Ep. 23 – security, Security, SECURITY

Due to recent news, In today’s episode, we will provide an update on current issues related to Cybersecurity, lessons learned, and best practices. Click on Subscribe if you want to be informed of new episodes.

It doesn’t matter how good you are as an IT business leader or what your security approach is; Cybersecurity will continue to be a topic of periodic reviews and updates in the oncoming years.

Why are Security and Cybersecurity more prominent topics in recent months?

As you may know, several subscribers of this Newsletter are Subject Matter Experts on the topic. So rather than giving you an ample explanation, I would like to show some trends and facts affecting us. and facts affecting us.

1.     Do you agree that “the new normal” (activities performed by people and organizations to deal with COVID-19 social distancing guidelines) and “the next normal” (activities performed by people and organizations to recover the economy based on lessons learned during COVID-19) have broken many assumptions about the physical concentration of information and information workers?

In the past, it was much easier to concentrate security on a main site or on registered devices from authorized employees to access information. Now many organizations must support extended virtual teams who access IT assets using their own devices — a big change.

2.     The Digital Transformation Journey that many organizations have embarked on includes adopting new IT assets that create additional security exposure to IT (Security Surface of Attack?).

Think of IoT / IIoT devices or applications sharing information via smart connections (APIs) or remote employees accessing the corporate network using their router and intranet, which may not have current Firmware updates.

3.     There is evidence that Hacker groups are collaborating globally, and there is also evidence they are incorporating AI-based tools to identify exploitation points in their targeted organizations.

4.     The Russian-Ukraine conflict. CISA and FBI published an advisory note on Feb 26, alerting organizations to improve their cybersecurity practices and solutions due to the Russia-Ukraine conflict.

A quick example: Last May, the US Library of Congress asked for an increase in their IT Budget as they identified hacker groups trying to penetrate their site. Still, on July 8, they reported an incident led by a Russian Hacker Group that penetrated their site, compromising the access (but no data).

You may think this is an isolated case, but sadly, this is not the case.

Microsoft said in a report on June 22 that their researchers identified 128 organizations in 42 countries that were attacked recently by the same groups in stealthy espionage-focused attacks with the cooperation of the Russian government.

Lessons Learned and Best Practices for Improving Cybersecurity

Good news is bad news: The infrastructure’s security depends on the weakest link.

End-user education: educating end-users on Cybersecurity policies and best practices is a never-ending and ongoing task.

  1. Enable multifactor authentication: Nowadays is a widespread practice in Financial and Insurance organizations to protect Customer Access. Some organizations are exploring doing the same for Employees Access. 
  2. Set antivirus and antimalware programs to conduct regular scans: No comments needed.
  3. Enable strong spam filters to prevent phishing emails from reaching end-users: It looks simple to fix. Still, phishing emails are a common way hackers access information needed to impersonate authorized users.   
  4. Update software; and   
  5. Filter network traffic: several approaches for improving this: Segmenting assets, Zero Trust Policies, among others.

Update Cybersecurity Platforms to incorporate:

1.     AI-based algorithms to identify malicious activity: (SIEM, Security Information Event Management)

 As hackers use AI-based tools to identify new penetration points, it is wise to use the same technology to detect early suspicious activity on the intranet/extranet or compromised areas in the security attack surface.

2.     APIs Application cybersecurity clearance: An API is an intelligent application connector. These APIs are required to provide effective communication to simple to use, simple to integrate (“composable”) applications. IDG recently, among others, is commenting on the importance of validating the security clearance of all APIs.

3.     Upgrading Network Security with edge-based solutions: Two trends: Smaller virtual offices and information workers working remotely interacting with extended virtual teams. Using remote edge devices to support global networks has become a very effective way to monitor and control networks.

4.     Improve Security approach to cover IT and OT Convergence: Many organizations have a more complex security attack surface due to IT and OT convergence (Information Technology and Operational Technology). Think of IoT/IIoT assets and Manufacturing digital-born assets.

Implementing a security approach based on IT / OT convergence makes sense. There are several Security providers who are making substantial investments to cover this new trend.

Good enough?

Section Bar

What are your thoughts on the subjects raised in this edition of the Digital Acceleration Newsletter?

I hope you find them valuable and pertinent. Your feedback is appreciated.

Share them in the comments below, and if you have ideas about other topics you’d like to see covered in this newsletter, feel free to add those suggestions.