Strong network security is essential, yet creating and maintaining bulletproof network protection remains an elusive goal for many enterprises.
Ensuring that every potential gap is securely sealed continues to be a challenge for organizations of all types and sizes. Even more distressing is the fact that many enterprises fail to take some basic actions that would keep their networks safe from infiltration and attack. Here's a look at the five leading ways enterprises inadvertently compromise their network security, and how to fix those oversights.
1. Relying on a single solution to patch a vulnerability
It's not enough to simply identify a gap and then buy a hardware or software widget to fill the breach. "Security pros must expect to encounter events that threaten network security and implement continuous testing accordingly to ensure the device in question will not be compromised," said Kurt Alaybeyoglu, a senior associate at The Chertoff Group, a global security advisory firm. "Otherwise, an organization will waste its precious, often scant, security budget," he added.
Not only is it a waste of money to purchase a widget without deploying controls assurance testing, but there's also the waste created by evaluating and installing the widget and conducting employee training, Alaybeyoglu explained. Even worse is that without continuous testing and management, IT is providing a false sense of security to enterprise directors by claiming that the organization is now protected against the tactics, techniques, and procedures (TTPs) that the investment was meant to address.
2. Using a VPN as a security band-aid
Virtual private networks (VPNs) play a key role in many enterprise security strategies since they're widely accepted as a surefire way of securing an enterprise data ecosystem. "However, VPNs are old, vulnerable, and have been proven to contribute to major cyber incidents," observed Chris Day, chief cybersecurity officer at security and analytics provider AppGate. "VPNs have been in the cybersecurity market for over 20 years, which by industry standards is ancient," he noted. "This dated tech neuters intrusion detection and protection systems, clogs firewall rule sets, and adds to the complexity of properly administering and securing networks."
Software-Defined Perimeter (SDP) technology has emerged as a better alternative to risk-laden legacy VPN technology. "SDP is a straightforward, zero trust framework that reduces the attack surface, secures network access, neutralizes adversaries, and reduces overhead cost," Day explained. He added that SDP has a better security profile than VPNs while augmenting existing intrusion detection and prevention tools. "VPN technology is dated and will only continue to present significant risks to organizations," he stated. "To better reduce and manage their cyber risk, organizations should retire VPNs and replace them with the more effective, efficient, and secure SDP technology."
3. Failing to provide adequate IoT and OT protection
When it comes to IoT and Operational Technology (OT) security, the most common mistake is not performing continuous network security monitoring to quickly identify anomalous or unauthorized activities. "Since you can't place agents on IoT/OT devices, they're frequently unmanaged and unseen by IT, so you need agentless monitoring at the network layer to analyze the traffic and look for behavioral anomalies," said Phil Neray, vice president of industrial cybersecurity at CyberX, an industrial cybersecurity platform provider.
IoT/OT devices are soft targets because they're typically unpatched, left vulnerable with default credentials, and lots of open ports, providing a convenient gateway for adversaries to gain access to corporate networks. "They can then steal trade secrets and intellectual property, deploy ransomware to disrupt operations, or even cause catastrophic safety and environmental incidents ... leading to corporate liability concerns," Neray warned.
Continuous threat monitoring should be just one element in a multi-layered IoT/OT security strategy, Neray said. "You also need to perform auto-discovery to know what IoT/OT devices you have, and how they're communicating with each other, so you can implement zero-trust, micro-segmentation policies," he explained.
4. A poorly-architected or outdated network design
Many organizations inadvertently compromise their security by failing to properly architect and segment their networks. "By failing to segment assets based on security needs, an organization can be exposed to threats across all of their data," warned Steven Aiello, security practice director at digital business platform provider AHEAD. This issue sometimes stems from the business side rather than the technology side, he noted. "The business, operationally, may not understand which types of information need more secure protections."
When network assets aren't securely segmented, there's no insight into how traffic is flowing between high and low sensitivity areas. "There are no checks and balances in place—no gateways or firewalls that regulate flow from low- to high-security areas," Aiello said. "To segment their assets, businesses should identify what's most sensitive to the organization, and then create security zones that provide the proper protection for high-risk information," he suggested.
5. Failing to stay a step ahead of emerging threats
Knowledge and planning play an important role in helping enterprises stay a step ahead of network attackers. "Identify the most likely threats, including the personnel and data most likely to be targeted," suggested Reiko Feaver, a partner in the Atlanta office of business law firm Culhane Meadows, whose practice includes privacy and data security matters. It's essential to stay current with threat protection measures and keep the organization’s software current with patches and updates, she advised.
Feaver also recommended using a threat intelligence service to pinpoint threats and to avoid or minimize the time persistent threats remain in the network infrastructure. "Adverse consequences of a breach multiply the longer a threat sits undetected in an organization’s IT structure," she explained.