Privileged Identity Management (PIM) is an essential security practice for businesses using the cloud. It focuses on securing and managing privileged accounts and access rights within an organisation. In this blog post, we will explore the importance of PIM for businesses, particularly those using the cloud, and why every business should consider implementing it as part of their comprehensive cybersecurity strategy.
What is PIM?
PIM refers to the processes, policies, and technologies used to manage and secure privileged accounts and access rights within an organisation. Cybercriminals often target privileged accounts as a means of gaining access to sensitive information and systems. PIM aims to reduce the risks associated with privileged accounts by providing a central solution for managing and securing these accounts. It involves identifying, managing, controlling access, and monitoring privileged account activity.
Importance of PIM for Businesses
Privileged accounts are a prime target for cybercriminals, and a breach can result in severe consequences, including data theft, business disruption, and reputational damage. PIM is essential for businesses because it helps to mitigate the risks associated with privileged accounts. By implementing PIM, businesses can control who has access, monitor, detect and respond to suspicious behaviour, and reduce the impact of a breach if one occurs.
Why Every Business Using the Cloud Needs PIM
Cloud computing has transformed the way businesses operate, providing flexibility, scalability, and cost savings. However, the cloud also presents new security challenges, particularly when it comes to privileged accounts. Cloud environments typically have many privileged accounts that can access critical resources, making them attractive targets for cybercriminals. PIM is especially important for businesses using the cloud because it provides a central solution for managing and securing privileged accounts across all cloud services and platforms. With PIM, businesses can identify and manage privileged accounts, enforce access controls, and monitor activity. Implementing PIM in the cloud can also help businesses to meet compliance requirements.
PIM is a critical component of a comprehensive cybersecurity strategy, particularly for businesses using cloud computing. By implementing PIM, businesses can manage and secure privileged accounts, control access to critical resources, and monitor privileged activity. PIM can help to reduce the risk and mitigate the impact of a breach if one occurs. Every business using the cloud should consider implementing PIM as part of their cybersecurity strategy to protect against the growing threat of account breaches.
If your organisation is considering SD-WAN (Software-defined Wide Area Network), then effective networking and built-in security should be integral to your decision.
In partnership with Fortinet, QuoStar is one of 15 SD-WAN specialised partners in the UK. We offer a solution that achieves safer, more cost-effective and efficient SD-WAN implementation. Here’s how:
With dispersed workforces, new digital tools and cloud adoption at an all-time high, many organisations are turning to SD-WAN. This virtual WAN architecture brings together existing internet connectivity options, such as MPLS, Broadband, DIA and LTE, to securely connect users to applications, while simplifying the control and management of this connectivity.
SD-WAN solutions help to remove complex and expensive routing, cut down on hardware costs and remove expensive MPLS networks. They can also greatly enhance access to Software as a Service (SaaS) and other cloud-based services and help to minimise downtime.
However, many available SD-WAN networking solutions have little or no built-in security, which can lead to organisations adding a range of disparate tools to address these risks. This increases capital expenditure, raises complexity and creates potential gaps for cyberattacks.
A fully integrated, secure SD-WAN solution is the best way to ensure effective protection, operational efficiencies, and on-going readiness for evolving network demands.
QuoStar’s SD-WAN solution
Working in partnership with Fortinet, who have been recognised by Gartner as a Leader in the 2022 Gartner Magic Quadrant for SD-WAN for a third year in a row, QuoStar’s SD-WAN solution brings extra security protection and enhanced performance to the existing benefits of SD-WAN. These improvements include:
Protection at all edges
Native security for both on-premises and cloud-delivered services, to provide flexible, secure access for a distributed workforce working on and off the network. Unified orchestration capabilities further provide end-to-end visibility and control of the network environment.
A world-class user experience
Our solution overcomes WAN impairments at all edges using our comprehensive self-healing SD-WAN as well as AIOps and Digital Experience Monitoring (DEM). There are no network slowdowns thanks to our purpose-built security processing units, and application performance is maximised with artificial intelligence and machine learning.
Reduced costs and complexity
Significantly lower operational complexity and low total cost of ownership is achieved with converged networking and security. Our unified SD-WAN solution secures remote workers and on-premises users with consistent policies.
You should investigate SD-WAN if:
You’re a largely distributed company experiencing network problems.
You’re particularly vulnerable to internet outages.
Your internet connectivity costs need to be revaluated.
You want to simplify the branch architecture.
You’re in the market to affordably expand your company’s network.
Your company needs to scale quickly and easily.
