Beware: cybercriminals are counting on an unprotected Domain Name System to infiltrate a network, expand without detection, and exfiltrate data stealthily
Why do organizations continue to face challenges in the fight against cyber threats?
While organizations grappled with rapid adoption of digitalization technologies just to keep the corporate lights on, their transformed infrastructure needed more than the pre-digitalization ways of securing their systems, leading to many existing and new attack surfaces and vulnerabilities for cybercriminals to exploit.
Threat actors are continuously developing increasingly sophisticated methods of attack that are discreet and elusive, making it harder for cybersecurity teams to identify and mitigate these threats effectively, said Jeff Castillo, Senior Regional Director, Infoblox South-east Asia as he chatted with CybersecAsia.net on how firms in Asia can fend off cyberattacks.
CybersecAsia: When it comes to hybrid-working setups, are firms in the region stepping up their corporate defenses?
Jeff Castillo (JC): While remote- and hybrid-working have become the new norm across the world, firms in the region are still in the midst of adjusting and scaling their network defenses to accommodate such arrangements.
Employees are now accessing their firm’s networks via unsecured networks, through remote workspaces such as their homes or cafes. Additionally, some organizations do not enforce strict cyber hygiene practices among their employees, making them susceptible to online scams.
For instance, Singapore organizations cited phishing as the most common attack method, which made up 69% of all breaches in the country. The attacks are easy to carry out even by an amateur threat actor: it is as simple creating an convincing email containing hidden malicious links.
Compounding this is the lack of cyber hygiene, where businesses are leaving their networks exposed and vulnerable.
CybersecAsia: What are some of the biggest weaknesses in most organizations’ existing networking and security systems?
JC: With more devices, systems, and applications being introduced to the organization’s network architecture, it becomes harder to monitor and mitigate threats. There is a lack of comprehensive visibility of network activities, and an inadequate level of collaboration across network and security teams, which hinders the immediate detection and resolution of threats as there is no sharing of threat intelligence and effective communication.
It also does not help that DNS has largely been ignored by traditional security solutions, and is not seen as a possible threat vector that attackers can leverage. This has led to the evolution of attack techniques that utilize DNS to infiltrate a network, expand without detection, and exfiltrate data. With any cyber-attack, the purpose is to infiltrate a network, typically leveraging malware or other types of attack methods. All of these approaches rely on a network that can communicate with the internet, which in turn has a dependence on DNS services.
Also, human error poses a significant challenge in the maintenance of security, as employees may unknowingly fall prey to phishing emails or use weak passwords. Furthermore, with the shortage of tech talent across Asia countries, there continues to be a lack of IT professionals to oversee and address organizations’ level of defense towards cyberattacks.
CybersecAsia: What should organizations should be investing in, to maximize their security investments?
JC: Organizations can consult external security consultants to get help in boosting visibility within their networks to mitigate and detect threats earlier in the threat lifecycle.
It is crucial for businesses to consider the integration of networking and security, as this synergy offers real-time insights into applications, users, and devices. By doing so, organizations can effectively detect and respond to network connections, leading to substantial enhancements in business performance and protection levels.
Downtime and disruption due to network outages and security breaches are simply not an option as both are detrimental to business success.
A form of first-line defense to consider is DNS layer security, which plays a crucial role in enhancing protection by addressing gaps that may exist in other security software. By leveraging DNS layer security, organizations can achieve heightened visibility and control, enabling them to detect approximately 90% of threats at an early stage in the kill chain, before they are detected by other tools.
CybersecAsia: How can businesses improve detection and management of online threats?
JC: The effectiveness of networking and security teams is enhanced when both groups collaborate and share real-time visibility into application, user, and device context. Traditional siloed approaches have been a hurdle in achieving this goal, with many organizations finding it difficult to identify network devices involved in a security incident.
By uniting Security Operations and Network Operations, organizations can fully capitalize on the network intelligence that is being shared, which allows for quick identification of network devices involved in security incidents, facilitating a more efficient response.
CybersecAsia: How can organizations establish a company-wide security culture amongst employees?
JC: Organizations should incorporate security into all areas of the business. By emphasizing the importance of security right from the start of any project or initiative, they can proactively identify and address potential security risks, ensuring that security measures are integrated into every aspect of their operations. This approach builds a solid foundation of security and reduces the need for reactive measures later on.
It is also essential for employees at all levels to possess strong cyber hygiene practices. Organizations need to implement a comprehensive cybersecurity training program for their employees that includes regular training sessions and awareness programs. These programs should educate employees about potential threats, safe online practices, and the organization’s security policies. This also helps to alleviate strain on existing IT teams amid a shortage of tech professionals.
CybersecAsia thanks Jeff for sharing his insights with readers.