Fortinet Field CISOs Courtney Radke, Jonathan Nguyen-Duy, Jim Richberg, Renee Tarun, and Rick Peters offer actionable insights for establishing cybersecurity best practices around cloud security and Zero Trust within their respective industries.
Courtney Radke, Fortinet Field CISO
“Omnichannel retail experiences have enabled retailers to expand to new demographics and open up new revenue streams. However, despite these new initiatives, the retail industry has seen an erosion in customer trust and confidence in recent years to the point that less than 20% of consumers actually trust that retailers are properly protecting their data, and only 11% believe that retailers are able to effectively manage a data breach. Because of this, maintaining a strong perimeter has been the key to success. Today, retailers need to maintain a proactive security policy that incorporates a Zero Trust model that protects customers from unnecessary risk while also allowing for expedited response and communication in the event an incident occurs.”
“Cloud security and the challenges that come with it are at a reflection point. Retailers must review their deployed solutions and determine if the technologies align with their overall security maturity. With new cloud workloads and an increased reliance on mobile apps, data proliferation is a growing concern. Retailers building out their cloud strategies need to protect their cloud workloads and create a defense in depth (DiD) approach that includes elements like SD-WAN solutions, cloud workload protections, and Cloud Access Security Brokers (CASB) solutions.”
Jonathan Nguyen-Duy, Vice President, Global Field CISO Team
“Healthcare organizations need to be able to identify new types of users. On average, there are at least 15 devices connected to any hospital bed in the United States today. Because of this, there is a variety of both people and devices collecting, generating, and curating data across organizations to help execute data-driven decision-making. This, in turn, creates challenges around how organizations catalog and identify all people, devices, and applications in their networks.
This is where Zero Trust Access (ZTA) comes in. ZTA, at its core, is all about identity and access management, which is why it provides value for healthcare organizations. In many ways, Zero Trust arose from network segmentation’s limitations. Although it is intuitively elegant, over-segmentation impedes business operations, while under-segmentation lacks the security needed to prevent compromises and the lateral movement of threat actors. The key to segmentation across hybrid and distributed ecosystems is understanding all role-based access controls and segmenting accordingly.”
Jim Richburg, Fortinet Field CISO
“For those working to establish cybersecurity best practices in the public sector, ZTA should be a top consideration. Zero Trust is an operating principle with a philosophy, not a network architecture. It describes an approach for defense and depth: Don’t trust by default, always verify your request for access, authenticate users and devices, grant the least privilege necessary to the task at hand, and log – and potentially inspect – all network traffic. And while it can be beneficial, full Zero Trust implementation requires hardware, software, and business process changes, making it a daunting – and fairly difficult – approach for security teams. But at its core, Zero Trust is a risk management philosophy, and managing risk doesn’t require perfection. That’s why a more reasonable interim goal should focus on intent-based segmentation, defining users’ access based on business needs. Intent can also be defined in a static fashion by creating internal network segmentations corresponding to organization or business rules for sets of users.”
“Cloud technology also offers the public sector several key benefits: resilience, efficiency, smarter spending, security, and service availability. But despite these benefits, the public sector still lags behind the private sector in terms of the pace and progress of its implementation of cloud services and technology. And this isn’t due to the public sector being a technological laggard by desire. It’s simply due to the nature of procurement, the kinds of policy wickets they have, and the protracted budgeting cycle – they just can’t move as fast as the private sector can. With this in mind, the public sector should embrace technologies like artificial intelligence (AI) and machine learning (ML) to mature its security posture without overwhelming IT services teams. Additionally, unified platforms provide visibility, control, and management and enable automation across a broad suite of capabilities for any cloud environment.”
Renee Tarun, Fortinet Field CISO
“Higher education’s culture is built on knowledge and information sharing, often running counter to IT security principles. Adopting a Zero Trust approach to network access ensures that IT network administrators can manage the growth of unsecured and unknown devices. It gives visibility into who and what is accessing networks, simultaneously limiting access to the resources according to the principle of least privilege. IT teams can also implement network access controls (NAC) to see every device and user that joins the network, enhancing network control by limiting network access and automating event response times from days to seconds.”
“Many institutions have increased their use of cloud technology, especially SaaS applications, to deliver their online learning platforms. Cloud security must monitor Integrated security solutions to enforce uniform security policies across both traditional and SaaS applications so they can continuously monitor web application firewalls, secure web service APIs, and front-end applications. They should ensure that any solutions integrate with the major cloud providers, run on a security tool suite that covers the entire attack surface, and provide centralized management of security with automation and workflows.”
Rick Peters, Fortinet Field CISO
“Securing operational technology (OT) starts by enforcing the “never trust, always verify” model, which means protection at every wired and wireless node to ensure that all endpoint devices are validated. With the dynamics today introduced by exponential growth and enabled sensors for OT systems, Zero Trust is crucial to defending the cyber-physical. It’s also important to practice the principle of least privilege across both internal and external communications. By providing only the minimally required access and creating an internal segmentation firewall at multiple points within the networks, OT leaders are afforded extra layers of enterprise protection from an array of attack vectors. In this manner, the network visibility is achieved along with least privileged enforcement, helping to prevent vertical or horizontal movement within the target environment.”
“Organizations today are embedded with operational processes and are digitizing their environments using sensor technology and connecting with cloud-based applications – and OT is no different. Amid this adoption of cloud services, however, comes the challenge of the broadening attack surface. Threats within the OT sector are now going beyond network and application attacks to target vulnerabilities caused by misuse or misconfiguration of the cloud infrastructure. To address the intersection of these challenges, IT support teams need a solution that offers advanced security and can detect suspicious activity across any and all cloud environments. This cloud security solution must also enable a containment and mitigation strategy to ensure safe and continuous operations. Overall, the chosen security service must provide fluid and dynamic transparency that delivers operational efficiency as well as continuous trust across the cloud.”
