teissTalk: Eliminating blind spots within your cyber security environment

On27 June, teissTalk host Tom Langford was joined by Dr Edewede Oriwoh, Group IT Information and Cyber Security Manager, Zigup Plc; Lessie Skiba, Global Director of Outreach and Partner Engagement, Cyber Readiness Institute; and Mark Jow, EMEA Tech Lead & Evangelist, Gigamon.

 

Views on news

The cause of the data leaks appears not to be a vulnerability but the use of stolen credentials and poor controls on multifactor authentication (MFA), according to a June 10 analysis by incident-response firm Mandiant. To reduce data leaks, organizations should put access control lists (ACLs) in place, restricting where users can access a cloud service.

 

While cloud-service providers like to emphasize that security is a shared responsibility model, the responsibility almost always falls onto the customer. Yet, cloud providers often prioritize usability over security, so companies should not rely on their providers’ defaults. Although for security professionals, MFA is a fundamental security control, many companies haven’t implemented it or don’t even know about it. Often, the problem is that MFA is not set to a default.

 

MFA is obviously not a silver bullet but an important factor in a layered approach to security. Also, smartphones, which play a key role in MFA are vulnerable to cloning. Just because your company doesn’t use Snowflake, a cloud service provider with security issues, one of your partners or suppliers may, which can open a backdoor to your system. The workforce must be educated about how to use AI, especially GenAI tools, securely. 

 

The importance of access and identity management

There are single-platform solutions that stretch visibility across the whole hybrid cloud estate, which can help route traffic to the security tools that the business has invested in, enabling cyber security professionals to identify traffic that comes from application protocols or websites that are not secure. However, log files of these apps can now be altered by bad actors to mask their activities. Therefore, you have to augment the metric and log data with immutable packet data.  

 

Work with your 3rd parties to improve your license management by cleaning up accounts and consolidating licenses.  Blind spots usually result from different teams working in isolation (devop, network, security, application developers). Democratising access to the same network data and same network insights can enable the elimination of these silos. New solutions can save costs for companies by reducing the amount of traffic that these tools get and thus make SOC teams more efficient too.

 

UK companies should also think about seating boards with people who understand cyber security and cyber risk and who will also have a better understanding of what investment in cyber security should be made to keep the company safe. Budgets are not the only constraints for SMEs but so is time. To reduce the number of accounts you must deal with, first, close the accounts that aren’t being used.

 

There is a false perception among the C-suite that encrypted traffic is safe. However, encryption may just protect malicious packets. If technology designed to keep us safe is not checked, it can in fact increase cyber risk. You should believe everything is insecure until proven otherwise – or, even better, always assume a breach. 

 

The panel’s advice

• You may want to consider refraining from using a platform that doesn’t require at least 2FA.
• Just because Microsoft and Amazon are trusted brands, don’t make the assumption that you can trust them blindly when it comes to cloud security.
• Security awareness is the foundation for any cyber security effort – which you can build policy and enforcement on.
• Threat intelligence and attack surface management are key components of security that companies regardless of their size can and should adopt.
• Discourage employees from signing up for free SaaS platforms without approval, as well as from installing ad hoc processes.
• Don’t let security be done in pockets, all efforts should be visible and coordinated.
• Post-incident reviews should include suggestions for improvement too.
• Cyber risk is not decreasing, we just see less of it.