You would like to enable reliable user experience on any transport with rich routing and advanced WAN remediation for self-healing networks
SD-WAN control and management across multiple locations is providing a challenge for businesses with IT resources facing skill gaps
Obtaining a Secure SD-WAN Assessment Report will give you unmatched insight into your current security posture and network activity. Learn more about your network by registering for a free assessment here.
Since the Russian invasion began in Ukraine on 24th February 2022, businesses and government institutions globally are on high alert for state-sponsored cyber threats – with banks, energy companies and airlines undertaking additional work to strengthen their defences against such attacks. There is an underpinning fear that this could be the new era of global cyber-war.
Cyber-attacks on state-owned digital assets such as the Ukrainian Defense Ministry and Military websites increased in February, as they were hit with DDoS (Distributed Denial of Service) attacks, along with two large Ukrainian banks – PrivatBank and Oschadbank. In this case, the websites were flooded with traffic to the point that they crashed, making the websites unusable.
At the end of February, there was the discovery of the new wiper malware that had been unleashed – dubbed HermeticWiper by some and FoxBlade by others. As well the as DDoS attacks mentioned above, it was designed to wipe the hard drives/system storage of the systems infected, corrupting all the data in the drive – making the data unrecoverable – then initiating a system shutdown. It has been found on Ukranian computers, as well as on machines in Latvia and Lithuania.
Furthermore, a “worm component” dubbed HermeticWizard, has been discovered that could be used to spread the HermeticWiper in local networks.
FoxBlade (HermeticWiper) also downloads and installs other programs – including other malware – onto infected systems, Microsoft has advised.
Cybersecurity experts identified a second wiper cyber-attack, named IsaacWiper, targeted at Ukrainian governmental networks according to a report on Tuesday 1st March. The second wiper attack was detected on 24th February and is described to be a lot less sophisticated than HermeticWiper.
The UK’s NCSC (National Cyber Security Centre) and the US CISA (Cybersecurity and Infrastructure Security Agency) have released details about a new malware targeting network devices, which they attributed to Sandworm – a threat actor previously attributed to the Russian GRU’s Main Centre for Special Technologies (GTsST).
Cyclops Blink is a new piece of malware that targets network devices – supposedly being used by the Sandworm threat actor – a replacement for the VPNFilter malware 2018. The malware collects device information, sending it to a command-and-control server. It can download and execute files, as well as getting additional modules at a later date.
Researchers have identified a web service hosting cloned copies of websites. A number of Ukrainian government websites were cloned, along with the main webpage of the Office of the President. These sites were filled with malware links, that once clicked, would download on to the user’s computer.
What does this cyber-war era mean for nations other than Russia and Ukraine?
While the aforementioned attacks aren’t particularly sophisticated, and can be mitigated with the right cyber protection measures, these types of attacks have previously been used as a diversion tactic in order to lay groundwork for more damaging, sophisticated attacks.
Exposure or risk
As the EU, UK and the US impose sanctions on Russia and Belarus there is greater chance of being at risk of targeted cyber-attacks, as retaliations make take place from the Russian and respective forces. Companies across Britain have been warned to prepare for a heightened security risks as the UK placed sanctions on three of Russia’s wealthy allies.
UK organisations have been urged by GCHQ’s National Cyber Security Centre (NCSC) ‘bolster their online defences’ and warned that there has been an ‘historical pattern of cyber-attacks on Ukraine with international consequences’.
According to Laurance Dine, global partner, X-Force Incident Response, IBM, businesses need to start operating under the assumption of compromise, and put in place the proper controls and measures necessary to defend their environment and critical data.
The UK government may well be taking their own measures to defend the cyber security of the nation, as secretary of state for defence, Ben Wallace, told parliament in reference to the National Cyber Force: “I am a soldier, and I was always taught that the best part of defence is offence… What is good for the goose is good for the gander, and that if necessary we could use cyber warfare to give as good as we get back to Russia.”
High alert for the energy sector
This week (28th February 2022) the UK Business Secretary, Kwasi Kwarteng, is holding talks with the chair of National Grid amid anticipation of a surge in state-sponsored cyber-attacks from Russia. A wise move considering that, in a recent report published by IBM Security, the UK’s energy sector was the target of 24% of all cybersecurity incidents in the country last year. It is also thought that Russia was most likely responsible for the SolarWinds and Colonial Pipeline attacks of 2020 and 2021.
It may seem obvious but evaluate the controls you have in place against cyber-attacks, particularly ransomware.
Pay close attention to the news cycle in relation to this situation.
Pay attention to the types of attacks that are coming through via security feeds.
Keep everything patched.
