CIO response to ‘Cyber War’ headlines

Assessing and strengthening enterprise security

Recently, the CIO of the Transportation Security Administration (TSA) said the U.S. is in a ‘Cyber War.’ The same day, a cyber security advisory from CISA and NSA Red and Blue Teams underscored major network security gaps leaving organizations vulnerable to cyber threats. Regardless of the country you operate in, as stewards of enterprise infrastructure and data, CIOs and CISOs should now scrutinize their environments for these prevalent pitfalls—and take prompt action to mitigate risks.

Authentication and authorization: Major gaffes to avoid

The advisory rightly calls out improper identity and access controls as a critical exposure. All too often, organizations make blunders like:

• Failing to separate user permissions from administrator privileges

• Implementing weak or bypassable multifactor authentication

• Enabling excessive inactive session timeouts

• Relying on static passwords through poor rotation policies

Mistakes like these enable attackers to move laterally and escalate privileges once inside the network perimeter.

By implementing context-aware access policies, security teams can limit the blast radius from the all too frequent problem of compromised credentials. With the right systems in place, admin permissions can be strictly controlled while friction for regular employees is minimized.

Services exposed to the Internet: Don't be low-hanging fruit

Nothing invites trouble more than serving internal resources over the public Internet without adequate access controls. Simple misconfigurations often grant unauthorized access to databases, file shares, backup systems, admin consoles, and other services – and attackers are all too eager to take advantage.

By implementing a unified control plane for external access and DDoS protection, security teams gain consistent visibility and enforcement. They can take back control, and valuable data can be protected from prying eyes.

Visibility and segmentation: No free movement for threats

Once malicious code or an attacker infiltrates the network, lack of visibility and segmentation enables unfettered lateral traversal. Security may be blind to connections between different environments like production, staging, and development.

Segmenting enterprise networks into logical trust domains containing related resources allows leaders to limit blast radius. Meanwhile, improved behavioral analytics helps security teams more readily detect threats inside the perimeter.

Vulnerable code and services: Shrink the attack surface

Basic cyber hygiene remains essential—yet NSA and CISA’s warning shows organizations still struggle with tasks like patching vulnerable software in a timely manner. Modern platform-as-a-service offerings allow enterprises to reduce attack surface by running only the code required and isolating execution.

CISOs can shrink the external attack surface and limit potential damage from compromised code by isolating code execution and reducing excess exposed services squashes opportunities for attackers.

The path forward: Assessing and remediating risks

The vulnerabilities spotlighted by CISA and NSA provide an urgent reminder for CIOs and CISOs. Now is the time to thoroughly examine internal and external network exposures—and take action to address risks.

Here are 6 specific steps that CIOs and CISOs can take to remediate the risks identified:

1. Conduct a thorough security assessment of your network infrastructure and applications. This will help you to identify any vulnerabilities that may be exploited by attackers.

2. Implement strong authentication and authorization controls. This includes using phishing-resistant multi-factor authentication (MFA), enforcing role-based access control, and rotating passwords regularly.

3. Segment your network into logical zones. This will help to contain the spread of malware and other threats in the event of a breach.

4. Deploy a web application firewall (WAF) with DDoS protection to protect your public-facing applications and APIs from common attacks.

5. Implement a Zero Trust security model. This means that all users and devices should be authenticated and authorized before being granted access to any resources.

6. Use a cloud-based security platform with a unified control plane like Cloudflare to help you manage your security posture across your entire organization.
   

Strengthen network defenses

Cloudflare's robust connectivity cloud is purpose-built to help leaders address many of the highlighted security concerns holistically. By leveraging Cloudflare capabilities for zero trust, network visibility & segmentation, securing internal applications and APIs, reducing attack surface, and more, organizations can meaningfully improve security posture across hybrid and distributed environments.

Rather than rely on point solutions in silos, CISOs can turn to Cloudflare as a platform for securing the entire enterprise, both on-prem and in the cloud. As stewards of business-critical infrastructure and data, modern IT leaders would be prudent to evaluate how best to mitigate the security gaps leaving them dangerously exposed. The moment to strengthen network defenses is now.

This article is part of a series on the latest trends and topics impacting today’s technology decision-makers.

Author

John Engates — @jengates
Field CTO, Cloudflare

Key takeaways

After reading this article you will be able to understand:

• Cyber war affects organizations around the world

• How to scrutinize vulnerabilities in enterprise infrastructure and data

• 6 steps that CIOs and CISOs can take to remediate risk
  

Other articles in this series:

• Transform cyber security in the boardroom

• From acronyms to action: Demystifying Zero Trust

• Connecting cyber security to strategic business value