65% of organizations saw at least 3 OT system intrusions within the past year

65%-of-organizations-saw-at-least-3-ot-system-intrusions-within-the-past-year

As OT tech becomes more advanced, so do the cybersecurity concerns surrounding it, Fortinet found.

Image: ipopba, Getty Images/iStockphoto

The majority of organizations (65%) experienced at least three operational technology (OT) system intrusions within the past year, up from 18% in 2019. Some nine out of 10 organizations said they saw at least one intrusion in the same time frame, a Fortinet report found. 

Fortinet’s 2020 State of Operational Technology and Cybersecurity report, released on Tuesday, examined the massive role security plays in OT professionals’ responsibilities. As OT tech becomes more advanced, so do the cybersecurity concerns surrounding it. 

SEE: Zero trust security: A cheat sheet (free PDF) (TechRepublic)

OT is critical for the function of the economy, powering factories, energy production and transmission facilities, transportational networks, and utilities worldwide. Some of the latest advancements in OT involve the convergence of its infrastructure with IT networks, improving operational efficiency and profitability, according to the report. 

However, this dependence means that the OT systems adopt all of the security threats IT systems face. Additionally, OT system attack surfaces many times also include Internet of Things (IoT) devices in remote locations. 

This threat landscape means that OT leaders have had to increasingly shift their focus to cybersecurity, more than ever before, the report found. 

OT leader responsibility to security

Some 80% of OT leaders said they regularly participate in cybersecurity decisions, and half said they have final say in those decisions. 

Along with supervising operations teams and managing production efficiency, more than half (64%) of OT leaders said that they are directly responsible for security, too. Nearly three-quarters (71%) said they are regularly involved in IT cybersecurity strategy, up from 56% in 2019, indicating the importance of keeping systems secure. 

However, there is a shift that places OT security under CISOs. Currently, 22% of companies said the CISO manages OT system security, up from 18% in 2019, and 61% said they expect OT security to be transferred to the CISO team in the coming year. 

If that continues as expected, some 83% of organizations will have CISOs managing OT security by next year.

Where OT infrastructures lack protection

While OT leaders have security features in place, some are missing key areas. An example provided in the report involved security information and event management (SIEM) solutions, which is a commonly cited security precaution. 

Even though it is considered common, nearly four in 10 said they lack this tool. Additionally, nearly half lack a Technical Operations Center (TOC) and a Security Operations Center (SOC), with more than half missing a Network Operations Center (NOC). 

Of respondents who do have a SOC, the majority (77%), said they don’t have all OT activities centrally visible by the security operations team. Features that allow for zero-trust access are also absent from organizations, including internal network segmentation (47%), network access control (59%), and multifactor authentication, the report found. 

Some 58% of companies said they see their budgets increasing in 2020, but many OT leaders still struggle with measuring and analyzing security.

Vulnerabilities (64%), instructions (57%), and cost reduction resulting from cybersecurity efforts (58%) are most often reported and tracked, but the last common reported metric is tangible risk management outcomes (43%). This insight shows that OT security may not be fully integrated into the enterprise-level risk considerations, the report found. 

This integration is crucial, however, as only 8% of organizations reported having no instructions over the past 12 months. The most common attacks included malware (60%), phishing (43%), and hackers (39%), according to the report. 

Best practices for top-tier organizations 

The report offered 7 best practices for keeping OT systems safe. 

1. Keep OT activities centrally visible to security operations teams

The report found that top-tier organizations are four times as likely to have OT activities centrally visible to security operations teams. The centralized visibility is critical to having full coverage of security protection within the enterprise. 

2. Track and report on vulnerabilities 

Top-tier OT leaders are 133% more likely to track and report on vulnerabilities found and blocked, according to the report. 

Nearly half of data breaches in the past year fell on software vulnerabilities, but less than half of bottom-tier organizations successfully track and report those flaws. 

