EDITOR ’ S QUESTION
The pandemic opened the door for multiple forms of attack as organisations ’ attack surfaces expanded far beyond office walls , to home office networks , personal devices , the cloud and third-party partners . The result is that shared corporate networks are more vulnerable than ever and can be accessed easily with only one connected device being compromised . for misconfigurations in Active Directory and the cloud and step up security based on changing conditions , behaviours or locations .
With a zero trust model , security is woven throughout the network – with users , endpoints , applications , and files on the network and in the cloud monitored and authenticated at every access point .
Now , companies need to make foundational investments to ensure long-term protection from bad actors . Shortcuts and addressing individual problems will not stand a chance against growing and evolving cyberthreats , but businesses can stay ahead of the cyberattack curve by investing and sustaining cyber solutions .
Organisations need to be able to determine what vulnerabilities exist within their entire infrastructure – both IT and OT , affecting which assets . In addition , they need to be able to prioritise the vulnerabilities that pose a real , versus theoretical risk – so those that are being actively exploited . This intelligence allows them to focus efforts on those vulnerabilities that matter and fix these first .
When we think of traditional network security , the premise is to fortify the perimeter . The aim is to prevent threats outside of the network from getting in . The downside is that , once users or bad actors clear the perimeter , they are free to move about the network , taking whatever , they find with them as they leave .
User awareness , malware detection and system backups all play a part in a hardened defence , but by far the most effective method is to establish basic cyber hygiene practices .
This requires organisations to take a holistic view of their infrastructure , identify those assets and systems that are critical to function , determine which vulnerabilities exist within these core areas that are being actively exploited and update these systems to fix those flaws first .
Going forward , the focus must also be placed on securing accounts – employees , service contractors , temporary workers , systems accounts and others – and their access to and permissions across systems . The old adage , that the best defence is an offence , stands true in cyber . The more you can prepare and harden systems , it will help reduce the business risk from cyberthreats . p
Traditional perimeter security simply isn ’ t enough to protect multiple environments against today ’ s cybercriminals . Instead , security teams need to adopt a model in which nothing – no device , person , or action – is inherently trusted .
In tandem , they need to invest in adaptive user and data risk profiles to disrupt attack paths by accounting
MAHER JADALLAH , SENIOR DIRECTOR –
MIDDLE EAST & NORTH AFRICA , TENABLE
www . intelligentcio . com INTELLIGENTCIO AFRICA 29