It is an uncertain and troubling time in the world. Geopolitical conflict has enveloped Eastern Europe, but the frontlines are not limited to this region. Cyberattacks can quickly cross international borders. nation states, as well as hacktivists, could adopt cyber warfare as a tactic to expand the battlefield, everywhere. This is a sensitive topic, and it’s important to remain vigilant in times like these and review your security best practices in preparation for any major escalation of these attacks.
It is said that unintended consequences are among the only certainties in wartime. A discussion of cybersecurity is appropriate given the speed and global reach of these events. Your organization’s best defense is to proactively plan and implement security best practices. Taking the time to review your cybersecurity posture limits the potential for unintended consequences.
Security Best Practices
The threat environment is of such concern that the Department of Homeland Security (CISA) has advised organizations of all sizes to put their “shields.” You don’t have to be a government agency to (hope for the best…but) prepare for the worst. Just start with the basics. Cybersecurity is more accessible when it is broken down into three essential concepts:
Practice good computer hygiene
Remember the Colonial Pipeline hack? It happened due to poor computer hygiene, which is catch-all terminology for improperly configuring and managing all of your user accounts, applications, and devices throughout their lifecycle. The pipeline attack was not an example of master espionage: it occurred because users’ old credentials were unmanaged and had access to resources that allowed attackers to turn to more important things. Advice: do not do like them, follow Zero Trust Security in place.
Zero Trust Security is a concept that trust nothing and verify everythingwhich essentially stipulates that for all for users to be authenticated and authorized to access resources, they must be continually challenged inside and outside your organization. For example, the old security paradigm was “Ben trusts Katie, and Katie trusts Tyrone, so Ben trusts Tyrone”. This is no longer satisfactory given the scale and pervasiveness of today’s cyber threats. (Read more…)