SoftwareONE Holding AG

11/29/2021 | Press release | Distributed by Public on 11/29/2021 08:26

Protecting Enterprise Networks from Threats

As more companies move to the cloud, network security is imperative to mitigating their risk of a data breach. According to CheckPoint's Cyber Security Report 2021, threat actors have recently started focusing on exploiting vulnerabilities in perimeter and remote access devices like IBM WebSphere Application Server, Oracle WebLogic, Microsoft Remote Desktop Gateway, Citrix NetScaler Gateway, and others. Their motivation? Once they gain access to these applications, they've gained access to your larger network.

By gaining access to networks, threat actors can gain the foothold necessary to perpetuate attacks across multiple systems. And no organization is too small for threat actors. In fact, the 2021 NetDiligence Cyber Claims Study reported that 98% of claims made in 2019 were from small-to-medium-sized enterprises with less than $2 billion in annual revenue.

The best way to start protecting your enterprise network from cybersecurity threats is to understand the threats in today's landscape, and then create a plan to confront them. Let's take a closer look.

4 Common Enterprise Cybersecurity Risks & How to Thwart Them

There are four cybersecurity risks that every enterprise should be aware of. Namely, they need to ensure employees are using strong passwords, minimize the number of inactive accounts, devices and software, avoid using software that's passed End of Support, and shore up their approach to firewalls and antivirus. Keep reading to examine each risk in more detail.

1. Password Security

While password security might seem like a basic concept, it is fundamental in protecting networks from unauthorized access. For example, according to the 2021 Data Breach Investigations Report, stolen credentials can be linked back to 81 percent of breaches. As on-premises and remote users often need logins to use basic business software, password security is essential to smooth business operations.

To mitigate this risk, organizations need to establish and enforce strong password policies. The password policy should require:

  • Unique password for each application
  • A minimum of 10-14 characters, including uppercase letters, lowercase letters, numbers, and special characters
  • Regular password changing

As a way to help enforce the password policy, organizations might want to consider providing users with a password management tool.

Additionally, enforcing multi-factor authentication (MFA) can also enhance password security. MFA requires users to incorporate at least two of the following authentication methods:

  • Something they know (a password)
  • Something they are (a biometric like fingerprint or face ID)
  • Something they have (a smartphone or token)

MFA makes it more difficult for threat actors to gain access to a network because the biometrics and objects are unique to the user, preventing remote threat actors from accessing the account.

Inactive accounts are accounts for users who are either away from work for an extended period of time, or those who have left the organization but their account has not been deleted. Keeping track of these accounts and removing them when no longer necessary will reduce the attack surface against your organization.

2. Inactive Devices and Software

With remote access now driving business operations, devices, and applications that use the network become access points that threat actors can manipulate during attacks. Inactive devices, software, and user accounts are often unmonitored, meaning that threat actors can use them without being detected.

For example, when a leading credit rating agency experienced a data breach, threat actors used a device that had been inactive for nineteen months. When the company updated the security certificate, they noticed abnormal traffic, indicating a compromise.

To mitigate the risk that threat actors will use a "zombie" device, account, or software, organizations should:

  • Identify all devices connecting to the network
  • Identify all users connecting to the network
  • Identify all software transmitting and receiving data across the network
  • Disable any inactive devices, software licenses, or user accounts

Many organizations use a network scanner to detect devices and software accessing the network. Additionally, reviewing user accounts for workforce members who recently terminated their employment is another way to limit network access risks.

3. End of Life or End of Support Software

Another primary network security vulnerability comes from old and outdated software. When software companies no longer provide support, it means that they no longer supply security updates. In other words, if security researchers or threat actors find a new vulnerability in old software, the company no longer releases a security patch to mitigate risk.