3. Place the CISO or CSO responsible for OT security

With OT becoming more connected, security of the systems must be included in the larger cybersecurity infrastructure. Top-tier organizations are twice as likely to have the CISO or CSO responsible for OT security, the report found. 

4. Give OT leaders security responsibility too

Security should be the foundation for OT tech and not considered an afterthought. Top-tier OT leaders are 25% more likely to have direct responsibility for embedding security into OT processes. 

5. Adopt a NOC

Organizations should have centralized visibility and monitoring of network activity across OT environments to guarantee optimum performance and security. Top-tier organizations are 25% more likely to have a Network Operations Center (NOC) to achieve this. 

6. Use response time as a security measurement

More than half of top-tier respondents ranked response time to security issues as either a first or second priority. These successful OT leaders are also 25% more likely to be measured by that response time. 

7. Report on compliance to executive leadership

Compliance is also a big concern for the top leaders of organizations. Top-tier companies said they mostly do regular reports, suggesting they have automated compliance reporting across the whole enterprise, allowing for real-time reporting and quicker improvements. Top-tier OT leaders are also 25% more likely to report on  compliance with industry regulations to company leadership. 

For more, check out Running a more efficient IT security operations center: How to keep tasks on target on TechRepublic.

Cybersecurity Insider Newsletter

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays



Sign up today

Also see 

Why organizations often have trouble containing cyberattacks

why-organizations-often-have-trouble-containing-cyberattacks

Many companies are hampered by the use of too many security tools and the lack of specific playbooks for common attacks, says IBM Security.

Getty Images/iStockphoto

Organizations often spend a lot of time, money, and resources on cybersecurity. Why then are cyberattacks frequently still successful? A report released Tuesday by IBM Security serves up some answers to that question.

SEE: Security Awareness and Training policy (TechRepublic Premium) 

Based on a survey commissioned by IBM Security and conducted by the Ponemon Institute, “The 2020 Cyber Resilient Organization Study” found that organizations have gradually improved their ability to plan for, detect, and even respond to cyberattacks over the past five years. Some 26% of the respondents said they’ve adopted formal, enterprise-wide security response plans during this time, up from just 18% in 2015. However, the ability of organizations to contain an actual attack dropped by 13% over the past five years, which IBM Security attributed to several factors.

First, though response planning has been getting better, 51% of respondents said that their Computer Security Incident Response Plans (CSIRPs) were informal or ad-hoc, or simply not applied consistently across the enterprise. This lack of consistency translates into real money. Organizations that have incident response teams and extensively test their response plans spend an average of $1.2 million less on data breaches than those who don’t have these methods in place, according to IBM.

Second, instead of having too few security products, many organizations have too many. Almost 30% of those polled said they use more than 50 separate security solutions and technologies, while 45% use more than 20 tools to investigate and respond to a cybersecurity incident. Further, many said that each incident to which they responded required coordination across an average of 19 different tools.

A glut of security tools can actually hamper an organization’s ability to combat an attack. Among the respondents, those who use more than 50 security tools ranked themselves lower in their ability to detect and respond to an attack. Beyond reducing the number of security products, using open and interoperable platforms along with automation technologies can cut down on this type of complexity. A majority of those surveyed said that the use of interoperable tools helped them improve their response to cyberattacks.

Third, even among organizations with a CSIRP, only 33% had playbooks for specific types of attacks. Among those, the most common playbooks were for DDoS attacks and malware. With ransomware on the rise, less than half of organizations with playbooks had one designed for a ransomware attack. Having predefined playbooks to counter common types of attacks provides organizations with a consistent and repeatable plan of defense.

“While more organizations are taking incident response planning seriously, preparing for cyberattacks isn’t a one and done activity,” Wendi Whitmore, vice president of IBM X-Force Threat Intelligence, said in a press release. “Organizations must also focus on testing, practicing, and reassessing their response plans regularly. Leveraging interoperable technologies and automation can also help overcome complexity challenges and speed the time it takes to contain an incident.”

