Whether motivated by geopolitical power, personal gain, or mere curiosity, cybercriminals are currently embracing a renaissance. Like drifting bandits in the once-lawless American West, hackers are striking corporations and individuals with relative impunity. There’s no shortage of incidents to point to; the spate of Pay2Key ransomware attacks on Israeli companies at the end of 2020 by state-sanctioned Iranians hackers serves as a recent example of such activities.
What we know today is that social engineering, email phishing, unpatched firewalls, password stuffing, malware and ransomware make up the bulk of these attacks. And it goes without saying: leaked data can be costly. Today the average cost of a data breach is nearly $4 million. Larger corporations aren’t the only targets. Nearly half of all network breaches target small businesses that simply can’t afford to absorb these losses.
Unfortunately, you don’t need to hold a doctorate in Computer Science from MIT to learn how to identify and take advantage of network vulnerabilities and cause widespread damage to companies and individuals. Look at the Fortinet VPN hack, for example. With 50,000 hosts representing hundreds of thousands of compromised accounts belonging to some of the world’s largest banks, telecoms and government entities released into the Dark Web, even the weekend hacker has the intel and direction needed to cause destruction.
There’s much to be learned and applied from these hacks, however. So, while it’s unlikely we’ll be able to eliminate these incidents in their entirety, there are ways we can mitigate network breaches.
Preventing lateral movement
Lateral movement is a technique used by cybercriminals to dig deeper into a network in search of sensitive data and other valuable assets. Once they’ve gained access to a network, hackers will typically maintain ongoing access by moving through the network and obtaining increasingly elevated levels of privilege.
There are a variety of steps that, when used in conjunction with one another, can help to prevent lateral movement. Critical among these steps is implementing adaptive network access controls. “Adaptive” effectively means several things: (1) you can monitor the risk posture of connecting devices and block/allow access based on the perceived risk level; and (2) you can block/allow access to the network based on a user’s geolocation. These types of adaptive access controls, when paired with MFA — multifactor authentication — and strong password policies, can help to fortify your network.
Segmenting the network
Network segmentation is the practice of dividing up a network into smaller parts, in which only assigned people have access to different parts of the network depending on their role and responsibilities. Network segmentation effectively reduces a cybercriminal’s vantage point into your larger network.
Segmenting your network can be done broadly or granularly. In effect, you want to be able to ensure that application and resource servers do not trust one another, and that any attempt to cross between them requires MFA, adaptive access control and session monitoring. Implementing microsegmentation means looking at the context of the user or device – their role, location, application, etc. – and defining access privileges based on that holistic profile.
Where to go from here
There’s a lot to unpack here. At the end of the day, to truly mitigate network breaches requires implementing a network access control (NAC) solution that can discover, authenticate and segment users across the network, while monitoring the risk of their connected devices, remediating those devices in real-time should they fall out of compliance. By leveraging NAC, organizations can deter further exposure, potentially saving themselves millions of dollars in the process.
About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。
