HCL Roundtable: Securing Endpoints and Ensuring Compliance
Sponsored content: Tuesday, 9th February 2021 – ASEAN
Enterprises are under increasing pressure to protect data from breaches in an aggressive attack environment. The global pandemic has compounded these challenges, with companies embarking on the largest-ever work-from-home experiment. The shift has forced enterprises to rethink how security is delivered and ensured. That includes critical tasks, such as patch management, compliance and reducing overall risk. Enterprises are re-evaluating their security software and toolkits to adjust for new threats and risks but with an eye on reducing complexity. Budgets are also a top concern. While the global economy slows, threats are not abating. Security professionals must find new ways to solve problems and reduce risks on tight budgets, which means the tools must perform.
Attack surfaces – not getting smaller
While the spotlight in 2020 was firmly on the global COIVD-19 pandemic, the shift in worker’s location from a secure office perimeter to their homes created a massive global cybersecurity risk as well. These resulted from the bad actors also pivoting to infiltrate and breach networks to extract valuable data that was previously safe in the echelons of an office network. Some of the examples that made the news headlines were:
- Large Software Vendor – 5 servers used to store anonymised user analytics exposed on the internet
- Global skin care and fragrance company – 440 million records exposed due to middleware security failure
- International Hotel group – Email accounts infiltrated resulting in 5.2 million hotel guests affected
- Australian logistics group – Two ransomware attacks in a gap of 3 months
There is an exponential rise in security breaches reported. One of the breaches that made global news due to the reach of their platform was the compromise of Twitter accounts held by high profile celebrities. This brought to the forefront the concept of social engineering and how easily a few teenagers were able to gain access to those social media accounts. IT hygiene and the education of employees on the risks and effects has been highlighted to be of paramount importance on this journey of businesses trying to protect their biggest asset – Data. Especially in cases of ransomware, it is important to have detection capabilities and full visibility across the business operations which is the only way to systematically shutdown or quarantine the infected devices.
IT professionals have divulged that one of the most siloed and poorly coordinated actions are in software patch management leading to vulnerabilities leading to being highly susceptible to cyber-attacks. With a burgeoning network, manual risk assessment, inadequate staffing and skills, the centralising and automation of the patching strategy has seen a rise in advocacy across the globe. Browser security, Device control (regulating peripheral devices), Application control (black-white-grey listing of applications), BitLocker management and Vulnerability management and threat mitigation are multiple ways that the entry points of cyber criminals are blocked. All these also need to be executed with proper MFA and strict VPN policy implementation to connect to the company’s network by new normal way of ‘remote working’.
“With a dramatic shift to new ways of working at organisations, there is an increased complexity in managing corporate and BYO devices to ensure that they are protected and make them visible”, says Matthew Burns, Director, BigFix, Asia Pacific & Japan at HCL Software. “The word that sometimes confuses people is continuous compliance, while compliance and security policies are sometimes based on a milestone achievements of doing certain things to check the status. CISOs in organisations are now determining how to keep control of a distributed workforce to make sure that they’re secure and report back to the Board or CEO on the protected position. There are a lot of the commonalities around the same challenges as organisations in Japan, India, Malaysia, Singapore, Philippines and Australia are all facing the same problem.”
A recent notable breach sent warning bells across the world on how vulnerable even top companies are to the possibilities of cybercrime. The breach was undetected for months and the hacked code was sent out in software updates to its customers which created a backdoor to customers information technology systems which hackers then used to install malware enabling them to spy on those companies. The breach has served as a rude wake-up call to the cybersecurity industry and instituted the mindset of acting at all times as if there was already breaches in your network than reacting to attacks when found.
Humans have, time and again been tagged to be the weakest link in the security chain. A security embedded culture being fostered and implemented in organisations is key to completing the circle on systems and automation in the secure development lifecycle. From constant awareness messaging, posters etc. and combining that with reward and recognition accelerates the continuous improvement and protection vision for the institution. From keeping the awareness drive as a fun activity to enforcing accountability for decisions they make inculcates ownership and makes security everyone’s responsibility.
Visibility – The most important endpoint security capability
Suppliers, external users, smartphones, tablets, laptops and a myriad of IoT devices are connected to networks that are increasingly complex to manage, dispersed and heterogeneous and each asset is a potential attack point. “Visibility, control and smart automation are discussed respectively with organisations who embark on the discovery and endpoint protection journey with us. The primary discussion is always about visibility to uncover the endpoints, finding the softwares run on them and the operating systems used. With a lot of industries built on acquisitions and takeovers as part of their growth strategies, this bring new companies into an organisation with a whole lot of different assets”, says Matthew Burns, Director, BigFix, Asia Pacific & Japan at HCL Software. “We have more often than not, uncovered over-deployment of tools and consolidating those toolsets resulted in immediate cost savings as also better management. Our endpoint management platform enables IT Operations and Security teams to fully automate discovery, management and remediation – whether its on-premise, virtual, or cloud – regardless of operating system, location or connectivity.”
