Recent events in the Ukraine have left many people uncertain of what's coming next. Our hearts and thoughts go out to the families who’ve been affected by this tragic mark in history, and we hope they can reach a peaceful accord soon.
For everyone anxiously awaiting the next cyberattack, we hear you. While we have seen no major cyber activity outside of “traditional” threats in Ukraine, things are very dynamic, and concerns are heavy.
To prepare for the worst-case scenario, we wanted to provide you with some precautionary measures to take in your own environment. The concerns come not only from the obvious threats but also from additional outside actors, provocateurs, and anarchists that could leverage script kitties, lone wolf actors or nation state resources.
It’s a lot to consider. The best advice we can give is to get on board with the Zero Trust approach. Zero Trust enables you to secure every nook and cranny of your environment against potential (and unknowable) cyber-attacks. Below, we’ve detailed some suggestions to get started with Zero Trust and some of its key principles.
Adopting a Zero Trust mindset and aligning your security protocols, procedures, and guidelines around it is the best way to eliminate unwanted access to your environment. Why? Let’s walk through the key principles of a Zero Trust Architecture to learn more.
You can learn more about Zero Trust Adoption in our blog, “Your Top five Zero Trust Architecture Questions Answered.”
As you ramp up to defend your environment, consider:
Let’s break these down.
Performing Regular Patch Updates (as prescribed)
Make sure you’re regularly installing patch updates. You can stay up to date on current patches by visiting Cisco Talos Patch Tuesday. Each month, they release a new list of bugs and patches for your systems. Staying on top of this will ensure that you are zipping up any potential vulnerabilities within your environment. This will shrink a hacker's ability to exploit any unintended weaknesses in your security posture.
For more information, subscribe to the Cisco Talos blog to receive monthly updates.
Maintaining a thorough asset inventory
Know your environment! If you are aware of your endpoints, applications, hardware, etc. within your environment, then you can deploy the security protocol to keep those assets from becoming easy targets for threat actors.
Deploying Multi-Factor Authentication (MFA)
MFA is one of the first steps towards Zero Trust Adoption and is the key to establishing user trust. This Zero Trust component has one of the highest impacts on threat mitigation, but we’ll cover more of that later.
Implementing Network Segmentation
According to Palo Alto Networks,
“Segmentation should be done from the inside out. You first determine what you are protecting. This is typically data, applications, assets, or services that are sensitive, regulated, or in other ways, important to your company. This defines the protect surface, which is the smallest possible outcome of our mandate to reduce the attack surface.” [1]
The idea behind network segmentation is to limit access privileges to ONLY those who absolutely need it and to reduce the number of network users in different zones. This helps limit gaps and vulnerabilities by removing unnecessary cooks in the kitchen.
Increasing Environment visibility
Visibility into your environment allows you to track device activity to detect risks and account for takeover attempts. We’ve had instances where customers weren't aware of how many devices they had running within their environment. This happens when the number of devices is particularly large. Using solutions like Cisco ThousandEyes can help you reclaim and monitor your devices with optimal visibility.
You can try Cisco ThousandEyes for free.
Performing Active Threat Hunting
Continuous threat hunting and environmental monitoring will ensure that you’re rarely caught off guard. Sometimes, it only takes a matter of moments for a threat to wreak havoc on your internal system. Ransomware of the metamorphic variety can change file name and jump from one computer to another in no time at all. This is crucial for threat containment limiting exposure and damage resulting in more efficient mitigation.
If you’re not ready to or are in the process of adopting a Zero Trust architecture, we recommend you focus on these three components first.
Here’s why.
Multi-factor Authentication (MFA)
As we mentioned earlier, MFA is the first step to implementing a Zero Trust strategy and plays a critical role in establishing user trust as it ensures resource access ONLY goes to authorized users. According to Cisco, 90+% of all their Talos Incident Response (IR) engagements are related to:
If you do not currently use a third-party MFA application, consider trying Cisco DUO. You can access a free trial here.
Endpoint Detection and Response (EDR)
This solution is critical for endpoint security, especially if you have several employees on your network. EDR constantly monitors end-user devices to detect cyber threats and respond to them in a timely manner. Using this solution can reduce downtime, should an end-user accidentally invite ransomware or malware into your environment, by mitigating the threat as it appears.
If you’re looking for an EDR solution, try Cisco Secure Endpoint for free.
Security Awareness Training
The hacking attempts we’ve seen have become increasingly more intelligent and harder to mitigate. According to Veeam’s 2021 Ransomware Retrospective, spam emails were the culprit behind 60% of all infection sources. Additionally, 34% of customers were infected from a SINGLE endpoint. [2] The data suggests that more than half of breaches could have been mitigated with end user education and (security awareness training). Your end-users and their endpoints could be your first line of defense OR your first vulnerability.
If you have “accepted risk” in your environment, now’s the time to revisit that decision, harden your environment, and isolate and monitor aggressively. Threat actors have become more intelligent with their infiltration strategies and more persistent. Companies responsible for data or valuable information are at risk. Data and information have become the most valuable commodities for hackers and a Zero Trust Architecture is the best way to proactively defend against their tactics. If you need help with implementing a ZTA or additional information on any of the solutions that can help secure your environment, we recommend you find a credentialed IT Consultant or Managed Service Provider (like ourselves) with expertise in Zero Trust.
If you have concerns or questions about any of the strategies or solutions we covered in this blog, please contact our Security Team.
To get updates direct from Cisco Talos, join the RU-UA Informational Webex space.
New Coverage Released:
OSQueries
Sources