To improve your organization’s defense methods against cyberthreats, IBM Security recommends the following steps:

  • Implement an enterprise-wide Computer Security Incident Response Plan (CSIRP) to minimize business disruption. But just having a CSIRP is not enough; it should be implemented across the organization and reviewed on a regular basis. As the volume and severity of attacks increase year after year, the lack of an updated CSIRP may increase the risk of experiencing significant disruption to IT and business processes.
  • Tailor response plans to specific attacks in your industry. Cybersecurity attacks come in many forms. Organizations can strengthen their security postures by understanding the top threats in their industries and preparing detailed response plans to help ensure team members know the steps needed to investigate and remediate a specific attack.
  • Embrace interoperability to increase visibility and reduce complexity. As organizations navigate complex security environments, the most effective teams leverage interoperability to increase the visibility of tools and data to help prevent and detect attacks. Approaches that streamline workflows help increase the productivity of the security operations center.
  • Invest in technologies to accelerate incident response. Technologies such as automation, analytics, artificial intelligence, and machine learning as well as cloud services were leading reasons organizations improved their cyber resilience. Automation, in particular, helps companies improve operational efficiencies and reduce team churn by freeing up time to focus on the high- value tasks needed to investigate and respond.
  • Align your security and privacy teams. Organizations with stronger cyber resilience recognize that security and privacy go hand-in-hand. Eliminate silos and encourage a culture of collaboration to more effectively respond to data breaches. Bringing the security and privacy teams together early and often will improve security posture sooner than if they work together for the first time during a massive security incident.
  • Formalize C-level/board reporting to raise the visibility of the organization’s cyber resilience. Business leaders recognize that cyber resilience affects revenue and reputation. Thus, keeping cyber resilience performance front and center is imperative to ensure it receives the required level of investment and resources.

Conducted by the Ponemon Institute and sponsored by IBM Security, the 2020 Cyber Resilient Organization Report elicited responses from more than 3,400 security and IT professionals from around the world, including the US, UK, India, Germany, Brazil, Japan, Australia, France, Canada, ASEAN (Association of Southeast Asian Nations), and the Middle East.

Cybersecurity Insider Newsletter

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays



Sign up today

Also see

52% of organizations’ business operations are being scaled down

52%-of-organizations’-business-operations-are-being-scaled-down

How HR leaders should adjust their priorities for the remainder of 2020, according to new Gartner research.

Image: Nuthawut Somsuk, Getty Images/iStockphoto

More than half (52%) of 172 HR leaders surveyed said their organizations’ business operations are continuing at reduced levels due to the COVID-19 pandemic, according to a newly released survey by Gartner. Perhaps not surprisingly, optimizing costs is the business priority that has changed the most since January 2020 for 40% of 146 respondents, the survey found.

SEE: Video teleconferencing do’s and don’ts (free PDF) (TechRepublic)

 

“Many organizations have entered the recovery phase and are focused on stabilizing the business and restarting activity,” said Mark Whittle, vice president of advisory in Gartner’s HR practice, in a statement. “HR leaders will play a critical role during this period.”

 

Much of that role requires them to deal with the uncertainty around several key issues, Whittle said, including equipping leaders to manage remote teams over the long haul, preserving company culture with a more remote workforce, and engaging workers in a cost-constrained environment.

HR leaders are adjusting their priorities for the remainder of 2020 to address these issues and best support the business. In December 2019, the top five HR priorities for 2020 were: building critical skills and competencies, strengthening the current and future leadership bench, incorporating organizational design and change management, driving digital business transformation, and enhancing employee experience.

SEE: Life after lockdown: Your office job will never be the same–here’s what to expect (cover story PDF) (TechRepublic)

A Gartner survey in May of 160 HR leaders found that while those top five priorities have not changed–the order and the lens through which organizations must view the priorities have. The future of work is number one, followed by: Critical skills and competency development; organizational design and change management; employee experience; and current and future leadership.

