Anyone who has been in IT for the last decade knows the risks posed by ransomware and cyberattacks. They have been on our radar as a top concern for many years. But there have been changes. Most notably, the prevalence of attacks, specifically on large global companies, and the growing focus on a new target, the supply chain. These two factors have raised this security issue from IT all the way to the board of directors.
The focus on big business was front and center a few months ago when Russia invaded Ukraine. At the time, news outlets reported that cyberattacks were being executed by both sides, which put concerns about its impact on everyone’s radar. Case in point: Within hours of the invasion, it was announced that Russia had installed a new data wiper malware on hundreds of machines across Ukraine.
In parallel, countries from the West demonstrated their disapproval of the conflict by issuing sanctions on Russia. At the same time, U.S. cybersecurity leaders called on companies to remain vigilant and take immediate action to improve their defenses and protect themselves against possible attacks, as Russia’s history of using advanced persistent cyberattacks was widely known.
The companies that needed to act most quickly were those with legacy infrastructure and large attack surfaces allowing lateral movement. These businesses have become the most irresistible target for attackers who either sweep the internet, scan for open ports to attack, or opt to send mass batches of phishing emails. If they penetrate the network or install malware, the door is open, and they are free to roam around on the network and extract data without anyone ever knowing they were there.
The first mistake many companies make is that they don’t consider the susceptibility of a growing attack surface. Instead, they try to protect themselves using a patchwork of solutions from multiple vendors, only to discover later that monitoring and managing these systems, keeping them updated and reacting to any issues in a timely fashion is time-consuming and expensive. It’s like putting your finger in a leaking dam.
In other words, the old way of doing things no longer works. Businesses need a better way of architecting to protect against ransomware and prevent attacks on the supply chain. They must consider different tools for securing their environments, and security service edge (SSE) is the answer.
So, what should they look for in an SSE platform?
First, remove remote access technologies that require placing a user directly on the network and replace them with technologies that give least privileged access to applications. Here the aim is to connect users to the applications and nothing more. As a result, there are no physical applications to attack, target, or exploit. No user should have a direct connection to the network. With a legacy VPN, you need to punch holes through the firewall and expose inbound ports. In today’s threat environment, you should only allow outbound connections. Make sure IPs are never exposed.
Reduce Lateral Movement
Look for a tool with least privilege access baked into its core. The reason is that you want to decouple application access from network access to eliminate any potential lateral movement on the corporate network. Make sure access is granted only on a user-to-application basis. This means that users cannot skip over any unauthorized applications by mistake. You also want to ensure that administrators can establish granular access to all user types with simple and scalable access policies. Additionally, the tool should allow you to configure least privilege connectivity between server-to-server communication. Administrators should be able to ensure that servers only connect to authorized locations, creating segmentation protection for any ransomware threats.
Prevent Data Loss
Look for a tool that has smart DLP capabilities, so you can easily control what actions users can and can’t take across all types of traffic. Administrators should be able to restrict or allow downloads, uploads, or access to certain files for all traffic within a single DLP policy, creating holistic data loss prevention. Administrators should also be empowered with a single data lake for insight across the whole platform. So whether a user is accessing an internal application or a SaaS application, administrators have visibility into malicious activity and can see precisely what they did in a session.
Bad actors succeed because they are committed to employing new methods and setting sites on new targets. The software supply chain is one of the latest examples of this and businesses cannot hope to thwart these efforts using a mashup of traditional network security appliances. This is why SSE is essential. SSE gives employees access to the applications they need without connecting them to the corporate network or putting applications or IT infrastructure at risk, ultimately giving the board of directors the peace of mind they seek.