The CISO Checklist to
Outsmart
2024 Cybersecurity Threats
Written by Jason RaderCISO
Jason began his college career as a voice major and was an early adopter of using technology to push creativity — in this case, interfacing musical instruments with computer systems. His interest in tech inspired him to pursue a focus in local area networks and internet-based technologies, eventually leading him to start a company specialised in Microsoft and Cisco training and consulting. After building, running and eventually selling his company, Jason took a role with RSA to transform the organization into an established solutions provider. Jason joined Insight in 2015 to build the security consulting group. In 2021 he assumed the role of chief information security officer.
Cyberattacks are on the rise — that’s old news. And because an attack is not a matter of “if” but “when,” your best defense is understanding how they’re happening. And, more importantly, how you can be proactive in your cyber defense. After all, a proactive approach to cybersecurity is far less expensive than a reactive approach.
As the Chief Security Officer at Insight, I’m intimately familiar with the emerging ways cybercriminals are attempting to knock down the proverbial door. Beyond the news stories and what I see attempted at Insight, I’m also aware of what’s happening to our clients. And I’ll level with you: It’s rough out there.
In the high-stakes game of digital defense, cyberattacks are the unwelcome wild cards anyone can draw. Anticipation is key. Adopting a proactive approach helps you sharpen your responses, counter unforeseen events as they unfold and bounce back from a bad hand stronger than ever.
The ever-shifting digital landscape we operate in today can feel like a never-ending game of whack-a-mole when it comes to cybersecurity threats. They pop up more often, in more places — and get tougher to beat.
Organisations of all sizes face a complex array of cyberthreats. Large companies struggle to allocate enough funds to strengthen their cyber defenses, while smaller businesses are often more vulnerable due to weaker security.
Regardless of your business size or budget, here are the latest threat trends you need to be aware of, and which proactive measures you should prioritise.
At the start of 2024, we’re seeing an alarming trend of highly sophisticated, well-organised cyberattacks on enterprise infrastructure — particularly with ransomware.
Threat actors are conducting extensive research on their targets, focusing on details like phone numbers, job titles and the financial health of organisations. This research helps them determine where their time and resources are best invested for maximum impact, particularly for extracting ransomware payments.
And unfortunately, we have seen a sharp increase in ransomware-type attacks. Ransomware is now widespread and operates like a business, with criminals selling illegal access to systems.
Old tricks are the best tricks — and social engineering (including bribery) has worked for decades. Which leads us to the next security trend: the rise in social engineering. These techniques involve manipulating individuals to gain confidential information or access to systems.
There’s a documented instance of attackers exploiting a third-party cellular provider by paying off an employee to replicate the cell phone numbers of a targeted account. Attackers were then able to bypass SMS-based multifactor account protections.
This is a jarring example of attackers’ ability to leverage insiders within third-party companies to circumvent security measures, as well as the importance of a multifaceted approach to protection and authentication.
We’re also seeing a marked increase in the deployment of phishing-type attacks. Phishing attacks, which use deceptive emails to exploit human error and breach security, are now one of the leading methods of cyberattack.
In my experience and from what I’ve seen, phishing is the go-to trick to get into most places because, let’s face it, we humans can’t always keep up with the machines.
The most effective counter is all about privileged access management and improved endpoint detection as the two main defenses. This approach creates strong barriers against these types of deceptive attacks.
It’s better to prevent fires than fight fires. If you’re only fighting fires, you’re not going to do anything but fight fires... forever. I advocate for a proactive approach, combining privileged access management with strict security protocols to create a robust defense system.
This strategy acts as the first line of defense against attacks. Implementing multifactor authentication is a critical part of this approach, effectively blocking intruders before they can even start their attacks. However, as we just explained, even multifactor authentication isn’t bulletproof. In addition to multifactor authentication, you must employ a multifaceted approach to account protection that includes improved endpoint detection.
It’s better to prevent fires than fight fires. If you’re only fighting fires, you’re not going to do anything but fight fires... forever.
Strengthen your digital security by shifting from weaker SMS-based MFA to more secure multifactor applications and physical security devices. Regularly updating and renewing security tokens is essential to enhance the MFA system and improve identity management throughout your enterprise. Also, enabling MFA on “some” accounts isn’t enough. If all accounts aren’t protected, the bad guys will go after the ones without MFA.
Disable any SMS-based MFA and require the organisation to use a multifactor application or a physical security device.
Revoke all security tokens and force MFA if you’re able. This will require everyone to log back in using the new MFA requirement.
Enable MFA on all accounts. Period.