Where to go from here

To successfully navigate today’s new normal, Gartner said chief human resource officers (CHROs) and senior HR leaders must address each of these priorities:

1. Future of work

Leaders need to consider the predictions for what the future of work will look like and assess the likelihood of each trend impacting their organization.

“Business leaders are planning for entirely new scenarios,” said Brian Kropp, chief of research for Gartner’s HR practice, in a statement. “For many, if not all organizations, the three-year strategic plan may be gone, and planning is occurring quarterly.”

 

Perhaps most importantly, Kropp added, “understanding the future of work is about understanding the permanent workplace shifts post-COVID.”

2. Critical skills and competency development

A recent Gartner survey of 113 learning and development leaders found that 71% reported that more than 40% of their workforce has had to use new skills because of changes to work due to COVID-19, Whittle said.

To adopt a more dynamic approach to managing shifting skills needs, Gartner is advising HR leaders to focus on three actions:

  • Identify areas of the organization with significant changes in priorities and related changes in skill needs. Then break roles and projects that need support into individual skills and outcomes.
  • Upskill a select cohort of motivated and influential employees to provide personalized learning support to colleagues.
  • Foster internal movement across the organization by engaging employees to gauge their skills, goals, and points of confusion around organizational skill needs.

3. Organizational design and change management

Gartner research shows that successful change management outcomes require a shift from top-down change led by senior leaders and communicated down to employees, to “open-source change,” meaning employees are involved in designing change processes.

In fact, when organizations use an open-source change strategy, the probability of change success increases by as much as 24 percentage points, the firm said.

To achieve an open-source change culture, HR needs to help managers and leaders create two-way dialogues that acknowledge the reality that change is difficult and then listen to employees’ reactions, Gartner recommended.

Adopting open-source change management can increase employee engagement by as much as 38 percentage points and intent to stay by as much as 46 percentage points, according to the firm.

4. Employee experience

The pandemic and fallout has changed the focus of employee experience to sustaining the performance and engagement of a hybrid workforce–some employees working fully remote or partially remote and others at the workplace.

To gauge employee experience during the disruption, HR must answer three questions:

  • Organizational trust: To what extent do our employees believe we really value people and are ensuring their well-being?
  • Commitment to coworkers: How are employees collaborating with and learning from team members?
  • The right capabilities: Are we helping employees get the skills and tools and resources they need to be successful in this disruption and new normal?

5. Current and future leadership

Organizations need resilient leaders more than ever. According to Gartner to foster resilience, HR needs to support leaders at the personal, team and institutional levels:  

  • Personal: Identify leaders’ skills gaps and create leader-to-leader partnerships that give them opportunities to help each other by pairing those with complementary skills.
  • Team: In a remote work environment, employees are 3.5 times more likely to collaborate with five or more teams than when in the office. Leaders need to learn how to better lead during ambiguity, how to identify and secure needed resources for their teams, and how to better connect their teams and direct reports with others to develop skills and get more resources.
  • Institutional: HR needs to ensure performance management objectives reflect and reward leaders that efficiently connect teams to the right resources. Leaders must also be empowered and encouraged to dynamically adjust annual goals and review all workflows to align to the right priorities.

Complimentary research about how to lead organizations through the disruption of coronavirus can be found in Gartner’s coronavirus resource center.

Executive Briefing Newsletter

Discover the secrets to IT leadership success with these tips on project management, budgets, and dealing with day-to-day challenges.
Delivered Tuesdays and Thursdays



Sign up today

Also see

Why organizations should consider HTTPS inspection to find encrypted malware

why-organizations-should-consider-https-inspection-to-find-encrypted-malware

Some 67% of all malware seen in the first quarter was delivered via HTTPS, according to security firm WatchGuard Technologies.

Image: nicescene, iStockphoto

HTTPS was designed to secure web traffic by encrypting communications and thus prevent man-in-the-middle attacks and other types of eavesdropping. But HTTPS can hide malicious traffic directed toward an organization since a secure gateway by itself won’t inspect encrypted content. 

