Security team

The five steps every security team should take to protect their infrastructure from cyberattacks

With potential threats ranging from individual malicious actors to state-sponsored hacking groups, today’s businesses and institutions are scrambling to harden their defenses and stay ahead of emerging cyberweapons. Ev Kontsevoy, CEO and co-founder of Teleport, shares five steps for security teams to protect infrastructure against cyberattacks.

In 2021, the tech news was dominated by dramatic and high-profile cyberattacks: data breaches expensive ransomware hacks.

Learn more: Lessons learned from cyberattacks on critical infrastructure

The most common challenge for organizations trying to improve their cyber defenses is a combination of outdated technologies and outdated conventional wisdom. A recent Inc. article highlighted how employees are using lax practices with their passwords, which obscures the fact that no organization should be using passwords at all in 2022. According to the World Economic Forum’s 2022 report Global Risks Report, approximately 95% of cybersecurity issues can be attributed to human error. To protect critical infrastructure and assets from cybersecurity attacks, organizations must ditch legacy solutions and adopt these five strategies:

1. Get rid of secrets

With human error at the root of the vast majority of cyberattacks, organizations should take every step possible to eliminate the human element from their security strategy. Secrets such as private keys, passwords, or browser cookies can be lost, stolen, or even sold to bad actors, making each individual password a potential liability. In the case of Violation of GoDaddy At the end of 2021, a single compromised password left more than 1.2 million WordPress users with their account information exposed.

Perhaps most remarkably, a recent SpyCloud report revealed that 70% of compromise passwords were still in use. Even when people know their passwords aren’t secure, human nature leads them to continue to rely on the familiar option. To eliminate the most accessible opportunity for bad actors to gain access to sensitive data, we need to make passwords and other static credentials a thing of the past.

2. Implement identity-based access

Relying on passwords to grant access establishes a secret between the system and the user – a secret that can all too easily be leaked or discovered by a bad actor. The best substitute for secrets is to use identity-based authentication and authorization. A single sign-on (SSO) access flow for every computing resource (servers, databases, internal applications) in your organization allows users to establish and validate their identity whenever they need to access an asset or a sensitive system.

Identities must be issued not only to human users, but also to machines and microservices. Hackers can use applications and infrastructure as springboards or entry points; providing them with an identity prevents them from being used as a weapon against their own organization.

3. Forget perimeter security

For years, the security industry has talked about zero-trust architectures to secure their network perimeters. Yet despite the hype, little progress has been made in making zero trust a reality. Rather than trying to define and defend a perimeter, organizations should instead consider every computer in their system to be on a public Internet and respond accordingly.

Protecting only the network perimeter with solutions like VPNs can help reduce complexity in the short term, but it comes with significant security and monitoring tradeoffs. Once a perimeter has been breached, attackers can easily move laterally through the system and dramatically increase the impact of their actions. By securing individual computing resources such as applications, databases, and servers, organizations can immediately limit the damage from any breach to a single node in the system.

4. Strengthen DevSecOps

Although security teams want to lock down all assets on their system to prevent their engineers from putting important assets at risk, it is important to be realistic about business priorities and human nature. Security teams that take drastic measures to protect their assets regularly find themselves with backdoors created by their engineering teams to save time and frustration.

Instead of pitting developers and security professionals against each other, engineers should be responsible for securing their own systems. DevSecOps encourages developers to implement security at every stage of product development, moving security from the right (end) to the left (beginning) of the DevOps process. DevSecOps requires development teams to perform their own security testing and resolve any issues discovered during testing themselves. The “left shift” approach allows every component and configuration in the technology stack to be patched, safely configured, and documented.

5. Reverse Complexity

As organizations modernize their security practices, they often have to decide what to do with legacy tools and systems. Removing legacy solutions and removing backwards compatibility can cause serious growth issues within an organization. However, failing to eliminate outdated technologies leads to an increase in the attack surface, increasing the likelihood of human error and serious security risks. Organizations that choose to piggyback new solutions onto existing layers of technology end up with a very complex ecosystem that is difficult to monitor and even more difficult to secure.

As complexity increases, the likelihood of human error also increases. To reverse the threat of growing complexity, organizations must consolidate all remote access protocols under one comprehensive solution. Introducing a solitary access plan greatly simplifies security practices and eliminates the possibility of a random bug leading to a major breach.

Learn more: How to Implement a Cybersecurity First Culture

Cybersecurity is not a static practice. With malicious actors motivated by large financial rewards, their methods become more sophisticated as they strive to thwart security improvements. To stay ahead of emerging threats, organizations must abandon outdated approaches such as passwords and perimeter-based security and instead embrace a proactive, dynamic, identity-based approach. Critical infrastructure protection cannot wait.

What steps are you taking to enable your security team to take a stronger stance against cyber threats? Share with us on LinkedIn, Twitter, Where Facebook. We would love to hear from you!