Intelligent CIO North America Issue 11 | Page 46

CIO OPINION is doing ‘ what ’. Authentication is a crucial process in verifying identity digitally , and the only strong authentication is one that uses several factors to identify users . If you aren ’ t using MFA , you should expect to get breached .
How have supply chain breaches proven that we are a lot more connected to each other than we might realize ?
First , organizations need modern advanced malware detection solutions . Some of the traditional ‘ antivirus ’ solutions still largely rely on reactive signatures ( patterns ) to detect malware .
Unfortunately , malware today is more sophisticated and evasive . Attackers proactively alter malware on a victim-to-victim basis to get past signature-based solutions . You need anti-malware solutions that use more proactive and automated techniques , such as behavioral analysis or Machine Learning , to catch brand new , never-before-seen malware . There are many next-gen EPP solutions for endpoints and networks that do this – make sure you are using one .
Second , detection and response are as important as prevention . No matter how great your preventative controls are , you should expect an attack to bypass them someday . Cybersecurity is a cat and mouse game , and you must do everything right , whereas an attacker only has to find one mistake .
Companies have a habit of investing the most in preventative security solutions , which makes sense as we ’ d all just prefer never to have an incident . However , the truth is even with the best preventative controls , it ’ s still a matter of when , not if ( remember , humans can make mistakes that bypass controls ).
That ’ s why my second tip is to also invest in security products designed to find and help remediate potential infections or incidents . For instance , Endpoint Detection and Response ( EDR ) solutions aren ’ t designed to prevent malware ( that ’ s what EPP does ) but instead find and clean any device that seems infected . Invest in EDR .
Finally , every company today – from the smallest to largest – should deploy multi-factor authentication across all employees , not just privileged users and administrators . Identity is the cornerstone of security . All your security policies depend on knowing ‘ who ’
When you pick a logging solution , CRM or other product in your supply chain , you probably don ’ t think that installing it inside your network may one day result in a state-sponsored attacker breaching your system . But that ’ s exactly what can happen as was recently demonstrated by the massive SolarWinds supply chain attack .
And we certainly don ’ t think about the second layer of an attack like this . FireEye was also breached due to the SolarWinds technology , which could have trickled down to FireEye customers . While it appears FireEye caught the breach early and prevented it from spreading to customers , it still highlights the risk of an inadvertent breach to a technology partner or vendor in the supply chain .
It ’ s like the digital version of the ‘ Six Degrees of Kevin Bacon ’ game . In this digital world , not only do we often use each other ’ s products and services , we often also share some of our data with the organizations we connect with . The latest supply chain attacks have clearly illustrated that our digital connections go several layers deep .
How has the threat landscape changed in the last 12 months ?
Our data shows malware decreased at a very quantitative level at the perimeter but spread to remote and home endpoints . With most users working remotely , less malware has attacked business networks and instead focused on individual users . However , despite that change , network attacks targeting software and servers have significantly increased in offices and cloud perimeters , showing that threat actors still know where our network services live and will continue attacking them .
Anecdotally , I think the SolarWinds attack will be the attack of the decade and present serious ramifications in the security industry for years to come . Supply chain attacks have been the most concerning trend in the last 12 months – one we have only partial solutions for and that will be a main focus in the information security community going forward . p
46 INTELLIGENTCIO NORTH AMERICA www . intelligentcio . com