HTTPS inspection is a process by which you can analyze the encrypted web traffic and content, though some organizations shy away from this technique as it can do more harm than good if not implemented properly. A report released Wednesday by WatchGuard Technologies explains why HTTPS inspection can help in your security analysis.

SEE: Encryption: A guide for business leaders (free PDF) 

In its Internet Security Report for Q1 2020, WatchGuard reported that 67% of all malware last quarter was delivered via HTTPS. Since more websites now use HTTPS for encrypted connections, many WatchGuard customers have enabled HTTPS inspection, which looks for malicious content by decrypting traffic at the gateway. Though signature-based security products can combat known threats, they’re unable to block much of the malware that can get through unless combined with the inspection of encrypted traffic.

Setting up HTTPS inspection can be tricky as it does require some extra effort. And if not configured correctly, this process can actually weaken the end-to-end encryption and protection provided by security gateways and products.

“Some organizations are reluctant to set up HTTPS inspection due to the extra work involved, but our threat data clearly shows that a majority of malware is delivered through encrypted connections and that letting traffic go uninspected is simply no longer an option,” Corey Nachreiner, chief technology officer at WatchGuard, said in a press release. “As malware continues to become more advanced and evasive, the only reliable approach to defense is implementing a set of layered security services, including advanced threat detection methods and HTTPS inspection.”

A report from the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) offers some recommendations on HTTPS inspection.

“Organizations using an HTTPS inspection product should verify that their product properly validates certificate chains and passes any warnings or errors to the client,” CISA said. “A partial list of products that may be affected is available at The Risks of SSL Inspection. Organizations may use badssl.com as a method of determining if their preferred HTTPS inspection product properly validates certificates and prevents connections to sites using weak cryptography. At a minimum, if any of the tests in the Certificate section of badssl.com prevent a client with direct Internet access from connecting, those same clients should also refuse the connection when connected to the Internet by way of an HTTPS inspection product.

SEE: Ransomware attack: Why a small business paid the $150,000 ransom (TechRepublic)

“In general, organizations considering the use of HTTPS inspection should carefully consider the pros and cons of such products before implementing,” CISA added. “Organizations should also take other steps to secure end-to-end communications, as presented in US-CERT Alert TA15-120A.”

To bolster your overall security defenses, WatchGuard also offers the following advice:

  • TLS inspection Is a necessity. Only inspecting unencrypted traffic doesn’t cut it anymore. If you don’t inspect TLS encrypted traffic, you will only catch a third of the malware coming into your network. Configure your network perimeter to inspect encrypted traffic in a secure way with the use of trusted certificates. While it is a bit of extra work, once completed, the firewall will have visibility into the other two-thirds of malware you’d miss otherwise.
  • Use a layered defense. Using an outdated single layer of defense on your network perimeter is not enough to block most attacks. No antivirus product can protect you from every malware variant but a layered defense consisting not only of signature-based security but also machine learning, malware sandboxing, and education of the end user can increase your chances against the current threat landscape significantly. In addition, we recommend endpoint detection on individual computers for protection against malware that bypasses the perimeter, such as variants spread through USB drives or smartphones.
  • Block Command and Control (C2C) channels and malicious sites. Ransomware and other malware increasingly spread through compromised sites and name squatting, where the name of the malicious site looks like the name of a popular real site. Network security services need a real-time guard to prevent botnets from accessing Command and Control domains as well as prevent users from visiting phishing sites. Any endpoint detection should also include protection against ransomware by not only blocking the malware but also blocking any actions the ransomware takes against business-critical data. Leverage security services that block these sorts of sites via DNS or normal HTTP queries.

Cybersecurity Insider Newsletter

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays



Sign up today

Also see

80% of organizations did not have a remote work program before COVID-19

80%-of-organizations-did-not-have-a-remote-work-program-before-covid-19

The coronavirus pandemic completely altered the way of work, changing the landscape for hiring and daily business operations, Mind Edge and Skye Learning found.

