Middle East Encryption Trends Study sponsored by nCipher, 36% of respondents in the Middle East report their organisation has an overall encryption strategy applied consistently across the entire enterprise, a number that has risen during the past three years. The use of hardware security modules (HSMs) to protect and manage encryption keys has increased from 28% to 50% over the past year – the largest jump of any region surveyed.
“We (Middle East region) are behind the rest of the world in encrypting data-at 36% while the rest of developed is about 50%. But the gap is closing. The reason is that now, more than ever, organisations have more reasons to encrypt their data. Our survey shows that organisations are increasingly choosing encryption to protect themselves and securing client information and less so about meeting regulatory compliance which was the main driver before,” says Hamid Qureshi, regional sales manager, nCipher.
An emerging cyber defence strategy is going beyond IT assets and actually moving to protect the end user. This approach seeks to solve the core problem of traditional cybersecurity architectures that were built to primarily protect the network, not the people at the heart of targeted attacks.
“In the past, people used to focus on physical security, then shifted to firewalls and then at a later stage we started talking about network security, and then data security. Today, we focus on the most important assets in the organisations, and this is the human factor. And that's why we need to pursue a human-centric approach to cybersecurity,” says Emile Abou Saleh, regional director of Middle East and Africa for Proofpoint.
Recent Proofpoint research shows that infosec professionals reported a higher frequency of all types of social engineering attacks year over year – with 83% of global respondents experiencing phishing attacks in 2018, demonstrating a 9% year-over-year increase and 64% experiencing spear phishing attacks.
“At a certain point of time, hackers were only interested in the most important person in an organisation as a target. You. But then they discovered that it’s not always the case that the most important person will deliver the best ROI, which completely changed the dynamics of phishing campaigns.
“So organisations now have to identify the most targeted people within their firms and understand why they are being targeted. Then consider what measures they need to put in place and deploy to protect them,” says Saleh.
Vulnerabilities lie where most IT security managers often fail to look-internally. “One might expect the greatest threats to be hackers, but only 25% of attacks were the result according to our (nCipher) study. A staggering 67% of vulnerabilities were internal,” Qureshi observes.
Effective threat intelligence can help, a lot.
Mimecast has recently unveiled the Threat Centre, a service that brings together a group of cybersecurity experts providing threat intelligence to help organisations convert threat information into value for the business.
The Threat Centre combines email, and web data to offer actionable threat insights that can be used to better manage and prioritise threats. The Centre will produce a variety of reports, including threat research on vulnerabilities, analysis on targeted malware, insights on targeted threats hitting specific industries and quarterly Email Security Risk Assessments (ESRAs).
Mimecast blocks more than one billion unwanted emails every day – these include spam, phishing, directory harvest attacks, and malware emails ranging from nuisance to extremely dangerous emails, offering the team a unique view of threat landscape from email-based attacks. The threat intelligence that the team provides is gleaned from the analysis of billions of anonymised emails and web traffic across global data grids, which provides insights on targeted attacks and other malware embedded in documents and URLs. This information is shared to inform organisations and the cybersecurity ecosystem on emerging tactics, techniques, and procedures.
“As you can imagine we've been collecting telemetry and intelligence since the inception of the product in order to feed the efficacy of the blocking systems that we have. The Threat Centre is essentially a product to surface all of that information that historically has been held internally by Mimecast and make it available to end users in two forms. One is through a UI that's part of the product which security teams can use themselves based on their verticals through the API feed. Those with a Threat Intelligence Centre can offload all this intel and feed it into centralised threat management and use that data for their defence,” says Marc French, senior vice president and chief trust officer.
“In addition, we have our own research team that can create data for users specific to the industry, corporate size or region and then produce intelligence and enrichment over and above what they would normally access through core raw data,” French adds.
To tie the whole security strategy together is, or should be, awareness.
IT and security team are generally aware of security best practices. Not so much with the rest of the employee base. And cybercriminals realise that.
Hackers are putting extra efforts to carry out social engineering attacks on unsuspecting employees. A typical tactic is to build a basic profile of cadres of employees based on what would trigger their interest, then launch an attack. A popular one is the ‘time-bound’ attack where the target receives an e-mail demanding they activate their e-mail within, say, 24 hours, or they will lose access to their e-mail account, exerting indirect pressure on the target to act.
“Numerous people are clicking on such malicious links and even giving up their user names and passwords. This is where we really need to improve the awareness level and educate users to generally avoid clicking on links sent through emails; go to the website directly,” Saleh of Proofpoint cautions.