Watch out for any suspicious traffic that may be coming from outside of the country.
At QuoStar we are committed to helping you and your business remain secure. Our experienced industry professionals are here to give you measured and realistic advice.
Businesses have done a phenomenal job to keep going throughout Covid to keep people working from home, and at the same time building in those layers of security as they go. However, as this new norm sets in, there needs to be more security in place for the post covid world.
Working from home needs additional cyber security post covid
With people working from home, it is important to realise that there are now layers of security your company can’t easily control. Although there has been an inherent layer of security during covid because people have had to work at home, rather than working out and about in cafes and public places.
We recommend giving guidance on these issues to staff as they may not realise that their homes aren’t as safe digitally as they might think they are. Training helps, and it is essential. It’s also essential for organisations to undertake risk assessments of their new agile/remote working environments.
Things you should be considering:
Home environments are a business environment
If you want to breach a corporate network, then you seek out the weak links. People themselves, and home networks/devices are without a doubt weak links that need protecting.
Review your remote working environments
It’s essential that security risk registers and controls are revisited regularly. It’s also important to perform regular penetration tests.
Are the roles now paperless?
Do we need collection of classified documents for shredding?
We are sharing screens more
We need to be cautious about what we are inadvertently sharing.
The use of smart speakers and technology at home
We all know of Alexa, but there are hundreds of varieties. They are all managed by different countries using different clouds. They are recording all the time. IoT and AI are likely to further erode the privacy and autonomy of users.
Avoiding successful attacks and creating better cyber security post covid, the short answer…
Before you hide, go seek!
The biggest key to it all: do you know where all of your data is?
Layer it up
It’s essential that you rely on all 7 layers of cyber security post covid. You can’t just have one control to stop a threat, just as having antivirus software will not protect you from getting a virus. The same way locking a door won’t stop someone burgling your house. It’s best to apply theSwiss cheese modelof risk management.
It is much cheaper to get your security layers in there first. The layers don’t need to be expensive, just suitable, with good architecture.
Your data, particularly sensitive data, needs to be protected whilst traveling over non-corporate networks and whilst at rest – sat on a server, the cloud, a mobile or on a laptop.
Work with what you’ve got
Most companies, even big ones, don’t have the budget or endless resources to do everything, the key is optimising what you have got. A simple one, privilege management – what are the entry limits to your digital technology?
Know your risks
It’s essential for all businesses to have a risk register, however large or small. If you don’t know all the risks your organisation faces, how can possibly ensure you are protected against them? It’s negligent to not do so. It’s important that board understands and signs off risks, and doesn’t just leave it to IT. Ask yourself what are your risks to cyber security post covid.
It’s essential that you monitor all network attached devices for anomalies. If you aren’t looking you aren’t going to see a breach until it’s too late. Many organisations don’t know they’ve had a breach until months after.
Business Continuity has been put to the test
Covid has made us test all major categories of business continuity. A few years ago, we’d test things like ‘building unavailable’. Businesses have been put into the real-life working situation of no building available, no public transport, fewer staff numbers and sick and absent staff. We have been hit with all the major categories of business continuity at the same time.
A shortage of senior cyber-security professionals
However, with a global shortage of senior cyber-security professionals, coupled with the prohibitively expensive costs of retaining a full-time, dedicated expert, many businesses may struggle to access the appropriate level of support required.
Businesses get access to a dedicated Chief Information Security Officer who will provide senior security leadership and take responsibility for identifying, controlling, and managing risk. Making sure the business’s security posture is strengthened.
The flexible CISO service by QuoStar can help SME’s navigate the ever changing cyber-security landscape.
Cyber crime is changing quickly, it’s a global issue and its ramping by the day. The cybercrime industry is on-target to cost the world $6 trillion in 2021 and is forecast to cost $10.5 trillion by the end of 2025. Everyone is under threat. From the individual sat at home on their iPad or mobile phone, through to small, medium, and large-scale enterprises – even countries!
So how do mid-market and smaller organisations protect against the clear and present dangers? Cyber Essentials? Without a doubt, cyber essentials ‘does not’ make you secure – it is the absolute bare minimum you need to be doing; look at it like locking the doors to your house. It is the same with anti-virus and firewalls – they are no longer enough.
Does the board and IT team really understand the true level of risk they face in every area of the organisation?
How are those risks to evaluated and controlled?
Can they make the right budgeting decisions?
How do they respond if there is a breach?
How do you do deal with regulators, such as the ICO (Information Commissioner’s Office)?
Is their security stance continually improved?