Image: Zinkevych, Getty Images/iStockphoto

The majority of employers (80%) said they did not have a remote-work program before the onset of the coronavirus pandemic, but the crisis forced companies to adapt, a Mind Edge and Skye Learning report found. This significant shift completely altered the working world,  impacting hiring, work/life balance, and daily business operations.

The State of Remote Work 2020: The Age of the Pandemic report, released on Tuesday, surveyed more than 800 US remote workers to determine their attitudes surrounding work from home (WFH). 

SEE: Top 100+ tips for telecommuters and managers (free PDF) (TechRepublic)

While social distancing guidelines around the nation are still recommended, many businesses are looking to return to the office. The situation is still uncertain, however: Nearly a third (28%) of workers and managers said they expect to remain working remotely full time even after returning to normal operations, but another 35% said they expect to return to the office full time. 

Opinions surrounding WFH varied, according to the report, with many struggling to strike a balance between work responsibilities and home life. 

“For many people, remote work has blurred the line between ‘work’ and ‘life,'” said Jefferson Flanders, CEO of MindEdge Learning. “One of the biggest complaints from survey respondents was that they were unsure when it was time to end work for the day; as a result, we suspect that a lot of folks are working longer than they might be if they were still at the office.” 

Advantages and disadvantages of remote work 

“Many workers have been increasingly hard-pressed to maintain a healthy work-life balance, especially since the rapid shift to fully remote work,” Flanders said.

Some 30% of respondents said that working from home made their jobs harder, while 26% said it made their jobs easier. Most (40%) said the impact of remote work was both positive and negative, the report found. 

Workers ages 45 and older seemed to struggle the most, with 33% reporting that WFH made their jobs harder. 

Some of the biggest complaints with WFH included the increased number of meetings or phone calls (44%), problems with communication technology (37%), distractions at home (33%), and uncertainty about when to end the work day (23%), according to the report. 

“There are some sobering findings as well. Only 12% of workers say that working remotely has had a positive effect on their mental health, and half say that working from home has had a negative impact on their emotional or mental health,” Flanders said.

“Those who reported an even stronger dislike? Parents with school-age children at home, with half (50%) reporting a negative impact on their emotional or mental health,” Flanders added. 

Remote workers found ways to break up the time and reduce stress, however. More than half (51%) said they went outside for a walk/fresh air, some 43% said they caught up on TV, and 31% said they took breaks to spend time with family.

As for the positive sides of WFH, “It’s what you would expect: Flexibility and shorter commutes top the list, of those who say that remote work has made their jobs easier,” Flanders said. 

The majority (66%) cited increased flexibility as the biggest perk, followed by a lack of commute (59%) and fewer interruptions (46%). 

Changes in the hiring and training landscape 

The report also explored how hiring and training has shifted during this time. 

“Despite the recent disruption of the economy, 37% of the managers in our survey say their companies are hiring, and they express a strong preference for experienced workers (42%) rather than recent college grads (17%),” Flanders said. 

“But in this very uncertain economic environment, we think that the demand for training is going to be very strong,” Flanders noted. “Even before the coronavirus hit, our surveys found that many workers were interested in skills training to ‘future-proof’ their careers. Now that so many workers are unexpectedly back in the job market, we think that many of them will be looking for skills training to get a leg up on the competition.” 

Within organizations, that majority (82%) of managers said that training in how to manage remote employees would be helpful in navigating this new work environment, indicating that employees want to be upskilled, for the most part. 

“For those who are looking for a job, one of the biggest findings in our survey is that managers place a high value on certifications—exam-based credentials awarded by an industry-recognized group,” Flanders said. 

“Close to three-quarters (72%) report that certifications on a candidate’s resume hold a great deal or fair amount of value,” Flanders said. “With this in mind, graduates who are new to the workforce can begin to prepare for remote work positions by building their credentials to remain agile in times of flux.” 