To mitigate the risk that threat actors will leverage known vulnerabilities in End of Life (EoL) or End of Support (EoS) software, organizations should:

  • Regularly install security updates
  • Remain aware of software vendor EoL/EoS notifications
  • Detect and review all software instances and provide a risk assessment

4. Poor Firewall & Antimalware Practices

Firewall configurations can be both a security control and a weakness. Appropriately, configured firewalls only allow approved connections to an organization's network. Organizations usually use allow and deny rules which approve trusted IP addresses and deny all others. Since every device or source has its own IP address, firewall rules and configurations mitigate risk by denying access to unknown devices or sources.

Misconfigured firewalls, however, can let in unknown devices or sources. For example, one US city experienced a data breach because threat actors were able to scan the network for firewall misconfigurations that allowed them to deliver ransomware using an unknown, untrusted device. To mitigate this network risk, organizations should look for solutions like:

  • Endpoint detection and response (EDR): Improve visibility by detecting all devices connected to the network and recording their activity.
  • Extended Detection and Response (XDR): XDR goes beyond EDR and applies integrated analytics, machine learning, and threat intelligence across security data like endpoints, email inboxes, server workloads, and network security layers for advanced threat detection and response.

While EDR offers a starting point, XDR is ultimately a more robust approach to mitigating endpoint security risks. However, many organizations struggle to manage these solutions on their own.

Managed Detection and Response (MDR) offers a service solution that small and mid-sized organizations can use to enhance their security posture. With MDR, organizations can gain the benefits of XDR while outsourcing the services to reduce the burden placed on internal teams. MDR services incorporate the following:

  • Email security: Reduce phishing risk by gaining visibility into potentially compromised endpoints.
  • EDR: Leverage telemetry and activity data to detect suspicious behavior while leveraging context.
  • Network security: Gain visibility into unmanaged devices, legacy technologies, Internet of Things (IoT) devices, and Industrial IoT (IIoT) devices to detect activity using network analysis tools. Network Intrusion Prevention tools will automatically block malicious traffic, thereby stopping an attack in its tracks.
  • Cloud/Server workloads: Detect and contain risks early on in the attack lifecycle with visibility into a potential lateral movement across systems.

Get a Helping Hand in a Complex Cybersecurity Environment

Our Managed Detection and Response (MDR) services are the best way to reinforce your network security. No matter what your needs are, our experts are here to help you find solutions.

Learn More

Final Thoughts

Network security is increasingly complex, especially with remote users accessing the network. Securing networks requires full visibility into all the different access points that threat actors can use. This makes it challenging for many organizations to manage network security on their own.

However, securing your network doesn't need to be a headache. Managed Detection and Response (MDR) Services allow organizations to access cutting-edge technology solutions as well as the expertise of seasoned network security experts, without needing a full staff devoted to security. As organizations of every size continue to look for a cost-effective security solution, MDR provides them a way to mature their security without having to do all the work internally.

  • Cybersecurity, Cybersecurity User Awareness, Managed Security
  • Cyber Security, Security

Comment on this article

Leave a comment to let us know what you think about this topic!

Leave a comment

Comments

Write a comment

Your name
Your e-Mail address
Send

Author

Bala Sethunathan

Director, Security Practice & CISO

Cybersecurity

Related Articles

Is Your Nonprofit Organization Headed for a Data Breach?

Many NPOs lack the time and resources to adequately protect their data against the threat of a data breach. Learn how to know if you're headed for a breach.

  • 22 November 2021
  • Bala Sethunathan
  • Cybersecurity, Cybersecurity User Awareness
  • Endpoint Security

What Are the Key Challenges of Endpoint Security?

Understanding the key endpoint security challenges and how to mitigate risk can help organizations enhance their overall security posture. Read more.

  • 15 November 2021
  • Bala Sethunathan
  • Cybersecurity, Cybersecurity User Awareness, Cyber Threat Bulletin
  • Ransomware, Cyber Security, Healthcare, Security

Cyber Security Update October 2021

Healthcare organizations are constantly under attack from hackers. What are the reasons and how can these businesses improve their cybersecurity?