Mazhar Hamayun is a cyber security professional with over 20 years of hands-on technology and leadership experience. At Check Point Software, Mazhar works as a cyber security engineer and in the Office of the CTO, committed to helping different organizations achieve success in both strategic and technical initiatives while contributing to Check Point’s own security practices.
In this dynamic interview, Mazhar Hamayun discusses the most common cyber attack vectors today, major reasons for cyber attacks and common steps for securing data. Don’t miss this must-read interview!
What are the most common attack vectors that you see?
- We see phishing as a common attack vector
- We also see unpatched vulnerabilities on Windows and Mac OS devices as causes of a breach
- Privilege escalation is another common attack vector
What are major reasons for current cyber attacks?
- Acquisition of personal information and corporate data is the primary objective
- Disruption or activism is another reason for cyber attacks
- Financial gains/extortion
- Stealing valuable information e.g. intellectual property data
- Stealing national secrets
- Trying to attack infrastructure management and gain control
From your perspective, what are the best ways to secure data?
1. Hardware/software inventory system. First and foremost, every organization should implement an inventory system to log all software and hardware elements used in the organization, maintaining a standard list of different software versions in use.
2. Up-to-date hardware. Keeping hardware up-to-date is a very important step for any organization. When we talk about up-to-date hardware, we want to ensure that organizations keep hardware at a current support level in case something goes wrong. That way, a customer can get replacement hardware if needed. Don’t let end-of-support, end-of-life hardware continue to exist in a production environment.
The second aspect of up-to-date hardware is to ensure firmware and hardware drivers are up-to-date to prevent any possibility of vulnerability exploit.
3. Vulnerability management system. The biggest challenge organizations face in the event of a vulnerability disclosure is lack of a vulnerability management system. In today’s ever changing cyber world, it’s very important for organizations to have an effective vulnerability management system that can provide a true picture of different software and applications running in a business environment. This provides visibility into a software lifecycle as well as information about different vulnerabilities/exploits tied to individual software versions. It is critical to track the vulnerability management cycle in reports that show up-to-date status.
4. Patch management system. Patch management is a subset of systems management that involves identifying, acquiring, testing and installing patches or code changes. The purpose of patch management is to fix bugs, close security holes or add features. It’s highly recommended to have the patch management system tied in with the vulnerability management system to ensure secure software management and protection from exploits in un-managed software.
5. Implement zero trust access. Limit exposure to key business resources and sensitive data by enforcing strong zero trust mechanisms and allowing zero trust access to the right business resources based on strong identity awareness rules.
6. Implement antivirus & antimalware software. The first line of defense for any organization is implementing a modern antivirus/antimalware and anti-ransomware solution that uses machine learning and AI capabilities.
7. Use a Next Gen Firewall. A properly configured Next Generation Firewall implementation will provide protections from Gen 6 attacks as well as DLP capability and protection from bot attacks.
8. Password management. Password management is usually defined as a system that facilitates a simple, secure way to store passwords and a means of accessing them quickly when required. Today, password management is a critical part of the IT policy of most organizations. Password management solutions ensure robust cyber security and provide convenience for home and enterprise users alike.
9. Password/authentication. Implement passwords with a complexity mechanism and multi-factor authentication to ensure that users are not using simple passwords for authenticating to critical business resources or for purposes of accessing business email.
10. Limit login attempts. In today’s attack vectors, hackers and malicious attackers rely on automated software to attempt millions of login combinations in short periods of time and to try to quickly hack critical business systems.
11. Strong email security. Based on the most recent cyber attacks and research data, most attacks are initiated using a simple phishing email. Organizations should focus on email system security and implement strong anti-phishing and anti-spam security solutions to prevent users from being targeted in random email attacks.
12. File sharing solutions. Most organization rely on different file sharing solutions and ignore situations where individual users rely on third party solutions for file sharing. Organizations should explore and implement a strong encryption file sharing solution and enforce strong authentication and encryption around that file sharing solution.
13. Monitoring system. To have an effective protection mechanism, it’s important for organizations to have logging enabled from all endpoints, servers, firewalls and other devices in a network. On a regular basis, someone should monitor and review these systems, then taking actions based on the findings.
14. Strong security for remote work force. In a post-Covid world, the remote workforce is a reality. Most organizations still rely on traditional remote access VPN and desktop security principles to secure those users. Instead, organizations should enforce a stronger and more secure authentication/encryption solution to ensure that the remote workforce is empowered/secure and able to perform roles effectively.
Securing personal and business data is a key goal for most organizations and it’s not a simple or easy task, but organizations can get started by understanding different aspects of the system/network and gradually moving towards sustained efforts to secure the information.
There is a common misconception in the industry that by implementing best-in-class endpoint security or firewalls, it will solve the security challenge. But in reality, success in cyber security derives from a mixture of several different elements, such as those outlined above, and an origination can start with any step.
Given the nature of evolving attacks, security practices need to evolve continuously, and it’s a journey that doesn’t end with this list.
Lastly, to receive more timely cyber security news, insights into emerging trends and cutting-edge analyses, please sign up for the cybertalk.org newsletter.