Renee Tarun, Fortinet Field CISO
“Financial institutions are continually expanding their digital innovation tactics with SaaS-based tools, Voice over Internet Protocol (VoIP) video services, and wireless access points while also increasing the types and number of devices on their networks. Because of this, they must adopt the Zero Trust approach to network access to ensure they know who and what is accessing their networks. Using a network access control (NAC) provides network visibility that allows IT teams to see every device and user that joins the network. In addition, they can implement Single Sign-On (SSO) or multi-factor authentication (MFA) solutions for an additional layer of protection, thereby ensuring users only have the least amount of access necessary to do their jobs.”
“Organizations within the financial services sector are becoming increasingly reliant on cloud-based infrastructures. This likely comes down to two key reasons: The pay-as-you-go infrastructure is easy to justify, at least upfront, and the operational agility that comes with ramping up capacity at a moment’s notice or shutting off unnecessary features on-demand is extremely beneficial. However, financial services institutions are faced with constant attacks and intrusion attempts. As digital transformation initiatives expand the attack surface, the security teams need that network visibility and control to keep the breaches at bay, achieve cost savings, and gain operational efficiencies. This is only made more complicated by the need for compliance. With this in mind, these institutions need a cloud security solution that can monitor all activity and integrate with other solutions to enforce uniform security policies across both traditional and SaaS-based applications. They need to deploy web application firewalls that secure the web service APIs and the front-end web applications from threats. To lower the total cost of ownership, they should look for solutions that natively integrate with major cloud providers, include a broad suite of security tools, and provide centralized management, including automation, workflows, and intelligence sharing.”
Most cyberattacks involve criminals exploiting some sort of cybersecurity weakness.
That weakness could be down to a poorly chosen password, a user who falls for a fake login link, or an attachment that someone opened without thinking.
However, in the field of computer security, the word exploit has a specific meaning: an exploit is a way of abusing a software bug to bypass one or more security protections that are in place.
Software bugs that can be exploited in this way are known as vulnerabilities, for obvious reasons, and can take many forms.
For example, a home router might have a password page with a secret “backdoor code” that a crook can use to login, even if you deliberately set the official password to something unique.
Or a software product might have a bug that causes it to crash if you feed it unexpected input such as a super-long username or an unusually-sized image – and not all software bugs of this sort can be detected and handled safely by the operating system.
Some software crashes can be orchestrated and controlled so that they do something dangerous, before the operating system can intervene and protect you.
When attackers outside your network exploit a vulnerability of this sort, they often do so by tricking one of the applications you are using, such as your browser or word processor, into running a program or program fragment that was sent in from outside.
By using what’s called a Remote Code Execution exploit, or RCE for short, an attacker can bypass any security popups or “Are you sure” download dialogs, so that even just looking at a web page could infect you silently with malware.
Worst of all is a so-called zero day exploit, where the hackers take advantage of a vulnerability that is not yet public knowledge, and for which no patch is currently available.
(The name “zero-day” comes from the fact that there were zero days during which you could have patched in advance.)
Patch early, patch often!
Reputable vendors patch exploitable vulnerabilities as soon as they can. Many vulnerabilities never turn into zero-days because they are discovered responsibly through the vendor’s own research, or thanks to bug bounty programs, and patched before the crooks find them out.
Many vulnerabilities require an attacker to trigger a series of suspicious operations to line things up before they can be exploited. Good security software can detect, report and block these precursor operations and prevent exploits altogether, regardless of what malware those exploits were trying to implant.
Managed Service Providers like SpartanTec Inc. will work with your company to keep up-to-date with software patches and prevent these backdoor measures. We monitor your network to ensure invaders are stopped before they can breach your network firewall.
The threats to computer security are becoming extremely inventive. They are masters of manipulation and disguise. They always evolve and try to search for new ways to steal, annoy, and harm. You need to be prepared with all the resources and information you can find so you can protect yourself against growing and complicated computer security threats and remain safe when you’re online.
A computer virus could be the most famous computer security threat. It is a program that’s been written to change the way a computer works without the knowledge or even the permission of the actual user. A virus mimics and then executes itself, generally causing damage to your computer during the process.
You need to carefully evaluate free software, downloads that come from peer-to-peer file sharing websites, and emails from senders you don’t know are important when it comes to avoiding viruses. Web browsers commonly have a security setting that could be improved for better defense against online threats and attacks. But the most effective way of keeping your computer safe from viruses is by installing an up to date anti-virus software from a reputable source.
Spyware is a program that monitors the online activities of the computer user or installs a program without your permission for profit or to get your personal information. Although several users don’t want to hear it, reading the terms and conditions is an excellent way to know how your activity is being tracked online. In case a company you don’t know is showing ads for deals that is too good to be true, you need to have an internet security solution and make sure that you be careful with the links you click.
Predators and Hackers
Computers, not people make computer security threats as well as malware. Predators and hackers are programmers who exploit others for their own personal gain by getting access to computer systems so they can change, steal, or even destroy information as a type of cyber terrorism. These predators could put your credit card information at risk or even lock you out of your personal data, steal your identity. One of the most efficient ways of protecting yourself from various types of cybercriminals is to use online security tools that include identity theft protection.
Phishers pretend that they are trustworthy and reputable businesses or persons. They try to steal pertinent and sensitive personal or financial information through instant messages or fraudulent emails. Phishing attacks are some of the most effective methods for cybercriminals who are trying to pull off data breaches.