Photo: scyther5, iStockimages.com
The cyber world was already becoming an increasingly dangerous place before the current epidemic, and we are now seeing the immense scalability of our cyber adversaries. They have ramped up their efforts to target sensitive data and critical infrastructure (mining included) to disrupt economies and steal intellectual property. And at the same time, cybercriminals – fuelled by a desire for proﬁt and bragging rights – have also launched ever-more sophisticated attacks on businesses and governments, many of which generate high-profile headlines while further lining the pockets of cybercriminal organizations.
And the current pandemic has raised the stakes even further. Remote work has surged, putting pressure on IT teams as cybercriminals target an expanded attack surface and novice remote workers, increasing the risk that a COVID-19 related phishing email or unpatched solution on a home laptop could open the door to a serious data breach.
But even when the COVID-19 cyber threat subsides, the attack surface for businesses will continue to expand. The rise of Internet of Things (IoT), cloud applications and platforms, and the ongoing convergence of operational and information technology (OT/IT) are not only introducing new efficiencies and paving the way for digital innovation. They have also opened up a host of new attack vectors that cybercriminals will continue to be all too willing to exploit – in part because, unfortunately, far too many organizations are failing to adequately secure them.
And these are just the “known knowns” – the risks that we are already aware of. By now, most companies are aware of most of the garden-variety cyberattacks that can affect their core networks. While some can be quite serious, many others are little more than a nuisance that can be stopped with the right effort and technology. But the potential havoc those same attacks can have on the newly extended network, including the growing web of interconnected devices running ever-faster networks, is much higher. In those circumstances, these threats can have far more serious implications for business uptime and the ability for organizations to adequately serve their customers. And if there is one thing we can count on in today’s rapidly evolving cyber environment – it is that as we continue to innovate, so too do our attackers.
It should come as no surprise, then, that 84% of chief information security officers feel that the risk of cyberattacks will continue to escalate for the foreseeable future, according to research by Forbes Insights in association with Fortinet. More worrisome, 21% of them also believe that cybercriminals possess abilities that are outpacing their own organization’s ability to defend itself.
Switching the odds
Clearly, these threats aren’t going away anytime soon. That’s why it’s critical for organizations to step up their game when it comes to playing defense. Most organizations fail to realize that with the superior resources they have available, they can actually switch the odds in their favour. Cybercriminals are coin-operated, and if it simply becomes too expensive and time-consuming to take down a target, they will move on. It all comes down to three things: making sure your employees are trained and ready to do their part; structuring networks in a way that minimizes risk; and eliminating the holes that inevitably open up when rapidly building out new network environments while relying on a patchwork of aging security solutions that aren’t equipped to interoperate with today’s dynamic networks or meet today’s evolving threats.
1. The simple things matter
To achieve the upper hand in this raging cyberwar, there are four essential steps every mining company should take to prepare for any cyberattack in order to protect their digital assets.
The simple things matter now more than ever. In a world where remote work is now the norm, to maintain security it’s critical that employees understand and follow all existing policies and procedures. Remind them that things like virtual private networks (VPNs) and multifactor authentication (MFA), for example, are crucial to keeping the company safe and protecting their electronic devices. At the same time, a good patch management system combined with application control capabilities are critical, especially now as so many devices are roaming outside normal organization safeguards.
It’s also worth remembering that email is far and away the biggest weak spot in any organization. The impact of a worker who opens a well-worded but malicious email attachment is hard to overestimate. Which is a reminder that if you haven’t already done so, make sure to fortify or upgrade your secure email gateway solution. But don’t leave cybersecurity in the hands of IT alone. Also train your people to be cautious. Everyone has a role to play – and cultivating a culture that practices good cyber hygiene is important.
For that reason, get in the habit of sending communications to employees reminding them about basic cyber-hygiene best practices, and updating them on the latest threats or social engineering scams that may appear in their inboxes along with what to do if they see one.
2. Segment the network
When it comes to security, “open concept seating” built around inherent trust and flat networks that enable free access to networked resources are not a good thing. Instead, critical assets should be divided into well-protected domains, or segmented to ensure that devices, assets, and data that are constantly moving into and out of the network are dynamically allocated to the appropriate segment and even very specific based on policy and a need-to-use basis. This helps lower the potential impact of an attack, ensuring that compromised systems will be automatically limited to a certain security zone. It can also help to better wall off sensitive customer and intellectual property data.
This is especially critical in environments where OT and IT overlap. OT networks should implement segmentation and zero-trust network access to ensure that newly connected IoT devices and IT-enabled devices and services are automatically isolated from sensitive OT devices, and that management and communications protocols are isolated from device and user interfaces by default. Strict access controls, role-based access, and only providing the minimum amount of privilege and access required for a device or user to do their job, all combined with strict monitoring, ensure that rogue devices and malicious malware and users have no ability to disrupt the business or destroy or steal critical resources.
3. Aim for communication redundancy
Miners are very familiar with the risk and opportunity that comes with equipping and serving highly connected, remote teams. For this reason, the networks that support remote mining teams are at especially high risk in the event of an attack. Ensure that failover plans are in place to ensure smooth and consistent communications in the event of sudden failure.
Also consider a modern Secure Software Defined WAN (SD-WAN) solution to make it possible for organizations to change communication paths on-the-fly based on a variety of factors, such as sudden bandwidth constraints or dropped packets. This way, the risk of losing the ability to transmit information, even in the wake of an attack, is low.
4. Seek automation
At a time when we most need skilled cyber defenders, they’re in increasingly short supply. Canada is facing a critical cybersecurity skills shortage, with a best estimate of at least 8,000 jobs expected to be unfilled by the end of the year. Between this lack of security talent afflicting Canada and an aging mining workforce, skilled cybersecurity professionals are hard to find. Even those who are now on the job are finding themselves having to juggle the impact of COVID-19, leaving even less bandwidth to handle the unexpected or engage in higher order strategies to identify and close any existing security gaps created by the recent rapid transition to a remote workforce.
One way to address this challenge is to take advantage of the artificial intelligence and machine learning being built into many security solutions. With it, companies can better defend against cyber threats, enabling them to analyze, spot, and address security issues and cyber events designed to evade detection far faster than traditional manual methods. Even better, AI can also study attacks and watch for patterns, which help users predict future attacks and enable their organizations to erect better defenses.
For years, many organizations have continued to rely on the same failed strategies or outdated technologies to secure their networked environments, even in the midst of rapid and expansive digital innovation that is transforming every other element of their networks. The risks of continuing down this path of continued reliance on increasingly less effective security solutions and strategies are higher than ever.
For better or worse, the current situation is revealing to organizations where they stand from a cybersecurity perspective. Those who have failed to keep pace with cyber threats are well advised to act now. It was risky to wait this long. Delaying much further could have dire consequences.
Graham Bushkes is country manager for Fortinet Canada.