The cybersecurity implications of digital transformation and what effective defense looks like
December 2021 by Abed Samhuri, Cyber Institute Lead at Axon Technologies
Effective cyber defense is a mixture of the right people, processes, and technologies. When it comes to cybersecurity and particularly cyber defense, it is simply not enough for an organization to buy various technologies and install them on their systems, insists Abed Samhuri, Cyber Institute Lead at Axon Technologies.
It is a fact that organizations that have adopted digital transformation in advance were able to cope with the remote working challenges during the pandemic. And this indeed has pushed many organizations to start considering digital transformation seriously. However, if done with no security in mind, digital transformation can widen the attack surface against the organization and can open the door to more security incidents.
One of the greatest challenges to securely implementing digital transformation is not having enough resources (budget and manpower). For this reason, our first recommendation is to outsource this aspect to a third-party cybersecurity firm. The following are three key tips to mitigate any security risks that arise from digital transformation:
• Cloud Security: given that a lot of technologies for digital transformation are cloud-based, it is crucial that you pay attention to this point. Cloud security starts with choosing the right cloud service provider – one that already has a strong security policy.
• Multi-Factor Authentication (MFA): it is not enough that you have strong passwords on various online accounts. You need to enable/ enforce MFA to prevent account compromise, session hijacking, and other attacks.
• Enable Auditing and Logging: whenever you utilize a cloud-based service, ensure to enable logging of various actions (permissible or otherwise). In times of crisis, those logs are the first thing that will give you clues of what is happening, why it is happening, and how to fix it.
Towards zero trust security
Zero-Trust Security is a principle in security architecture where “trust” is eliminated between interacting entities – such as a person accessing a system, an application accessing a network share, etc. In this approach, enforcement of authentication and authorization always takes place between entities regardless of their network or location. No network is regarded as trusted where entities in it can interact with no authentication. Thus, it is about eliminating trust.
The advantage of the zero-trust approach is self-evident. It reduces any chance of an attacker exploiting a trust relationship and gaining unauthorized access due to that trust. Attacks like spoofing, hijacking, privilege escalation, etc., get reduced tremendously in an infrastructure designed with zero-trust principle.
However, this does not come without a cost. Zero trust security requires more effort in designing a network infrastructure. In addition, there is management overhead; zero-trust security requires continuous monitoring and auditing of users and devices.
What effective cyber defense looks like
Effective cyber defense is invariably a mixture of the right people, processes, and technologies. When it comes to cybersecurity and particularly cyber defense, it is not enough for an organization to buy various technologies and install them on their systems. Experience has shown repeatedly that technology cannot meet the expectation unless operated by a team of skilled security specialists.
The human intelligence is an essential component of a successful cyber defense program. The team can be composed of security analysts, engineers, and incident responders. Technology can a good preventive measure; but whatever slips through the technology would need the human to analyze, examine, and hunt for otherwise hidden intrusions.
Finally, there needs to be a set of processes that govern how the team interacts with the technology so that detection and response are efficient. Processes outline procedures and step-by-step actions to be undertaken by the team. They help eliminate ad hoc reactions in times of crisis and provide visibility and efficiency to the overall cyber defense strategy.
Enhancing cybersecurity with gamification
Gamification adds emotional engagement to training by providing a competitive context and excitement. Game playing is regarded as a sophisticated way of training and educating security specialists. According to scientific studies, people learn best when they engage their emotions and practical experience in a competitive environment.
The following are two examples where we leverage gamification in cyber training:
• Training interns: within our internship program, the intern is assigned an account on a gamified cyber security platform. The intern has to complete around 200 challenges, where each challenge has a certain score. As the intern completes one challenge after the other, their score increases, and they can view their ranking on a leaderboard. The challenges are categorized into different topics such as web application attacks, reverse engineering, security event analysis, malware analysis, cryptography, etc.
• Cyber War Game: it is an event that is set up to simulate and exercise cyber offense and defense techniques and tactics in a gamified and challenging way. Participants are grouped into 2 Team categories: Red-Team (Offence) and Blue-Team (Defense). The Red-Team attempts to break into a predesigned virtual infrastructure while the Blue-Team will detect, track, and respond to the attacks.
To sum it up, gamification is an effective approach to sharpen the skills of the security teams, enhance the communication between the team members, and increase the organization’s resilience to cyber-attacks.
Empowering cybersecurity professionals
The industry needs cybersecurity institutes that offer high-quality intensive courses and workshops in all fields of cybersecurity. IT professionals need to become well-established security specialists in their organizations.
The courses and training programs should cover a wide range of cybersecurity development paths, such as Cyber Defense, Cyber Offense, Incident Response and Forensics, and Management. For each path, we need progressive courses from a beginner level to an expert level. Participants can build a training path of their choosing.
Ideally, the courses need to be hands-on, with comprehensive lab sessions and exercises. We should not only cover the essential theories and concepts, but also make sure that the participants can apply the skills practically in real-world scenarios. By enrolling in such training courses and workshops, cybersecurity professionals can boost their knowledge and skills, and thus, advance in their career paths.