That’s where QuoStar’s flexible CISO service comes in
Our on-demand service provides clients with ongoing senior IT leadership and guidance on cybersecurity strategy, management, and response from a certified and experienced CISO. They will be able to identify, control, and manage the multitude of threats and challenges businesses face in today’s rapidly changing security landscape from the get-go.
The on-demand service operates in close partnership with senior business leadership and IT teams to ensure both parties hold the relevant responsibilities and accountabilities. They will also help to run and implement Information Security Management Systems, such as IASME or ISO27001. This facilitates enhanced security governance, compliance, and ongoing continual improvement of an organisation’s security position.
The flexible CISO service is led by QuoStar’s Head of Security, David Clarke, who has over 25 years of experience working in cybersecurity, formerly as Global Head of IT Security at BT and other FTSE100 companies. David currently oversees the development, implementation, and support of QuoStar’s clients’ information and security-related risks.
David Clarke, comments:
“As a result of the pandemic, company boundaries have become much more fluid. So many employees now work from home. It’s not always clear what belongs to the company and what is personal. Businesses are now having to manage different servers, cloud services, and access control issues. Their technology needs to be safe and compliant in all these areas before it can be performant.
“Organisations need to adopt a multi-layer approach to security to manage these risks effectively, but that can be costly. With our on-demand service, however, businesses can truly afford to get the best protection possible, without putting undue strain on the bottom line.”
The on-demand CISO service follows the successful launch of our on-demand CIO (Chief Information Officer) service earlier this year. Our on-demand CISO service has already seen a rapid uptake of interest, with several businesses already taking advantage of the offering.
“We are delighted to add the CISO service, alongside or CIO service. QuoStar gives mid-market and ambitious smaller businesses access to top talent at the level they need. We’ve always been passionate about delivering measurable business outcomes to our clients. Our aim is to reduce risks and improve the bottom line.
We’ve always taken IT security extremely seriously. We have always kept up to speed with the technical controls to IT security risks. The evolution of the risk landscape, accelerated by COVID and the rise of hybrid working means we need to implement enhanced IT security governance into our wider client base. Relying on technology just doesn’t cut it any longer – organisations need to be proactively managing risk, continually.”
Work towards achieving Cyber Essentials Plus and put in place these 7 security measures.
Want more than basic cyber-security protection for your business? If you already have our 9 Steps to combatting cyber-threats in place and you’re Cyber Essential certified, you’ve made a good start. But if this is all you have, then for proper security there are still a few more steps you can take to safeguard your business. Cyber-crime is £1 trillion industry for cyber-criminals.
After getting the basic accreditation, you can work towards achieving Cyber Essentials Plus. This is a similar experience in achieving the basic Cyber Essentials accreditation. The difference is that it deals with security at a higher level and demands more rigorous policies and practices to be in place.
How else can you secure your business?
Cyber Essentials covers a broad range of topics regarding security and so will likely cover most of your basic security needs. But we also have a brief list of some security systems and techniques which are worth looking into. Or, if you’re looking to get the best level of cyber-security we recommend our CISO service.
ISO 27001 is an internationally recognised certification you can get which proves your cyber-security is at a high level. It can be used as a compelling point for people to choose your business over competitors.
Because of the rising cost of an outage, getting systems back online quickly is vital to prevent minute by minute money from burning. The rise of virtualisation and the cloud has made disaster recovery and business continuity a much simpler and cost-effective venture than before. It’s worth considering.
With connectivity being so critical to a firm, it’s essential to have backup network and Internet connections to prevent a failed connection from leaving the firm isolated from clients and the wider world. Multiple firewalls and/or routers are also recommended.
SECURING THE LAN
The LAN has previously been left relatively unprotected but it’s now imperative that you secure the internal network to restrict access from undesirable third parties. You also need to secure any wireless or virtual networks to stop a single breach from creating an open door across the entire firm.
MOBILE DEVICE MANAGEMENT (MDM)
Bring Your Own Device (BYOD) is a popular policy, but it’s also dangerous without the correct measures in place. Procedures need to be set up for when a device is lost or stolen or when an employee leaves the company. Don’t adopt BYOD for the sake of it, do it for an important reason. And if employees do need personal devices, look into Choose Your Own Device (CYOD) as a more secure alternative.
DATA LEAK PROTECTION
In order to implement an effective data leak protection policy, you need to really understand what data you have and the risks you face. Only then can you really begin to implement the correct controls. These will vary from sector to sector but should include things like portable encryption, endpoint protection, email content control and intelligent firewalls.
In short, put in place more than basic cyber-security to stay ahead of the game. Stop those cyber-criminals in their tracks with a good level of protection for your business.