Advice from the Trenches of Today’s Cyberwar
Make no mistake; your company is under siege whether you know it or not. And it’s unlike any other conflict in that the enemy is nearly invisible but potentially lethal to the health of your business and the strength of our economy. This scenario may sound hyperbolic, but it’s based on fact. Cyberthreats are at an all-time high. Scanning daily headlines offers proof of that.
Cybercriminals have become increasingly creative in how they’re infiltrating organizations. Just a few examples include:
- Exploiting the pandemic-driven explosion in mobile devices to gain entry into your corporate network
- Tricking unwitting users with phishing scams to unleash disabling malware or ransomware into your environment
- Double-crossing victims with back-to-back ransoms – first to restore data access and then not to divulge it
- Targeting third parties in the software supply chain to get to your systems or data
- Innovating with deepfakes and quantum threats (More on that here: The threats of tomorrow that you should be thinking about today)
If that’s not enough, cybercriminals are becoming more organized; you’re no longer protecting against a lone hacker but well-organized crime syndicates and nation-states. Whispers of governments backing cyberattacks are not new, but now it’s almost routine to see advisories from the Cybersecurity and Infrastructure Security Agency (CISA) about state-sponsored cyber-attacks from Russia or North Korea.
While the cybersecurity challenge is daunting, it’s not hopeless. The white hats are riding to the rescue with countermeasures that can and should be deployed in concert to mount the best defense.
UPSTACK technology advisors and cybersecurity specialists Frank Ferdowsian and Trish Van de Bovenkamp recently shared insights about the current state of security and how to protect yourself with the help of an expert security team and a strong security stack. Here’s an excerpt from that interview.
Why is cybersecurity a greater concern to businesses than ever before?
Van de Bovenkamp: What we’re seeing today that we’ve not seen in years past is a focus on the geopolitical situation. We had not imagined nation-state attacks. But the enterprise community now recognizes that they’re not necessarily protecting against a lone hacker but potentially a nation-state with extensive capabilities or even civil unrest that impacts the data center where their digital assets reside.
It’s forced us to realize that cybersecurity and physical security around a data center are essential. This concept of “converged security” is becoming very important for protecting our digital assets.
The other concern we’re seeing, beyond a big focus on endpoint protection, is third-party software supply chain risk. The biggest, most pervasive hacks recently originated with trusted software managed by a third party. All of this brings us to the notion of Zero Trust. Trust no one and nothing.
So, what can businesses do to protect themselves?
Van de Bovenkamp: Cybersecurity is about protecting your data. So, you must know where your data is. And you must continuously verify, assess, control and recover.
- Verify all data and network access requests and test your access controls.
- Assess your risk. That’s one way that UPSTACK advisors can be of great value – helping businesses assess where they might be at risk and how to mitigate that risk.
- Exercise control by deploying a solid cybersecurity tech stack. However, you must also train people to recognize what might be dangerous through Security Awareness Training.
- Plan for recovery when a breach inevitably happens. That won’t happen overnight. Training and tabletop exercises for “if-then” scenarios must be done consistently.
Executing on a consistent basis is critical so UPSTACK advisors help our clients by filling the gaps in their security stack and instituting a regimen for good cybersecurity hygiene. We practice, we test, we assess, we control, and we recover.
What solutions make up a modern cybersecurity tech stack?
Ferdowsian: I look at the security stack in three buckets:
Bucket 1 – Tools to stop threats from getting in, such as:
- Next-generation firewall with Unified Threat Management (UTM)
- Next-generation Secure Access Service Edge (SASE)
- Network traffic segmentation
- Privileged Access Management (PAM)
- Identity Access Management (IAM)
- Multifactor Authentication (MFA)
- Intrusion Detection Systems/Intrusion Prevention Systems (IDS/IPS)
- Security Awareness Training (SAT) to train users
Bucket 2 – Tools to limit the damage when threats get in, such as:
- Next-generation Antivirus (NGAV)
- Data Loss Prevention (DLP)
- Mobile Device Management (MDM) to prevent data loss if devices are lost or stolen
Bucket 3 – Tools for recovery after threats happen, such as:
- Forensic incident response team to engage quickly and detect and remediate
- Air-gapped data backup
- Solid playbooks so everyone knows what to do in a breach
You also need to have threat intelligence from national security groups to screen and block the most current threats. Finally, I advise clients to implement a tool like a Security Incident Event Management (SIEM) system, which leverages AI and machine learning to analyze all the data from all the tools, correlate it, and inspect it for anomalies.
Why do you need a tech stack just for cybersecurity?
Ferdowsian: Adding layers of protection makes it harder for cybercriminals to breach your network and get to your data. It’s the same approach you might take for deploying physical security at your home. For example:
- You might put signs in your yard advertising your security system so criminals will be discouraged and look for an easier target
- Lighting, cameras and a barking dog also can dissuade bad actors
- Motion sensors and alarms will alert you to a breach
- Once inside, the criminal may encounter a locked safe, said dog, or an armed homeowner
With all of these layers, can companies deploy and manage cybersecurity on their own?
Van de Bovenkamp: The reality is that most organizations cannot have all this expertise in-house, especially with the current security talent shortage. There are innumerable threats, so it’s challenging to keep up, and it’s ongoing. You need qualified people and process 24/7.
Ferdowsian: If our clients don’t have the staff, we look for a provider that can deliver cybersecurity as a managed service or source providers who can oversee 24/7 SIEM.
The reality is that most IT teams are overworked. If they need help with cybersecurity, we will provide guidance and best practices to achieve the level of security they want. We help many of our clients choose managed security services so their IT teams can simply provide oversight while they work on other revenue-generating projects.
How can UPSTACK help companies navigate cybersecurity?
Ferdowsian: While some vendors choose to prey on a customer’s fear, uncertainty and doubt, we do not. And it turns out we don’t have to; customers tell us what’s keeping them up at night. Our job is to validate whether those pain points are real issues and then solve for the ones that are. UPSTACK Advisors:
- Start with a comprehensive assessment to understand what’s in place
- Build policies that match where they want to go, which may include compliance with rules like HIPAA, PCI, Hi-Trust and others
- Mute the noise of hundreds of security vendors to develop a plan and execute
- Identify the right solutions to address the customers’ requirements
- Facilitate procurement, deployment and validation of the tools
Van de Bovenkamp: Right now, the endpoint is a prime target, but the data itself is what cybercriminals want. We help you put your data in a better place.
UPSTACK has access to a full complement of security solution providers, data center infrastructure, and public and private cloud providers to protect our clients’ digital assets.
However, these are just some of the weapons in our arsenal against cybercrime. We also arm our clients with information by assessing gaps in their defenses, providing training and conducting exercises to ensure they’re prepared to respond to threats effectively and recover from breaches quickly for end-to-end cyber resilience.
Partner & Managing Director
Frank Ferdowsian’s expert ability to advise clients comes from over two decades of experience in the technology industry. He works diligently to help… Learn more
|Trish Van de Bovenkamp
Partner & Managing Director
Trish Van de Bovenkamp brings more than 30 years of experience in telecom and IT to provide business clients with expertly customized solutions… Learn more