One of the main negative consequences of the continuous development of technologies is the proportional development of harmful activities on the Internet, in particular cyber attacks. In recent years, cyber attacks have become more sophisticated and extensive than ever. Worst of all, the attacks are probably just beginning to develop. In order to combat them, companies must have stricter security measures. Outdated approaches to cyber security have stopped cutting them off.
Nowadays, many cyber security attacks are highly targeted. Attackers spend a lot of time gathering information about their prey (usually months) and carefully look for the slightest chance to attack them. Organisations that do not invest in cyber threat intelligence are the weakest in the light of such attacks. In addition to avoiding zero-day vulnerabilities, organizations must protect the endpoints of their systems and develop an intelligent response plan for cyberspace violations.
Cyber Threat Intelligence (CTI)
According to Gartner, threat information is evidence-based knowledge, including context, mechanisms, indicators, implications and practical advice, about an existing or emerging threat or asset vulnerability that can be used to make informed decisions about how an actor will respond to that threat or vulnerability.
Simply put, it is about collecting and processing information about threatening actors and their methods for defence purposes. CTI solutions typically include artificial intelligence and machine learning and can be integrated with other security solutions to ensure accurate data processing. In its approach to cyber security, CTI helps organisations to be more proactive than reactive.
By enabling analysts to analyze the vast amount of data available, these solutions help organizations understand the risks associated with cybersecurity and implement effective defense measures – the cybersecurity pathway. In particular, cyber threat intelligence helps IT teams better manage and even prevent zero-day exploits by continuously alerting them to vulnerabilities and compromise indicators.
Unlike other technological approaches to the collection and processing of security data (such as SASE), ICT is less dependent on automation and more on people. An effective CTI requires not only the right tools, but also trained and intuitive analysts.
However, there is a serious problem in this respect. According to a survey among ICT professionals conducted by Cyber Security Insiders, 85% have little or no training in Open Source Intelligence (OSINT) techniques and risks.
The increasing complexity of cybersecurity today has made intelligence-led cybersecurity inescapable. Companies need to invest in the right tools and people (analysts, researchers, etc.).
End point protection
If we reduce cyber security to its simplest expression, we find that it is only a matter of endpoint protection. However, the emphasis on the security of the terminals is becoming more and more important because of remote working. With Steve working from home, Jane from another city and Alex from an entirely different country, it is much more difficult for organizations to secure access points to prevent malware and other malware from infiltrating their network. Not to mention the effects of the evolving BYOD policy.
If cybersecurity were to be seen as a war, terminal security would be at the forefront. As a result, the company that cannot defend its endpoints has already lost the war against the attackers. At the moment, the security situation at the end of the day looks depressing. According to Delta Risk’s Endpoint Security Survey 2020:
- In 55% of the organisations an increase in the safety risk of the terminal was observed,
- 34% of organisations have experienced one or more endpoint attacks that have successfully compromised data or the IT infrastructure, and
- 67% believe that there is a moderate chance that they will fall victim to a successful cyber attack in the next 12 months.
The end point of terminal security is privacy. Data is the most valuable resource in the world (and in every company). As a company, you therefore do not want to lose or have access to your data. A perfect protection of the terminal must be aimed at the protection of the data. Access point security solutions generally work on a client-server model, although some are offered in SaaS mode. Note that while firewalls and VPNs play an important role in preventing hacker attacks, they differ from the security of access points. However, both can be implemented on the platform.
Some of the most secure technologies for implementing endpoint protection are (but are not limited to) the following:
- SDP: A software-defined perimeter is useful to protect users’ access to remote network resources. The SDP is ideal for the protection of IoT terminals that require light transmission and which generally cannot be adapted to other enterprise-level security tools.
- The next generation VPN: Unlike older tools, advanced VPNs provide full traffic visibility, ensure no mistrust and are equipped with a threat detection system. These are very important factors for the protection of the termination points.
- DWG: The Secure Web Gateway protects users from threats by enforcing an in-house cyber security policy. It communicates between the user’s device and network access and carefully scans incoming and outgoing data for malicious or simply unwanted (depending on policy) components.
- Firewall: Firewalls filter traffic between the Internet and the corporate network instead of focusing on protecting the endpoints. Both seem to fulfil the same functions, but they work on different levels. One firewall is never enough.
Cyber-Spotlight Response Plan
There’s so much to say about crime prevention. But what happens if the attack is successful? What happens after the data breach?
In general, most companies are better able to respond to disruptions in cyberspace. Let’s take a look at the results of a 2020 cyber security vulnerability study conducted by the UK Department of Culture, Digital Technology, Media and Sport. Here are the most common responses to injuries in cyberspace:
- in search of a source
- Giving people specific roles and responsibilities
- Impact assessment
- official accident notification
However, only 21% of companies are involved in all four types of activities, while 30% have no activities at all. This suggests that companies’ response to data breaches is generally not very comprehensive, with more companies (64%) focusing on preventing future data breaches. But how can a threat prevention plan be viable without an adequate response to an incident to fully understand the situation, identify vulnerabilities and calculate risks?
The following tips will help you develop a strong infringement plan:
- Establish a response policy that includes a risk assessment detailing alarm levels for different types of incidents and defining the roles and responsibilities of each person involved in the process.
- Set up contingency plans to support your business, even if a serious incident occurs.
- Ask all your employees to participate in an awareness program that prepares them for incidental situations. Simulate attack scenarios and practice your plans.
- After an incident, evaluate the breach to determine the effectiveness of your plans and identify lessons learned, opportunities and other risks.
The safest way to prepare corporate data security for future complex attacks is to stay one step ahead of the attackers. There is no greater guarantee of this than a three-pronged approach with intelligence and protection, comprehensive access point security and a proactive response plan in the event of an attack.
About the author : Joseph Chukvube is the founder of Digitage (https://digitage.net). He is involved in cyber security, e-commerce and lifestyle issues and is the author of publications in Infosecurity Magazine, The HuffingtonPost and others.
Editor’s note : The opinions expressed in this article by the guest author are those of the author alone and do not necessarily reflect the views of Tripwire, In
steps to take after a cyber attack,what to do during a cyber attack,aftermath of a cyber attack,cyber attack notification,how to deal with security breaches,what should a company do after a data breach,cyber security plan template,cyber security planning guide,cyber security documentation pdf,cyber security study guide pdf,how is cybersecurity implemented,planning for security in information security,cyber security predictions 2020,new physical security technology 2020,can we predict cyber crime,cybersecurity predictions 2021,current trend in cyber security,security predictions 2019