For more, check out CompTIA offers remote certification exams, extends exam voucher expiration dates due to coronavirus on TechRepublic. 

Tech News You Can Use Newsletter

We deliver the top business tech news stories about the companies, the people, and the products revolutionizing the planet.
Delivered Daily



Sign up today

Also see

How to protect your organization’s domain from security threats

how-to-protect-your-organization’s-domain-from-security-threats

Unlocked domains are susceptible to malicious tactics that can lead to unauthorized DNS changes and domain name hijacking, says CSC.

Image: Getty Images/iStockphoto

Your organization’s public-facing domain is often as important and critical a resource as are your internal files, data, and network. And just as you protect your internal infrastructure from cyberthreats, so too do you need to protect your domain. A report released Tuesday by domain security provider CSC highlights some of the security threats that can affect your domain and what you can do to fight them.

SEE: Zero trust security: A cheat sheet (free PDF) (TechRepublic) 

Registry locks

Analyzing the domain security practices of companies across the Forbes Global 2000, CSC found that only 17% of organizations use registry locks to prevent domain name hijacking and unauthorized changes to their DNS. Without a lock, such threats could take a website offline or redirect users to malicious content. Many domains may be unlocked as not every domain registrar offers this service.

But a registrar lock alone may not be sufficient. In one example cited by CSC, a security expert lost his core domain to scammers. Even though the domain owner had a lock, the registrar succumbed to a scam and transferred his domain to another registrar. To protect against this action, the owner should have insisted on a registry lock that prevents domain transfers initiated by the registrars.

DNS hosting

Only 20% of the global 2000 companies use enterprise-grade DNS hosting. Using a non-enterprise DNS host without redundancy can lead to potential security threats such as distributed denial of service (DDoS) attacks. If your DNS goes down, then your websites, email, remote employee access, and other services go down as well.

SEE: How some presidential campaigns use DMARC to protect their domains from being spoofed (TechRepublic)

DNSSEC

One measure that can defend against DNS-related attacks is DNSSEC (Domain Name System Security Extensions), which authenticates and secures communications between different DNS servers. Only 3% of the companies in the Forbes Global 2000 use DNSSEC, according to CSC. Yet the lack of this security measure can help attackers hijack elements of the DNS lookup process, allowing them to control a browsing session and redirect users to malicious websites.

CAA records

A
certificate authority authorization
(CAA) record determines which certificate authorities (CAs) are authorized to issue a certificate for a specific domain name. A CAA provides protection for your domain as it ensures that only your chosen CA can issue certificates. However, just 4% of the Global 2000 companies analyzed by CSC have adopted CAA records. The risk here is that an attacker who is able to access a domain name can always arrange for a new certificate to be issued without your knowledge.

SEE: Cybersecurity: Let’s get tactical (free PDF) (TechRepublic)

Email authentication

Spoofing an email to make it look like it was sent from a legitimate source is an easy enough task. One way to protect against such spoofs is through DMARC (Domain-based Message Authentication, Reporting & Conformance), which verifies that email messages are being sent from the correct domain. However, only 39% of the Global 2000 companies currently use DMARC. Without this type of protection, an organization’s email domain could be used for email spoofing, phishing scams, and other crimes.

To help your organization improve its domain security measures, CSC suggests the following steps:

  1. Incorporate secure domain, DNS, and digital certificate practices into your overall cyber security posture.
  2. Use a defense in-depth strategy to secure your domains, DNS, and digital certificates. As part of this strategy, select an enterprise-class provider though which you can secure access to your domain and DNS management systems (two-factor authentication, IP validation, federated ID), control user permissions, and leverage advanced domain security features.
  3. Consolidate your domain, DNS, and digital certificate providers into one enterprise-class provider.
  4. Proactively identify, understand, and employ the appropriate security measures for your vital domain names through an enterprise-class provider. Choose a provider that offers continuous vital domain name identification, registry lock, DNSSEC, and DMARC.

Cybersecurity Insider Newsletter

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays



Sign up today

Also see