Monetary Authority of Singapore (MAS) has been planning to introduce changes to Technology Risk Management (TRM) and Business Continuity Management (BCM) guidelines that were first established in 2013 and 2003, respectively, which will require financial organisations to implement more measures, including cyber surveillance, to boost operational resilience. “A cyber-attack can result in a prolonged disruption of business activities. Threats are constantly present and evolving in sophistication. We cannot afford to be complacent. Financial institutions must therefore remain vigilant and have in place effective technology risk management practices and robust business continuity plans to ensure prompt and effective response and recovery.”, said Tan Yeow Seng, MAS Chief Cyber Security Office. There were three key categories of amendments.
- Additional guidance on the roles and responsibilities of the Board of Directors and Senior Management.
- More stringent assessments of third party vendors and entities that access the FI’s IT systems.
- Introduction of extensive monitoring, testing, reporting and sharing of cyber threats within the financial ecosystem.
These amended guidelines represents a strong step towards further strengthening the defences of Singapore’s financial ecosystem, placing the industry in good stead for the post-COVID economic recovery as also emphasising the ever evolving governments regulatory control and serious intent to fight cybercrimes in Asia and globally.
With more suppliers and service providers touching sensitive data, the attack surface of enterprises have changed drastically in the recent years. A third-party or value-chain attack occurs when your system is infiltrated by a partner or outside party who has access to your systems and data. A prime example would be the NotPetya malware that compromised a Ukrainian accounting software which disrupted operations of global corporations like a global integrated shipping company and a large delivery services company who had used that firm as a third party. While these kinds of breaches are not new, the nation state actors are getting more and more sophisticated in the tools they use to infiltrate enterprise networks and steal information and damage systems. In pursuit of cost savings, process efficiency and market differentiation in service delivery, corporations are increasing the use of third-party suppliers in the execution of their growth strategies. An oversight of the supplier risk management framework to evolve to the sourcing changes will result in painful commercial, regulatory and reputational risks, some of which might render the new supplier advantages into a rather disruptive situation. Hence the need to evaluate every outsourcing decision with the decision making and risk management framework. Vendor relationship complexity obfuscates cybersecurity risk in an interconnected IT ecosystem.
Security budgets – a component of business growth
In the interest of responding quickly to the pandemic instituted changes to ways of working, CISOs and CSOs have rolled out measures to ensure business continuity. Remote working has been established in industries that needed to quickly pivot from a 100% office based workforce to an almost completely remote based workforce and this has certainly put pressure on VPNs that experienced increased workloads. The fiscal budgets for 2021 are expected to shrink from various factors, the prominent one being a decrease in revenue due to the pandemic. However, with the ever increasing threats of cyber security breaches, CISOs would not compromise on investing in key priorities like Remote access, Next-gen identity and access controls, Automation, Security education and training, Third party security and Perimeter security. This trend is only seeing an increase with the changes in consumer behaviour in consumption of products and services online which creates a demand for organisations to pivot and enable digital tools and services that are secure and reliable for their customers.
IT security compliance can be looked at from a benefits angle to present the many advantages to the overall business growth, some of which are:
- Enhancing data management capabilities
- Increases goodwill in the marketplace
- Protects the business reputation
- Helps avoid hefty fines and penalties
- Provides insights that translate to operational benefits
- Enhances the company culture by adopting cutting edge tech leading to industry leadership
In today’s threat landscape, best practices in patch management is of paramount importance to prevent security incidents that create disruption in the business operations. Windows patch management strategies along with 3rd party software sustained by an ongoing patching process along with advanced email security, DNS filtering and Privileged Access Management have been key to support the traditional firewalls and antivirus tools in protecting the valuable assets of businesses. This incorporates creating an asset register, scheduled patch management planning and deployment, consistent testing and reporting, and ultimately automating the process resulting in closing vulnerabilities, sustaining a secure IT environment and freeing up skilled IT security resources to be able to deal with more progressive and critical security issues. Burns noted that a lot of people jump into building a very comprehensive security strategy while not having the patch management sorted. He compared it to designing chandeliers in the house when a solid foundation have not been built first. Patching is a core component in discussions and the state of the organisation can be quickly found out in the discovery phase around the patch.
Cyber solutions, like other technologies are also heading towards real-time predictive methods like machine learning (ML) and artificial intelligent (AI) to analyse and act with speed. Next-Gen endpoints are able to use real-time detection enabled by cloud to effectively thwart high volume, multi-stage attacks targeting endpoints with features typically include automated detection and response (ADR) and endpoint detection and response (EDR). They also include ransomware protection and behavioural analysis which enhances prevention and protection capabilities to increase efficiency, efficacy and ease of use. Autonomous endpoints that can self-heal and regenerate operating systems and configurations are the future of cybersecurity and the technological advancement is certainly trying to match pace with the disruptions.
Tags: cyber solutions, Security budget, Technology Risk Management