Strengthen access control by implementing a robust verification process for active directory account managers. Focus on privileged identity management, combine it with a comprehensive patching protocol, and ensure that your third-party tools are securely integrated within these validation and authorisation systems.
Ensure all teammates responsible for creating or changing Active Directory (AD) accounts have a multifaceted verification process to confirm the authenticity of the contact — and are retrained on these procedures on a regular basis.
Use Privileged Identity Management (PIM) for all global admins and elevated accounts. If available, use Just in Time (JIT) access.
Confirm AD is patched to the latest level and consider increasing the frequency of regular patching.
Ensure all third-party tools connecting to or federating with AD are patched to the latest version.
Restrict accounts used for federation across AD to the minimum amount of required permissions.
Confirm logging and alerting are enabled for all AD activity, including federation and operational changes at the domain level.
Turn off and block legacy authentication methods (e.g., New Technology LAN Manager).
Consider tools like Defender for Identity to help surface lateral movements and malicious activities.
Enhance your system’s security by restricting administrative access via Secure Shell Protocol (SSH). Implement a policy of minimal access, reinforce it with thorough logging and maintain strong alert systems to monitor any administrative breaches.
Disable administrative access over SSH for all your hypervisor hosts.
Ensure that local administrative accounts on hypervisor hosts are disabled or severely restricted. The passwords should be unique per host.
Validate that any shared authentication for management of your hypervisors are restricted to the minimum level of access required.
Confirm that MFA is applied to access any administrative function in your hypervisor.
Ensure you have logging and alert enabled for all administrative activity on the hypervisor.
Ensure your backup storage is immutable. Limit administrative access and integrate MFA into all administrative functions to maintain and protect data continuity.
Ensure your backup platform storage is completely immutable via a vaulting mechanism.
Disable all noncritical administrative access to the backup infrastructure.
Check that MFA is required to access administrative functions.
Test your backups. Confirming you can actually restore from backups is critical.
Incorporate resilience into your business continuity plans. Keep your incident response teams prepared, regularly train them, and make sure your system failure protocols in the continuity plans are effective and well-practiced to handle unexpected disasters.
Have an incident response team on standby in the event of an incident. In some instances, time of compromise to complete loss of platforms occurs in under two hours.
Make certain that your organisation’s business continuity plan is up to date and practiced on a regular basis.
Consider executing a tabletop activity to test adding multiple system failures to the continuity plan — taking the above recommendations into account
That last tactic can’t be understated. It’s not enough to have a plan — you must practice it.
Tabletop and Red Teaming are important exercises to get teams prepared — both technically and mentally. This is something we do with our teams and our clients. They are effective ways to test your plans, along with your ability to adjust to dynamic impacts or what might throw your teams for a loop. And then, when an event does occur, your team’s natural motion will kick in, and they can respond with calm, clear minds.
Any security expert will agree: you must regularly revise and implement your core security strategies to remain firm and resilient against any cyberattacks. But the real effectiveness of any security strategy is proven during actual security incidents.
Advanced detection tools, improved with machine learning and data analytics, help identify even the smallest irregularities. Effective monitoring and detection allow incident response teams to neutralise threats and minimise damage.
Additionally, clear and well-defined communication protocols keep everyone, from executives to engineers, informed and in sync during these situations, mitigating the chaos of a security event.
In the unfortunate and challenging realm of ransom negotiations, drawing on the expertise of well-informed professionals is key to recovery efforts.
Deciding whether to pay up or not? That’s a tough call you’ll make with your insurer, weighing how much you stand to lose from a variety of angles.
It’s critical to have a plan to guide your business through a swift recovery process after a cyberattack. By leveraging strong cloud security solutions and rapid deployment, companies can quickly transition from recovery mode to business as usual.
But remember, cyberattacks aren’t like chickenpox. Going through it once doesn’t exempt you from future exposure.
Every stage, from preparing before an attack to recovering after it, requires a combination of best practices and specialised knowledge. Enterprises keen on developing effective protection for today’s environment must adopt an always-ready security posture to meet cyberthreats with resilience rather than open vulnerability.
The goal is straightforward: Don’t become a news headline about the latest cyberattack. As we begin 2024, I can’t overstate the importance of proactive security measures like multifactor authentication, strengthening authentication systems and continuously updating critical infrastructure. The ability to adapt as cyberthreats continue to evolve requires an approach that proves more than equal to the task and up to the challenge.
Preparation, vigilance and resilience are essential in an era where cyberthreats are constant. Insight is committed to helping our clients with the latest cybersecurity tools, expert knowledge, and the most effective strategies to produce the best possible outcomes before, during or after an event.
Our cybersecurity experts are an extension of your team to ensure you're prepared for anything.
Learn more
