Competing in today’s digital marketplace requires that organizations be cyber-savvy. End users and customers need organizations to understand things like web application development, digital shopping and other online transactions, the effective use of social media, and using digital tools to get and keep customers. And with all of this digital transformation taking place, cybercriminals are relying on organizations to implement security as an afterthought, which often results in new security gaps that can be easily exploited.

Cyberattacks range from targeting your database to steal information that can be sold on the dark web, to hijacking unused CPU cycles on your devices to mine for cryptocurrencies, or trying to infect vulnerable systems so they can be used later as part of a botnet. Another common threat to digital business is ransomware. Recent ransomware attacks have cost affected organizations anywhere from thousands to millions of dollars to recover, including recovering hijacked data and devices, network downtime, and lost business – not to mention restoring your brand.

What You Can Do

Regardless of how it happens, the fact is that your organization will eventually be the target of a cyberattack. The best defense is to start with a security-driven development and networking strategy that builds a hardened digital presence from the ground up. This not only ensures that your online services and web applications are protected from compromise, but also enables security to automatically evolve and adapt right alongside the development of your digital presence, rather than it having to be constantly rigged and retrofitted to adapt to digital innovation.

Here is a quick checklist of seven things your organization needs to keep in mind to build and maintain such a secure cyber presence.

1. Secure your cloud. If you have resources on the cloud, remember that cloud providers generally only protect the underlying infrastructure your resources are sitting on. It is your responsibility to protect your data, applications, and any virtual infrastructure that is in place. Cloud security gets even more complex as organizations adopt a multi-cloud strategy, especially a hybrid system that includes virtual private networks, IaaS, and SaaS solutions, as well as DevOps application development. Similarly, cloud on-ramp, SD-WAN, and branch office strategies that simultaneously connect remote users and devices to the cloud, the corporate data center, and the public internet can result in vendor and security solution sprawl that can actually reduce visibility and increase overhead. Be sure to choose a vendor and solutions that can provide consistent security and centralized management across your entire distributed cloud and on-prem infrastructure.

2. Zero Trust Network Access. Many of the most damaging breaches have been the result of users gaining access to unauthorized levels of network resources and devices. Addressing this issue requires an enforceable, identity-driven access policy that includes seamless and secure two-factor/OTP authentication across the organization. Zero Trust Network Access ensures that all users and devices are identified, profiled, and provided appropriate network access. It also ensures that new devices are automatically assigned to appropriate network segments based on things like device profiles and owners. When combined with Network Access Control (NAC), organizations can also discover, identify, grant appropriate access, and monitor devices, thereby enhancing your access and segmentation strategy.

3. Understand privacy laws. If you live in the EU or do business there, you are probably already aware of the penalties related to failing to protect the data of your customers due to GDPR. If you don’t, you can expect new data privacy laws along the same lines. It is best to prepare now to ensure that your customer data is protected. In addition, new regulations include the “right to be forgotten,” which means your website, database, and internal systems all need to be designed so you can quickly and easily remove all traces of their account and information from your environment if requested. To help with this process, look for security tools that specifically provide compliance assessments and guidance.

4. Monitor your web presence. We have seen a rise in cybercriminals such as MageCart inserting credit card skimmer malware into vulnerable websites. Cross-site scripting (XSS), SQL injection, broken access controls, and more can leave you and your customers exposed. In addition to compromising your website and web applications, they can even compromise your online advertisements if they are not hosted properly. Implementing tools like web application firewalls can protect your website, Cloud Access Security Broker (CASB) solutions to secure SaaS applications, and endpoint security tools to close the gap at the network edge for mobile users. Remember that the best strategy is to select solutions that are designed to function as a single, integrated system rather than as isolated point products.

5. Harden your apps. Mobile devices, especially Android-based systems, are a growing threat vector. There has been a rise in cybercriminals corrupting vulnerable apps and then reposting them to steal data and ransom devices. This can be due to anything from programming flaws to using a corrupted application development tool provided by someone else. If you have an app that can be downloaded and run on a personal device, you naturally need to ensure that your development team is using best practices. But you should also ensure it is regularly downloaded and run to ensure it hasn’t been tampered with. Addressing this challenge requires having a reliable set of security tools that can be leveraged during the development of applications, as well as endpoint security tools that can identify and prevent malicious applications from compromising endpoint devices.

6. Protect your wireless access. Secure wireless access points are essential for providing differentiated secure network access for employees, contractors, and guests or customers. Hijacking Wi-Fi systems is a serious problem, leading to things like man-in-the-middle attacks and the downloading of malware onto user devices that can steal data or act as a conduit into the organization’s internal network. Look for a wireless solution that has been specifically designed to prevent unauthorized access, that can identify things like spoofing and rogue access points. By running all wireless traffic through a next-gen firewall, wireless connections can receive the same protections as untrusted traffic coming from the internet.

7. Extend your SD-WAN security to your remote locations. Organizations with multiple branch, campus, or retail locations not only need to ensure secure connectivity to their remote offices, but they also need to secure and manage the local branch LAN. But because most remote locations do not have onsite IT staff, securing a branch location’s local network needs to be simple as well as comprehensive. One effective strategy is to implement a Secure SD-Branch solution that extends the integrated security and connectivity functions of Secure SD-WAN deep into the branch network. This strategy secures the branch’s wireless and physical network access systems, provides Network Access Control, monitors and secures a wide variety of traditional and IoT on-site devices – such as refrigeration units, cash registers, inventory control systems, smart whiteboards, and even printers and copy machines, and monitors and secures LAN traffic through a single, integrated solution.

Begin with Security in Mind

Today, to compete effectively in the digital marketplace, cybersecurity needs to be at the top of your list of things you understand and care about. A security-driven networking strategy built around integrated security solutions will enable you to quickly and confidently adapt to market changes and significantly reduce the overhead tied to managing a cumbersome overlay security solution and complex vendor and solution sprawl that can actually reduce visibility and control. Starting with security, rather than adding it later, will give you a critical advantage in the global competition for customers and market share.

John Maddison is Sr. Vice President, Products and Solutions at Fortinet. He has more than 20 years of experience in the telecommunications, IT Infrastructure, and security industries. Previously he held positions as general manager data center division and senior vice president core technology at Trend Micro. Before that John was senior director of product management at Lucent Technologies. He has lived and worked in Europe, Asia, and the United States. John graduated with a bachelor of telecommunications engineering degree from Plymouth University, United Kingdom.

Tags:

Source: Implementing Cyber Best Practices Requires a Security-First Approach

The Evolution of Identity!

The Evolution of Identity!

Join our mailing list to receive the latest news on Healthcare.

You have Successfully Subscribed!