teissTalk host Jenny Redcliffe was joined by Chucks Ojeme, Global Chief Information Security and Compliance Officer, Brenntag; Tom Owen, Chief Information Security Officer, Grafana; and Brian Chappell, Chief Security Strategist, BeyondTrust.
Views on news
Hundreds of thousands of emails have been sent out from an FBI-operated server containing the header: “Urgent: threat actor in systems.” Recipients had no reason to doubt that the email was sent out by the US Department of Homeland Security. The hacker claimed to have carried out the hack “to point out a glaring vulnerability in the FBI’s system.” The FBI obviously didn’t get the info security basics right.
Vendors and a large section of the industry tend to focus on edgy, shiny cyber security tools and dismiss cyber essentials as boring. Whenever Brian is asked about how he envisages cyber security developments of the next year, his number one prediction is that “we’re not gonna get the basics right yet again.” We need a new approach: as long as security is an add-on, there will be incidents. Instead, we should bake security into the fabric of a business’s activity.
How can Endpoint Privilege Management (EPM) turn security from a blocker into an enabler?
With hybrid work on the rise, businesses have a huge remote workforce and therefore, in addition to perimeter protection, they also need to put a lot of effort into endpoint privilege management. Organisations typically have two levels of users: standard and administration. EPM provides employees with sufficient access to remain productive in their roles.
The best practice in endpoint access management is to grant standard users the lowest possible privilege and elevate their privileges when the use of a specific application requires it. As a result, the organisation’s attack surface will definitely shrink. EPM needs to be tailored to users, devices and various environments, meanwhile, the way risk ownership is shared has to be revisited. For example, it’s engineers rather than security teams who are responsible for the risks that applications pose.
The transmission to the Cloud has changed the endpoint access management game too. (Today, 1,935 cloud services are used by a company on average.) AI and ML can do a great job in distilling and contextualising information that an organisation captures, as well as in providing information security professionals with actionable insights.
Ensure that you detect anomalies and identify adversaries before they find their way into your system and move laterally.
At endpoints it is the apps that need privileges, not the users. Rather than granting maximum privilege and then restricting it, as the legacy approach goes, endow standard users with explicit capabilities. AI-enabled processes mustn’t be self-sustaining. Employees should be challenged about them if they are out of their ordinary behaviour (“Something dodgy is happening, is it you?”)
Not only does the job need to be done but it also has to be done securely.
No matter to what extent you are a legacy or a cloud-based organisation, you can’t be complacent about either on premises or endpoint security.
Seek to hit the right balance between an open and a closed system. It needs to be open to enable employees to do their jobs and closed to lock out adversaries.
On Chucks’s cybersecurity project embracing a global approach.