Singapore’s Prime Minister Lee Hsien Loong convened a committee in March 2019 to review data security practices in government after a spate of data leaks. Regardless of how the individual leaks occurred, they point to the need for a higher level of security protection.
Threat actors are getting more sophisticated – sometimes originating from well-organised groups with strong financial backings or even state-sponsored actors. As the number and magnitude of these attacks grow, it seems like hacking risks are outpacing security measures.
There are easy steps governments and businesses can take to strengthen their security against these threats, however. These three steps will help your organisations mitigate the risks from vendors and human error.
‘Only as secure as their least secure third-party vendor’
Vendors present potential threats. Contractors, business partners and links across the supply chain are all entry points that can be breached. Organisations are only as secure as their least secure third party vendor.
A recent CyberArk report said unmanaged, unsecured third-party and remote vendor access remain a significant security risk. More than half of all survey respondents reported that they give third-party vendors remote access to their internal networks. Of this group, 23 percent fail to monitor remote vendor activity.
It is not enough for organisations to have security controls in their own environments, they need to make sure vendors are taking cybersecurity seriously as well. But third-party risk management is typically difficult because it only provides a snapshot in time. A better practice would be to isolate third parties from direct access to corporate networks and systems to reduce the risks.
IT security should also be wary of the seemingly trusted credentials used by third parties to go into the network. If these entry points are not watched closely, they could very well provide easy access for malicious actors.
Users, the first line of defence
Technology is only as good as how we use it, and users are the first line of defence.
The Singhealth data breach in July 2018 was an external attack by threat actors to steal data. Attackers actively target highly authorised users. They are looking for individuals or accounts which can open the doors to the rest of the organisation, and the valuable data held by them.
Employees are commonly targeted through the use of phishing emails. As attackers become more sophisticated, their strategy also becomes more targeted, making it harder for the lay user to detect them.
For the well-intentioned insiders, awareness and training are two ways to mitigate this risk. All employees should be educated to understand the risks, and to be aware of organisational policies surrounding the. At the same time, leaders need to engage with their security teams to ensure that they have the correct measures, such as secure WiFi networks and password rotation, in place to protect themselves.
Privileged access management (PAM)
Where cybersecurity is concerned, it is not a question of if it will happen, but when it will happen. Privileged Access Management can help to restrict access quickly when an attack happens, while making sure other users are able to continue as usual.
In a cyber attack, locking down credentials and endpoints is a crucial step. But these accounts need to first be identified and prioritised. Given its added vulnerability, access should also require additional steps like 2FA authentication, or limiting the amount of time where it can be accessed.
Organisations need to make cybersecurity a priority, and ensure they have the correct measures in place to protect themselves. These include the ability to shut down attacks, report back on attacks faced, and analysing the impact on users and data.
While it may not be possible to prevent every cyber attack, it is possible to reduce its risks and impact to the minimum.
Teck Wee Lim is the ASEAN regional director from CyberArk.