How to Face Off Evolving Cyberthreats with Managed Security Services

27 September 2019 |  Wai Kit Cheah, Director, Product Management (Security), CenturyLink Asia Pacific

Digital businesses in Asia Pacific (APAC) must be ready to fend off an onslaught of increasingly sophisticated cyberthreats with a proactive security strategy.  

As connectivity grows, the attack surfaces of digital businesses will expand. The perimeter is not so obvious anymore. Cybersecurity vulnerabilities will increase correspondingly, allowing attack vectors to cross the limits of Distributed Denial of Service (DDoS) attacks, SQL injection attacks or phishing attacks.
According to IDC, APeJ is projected to be the global leader in IoT spending in 2019, around 36.9% of worldwide spending1.

This increase in IoT deployments may potentially expand the attack surface due to device vulnerabilities and a lack of security controls.

According to the CenturyLink 2019 Threat Report2, the prevalence of a region’s cybercrime activities is directly related to the growth of connectivity infrastructures and networks.

As organizations drive towards digital transformation, coupled with the accelerated race in the deployment of 5G, there will be an increasingly vast number of connected assets across on-premise infrastructure, cloud and Internet of Things (IoT) networks. These are likely to introduce new attack paths for security threats.

Dawn of device-led cyberattacks

Gartner forecasts that 14.2 billion connected things will be in use globally this year, and that the total will soon reach 25 billion by 20213.

These “things” refer to connected devices as diverse as short-range connected devices such as smoke detection alarms or thermostats; wireless LAN (WLAN)-connected industrial or factory devices or smart home consumer devices such as CCTV cameras, wireless smart sensors and even a light bulb that could be switched on or off through a mobile app.

IoT devices can be categorized into either industrial, enterprise or consumer groups. Unfortunately, the reality is that the majority of enterprise IoT devices are not managed by an organization's IT team, while myriad consumer IoT devices out there are not likely hardened or secured. Their proliferation is set to propel device-centric cyberattacks to unprecedented levels.

WATCH: CenturyLink Black Lotus Labs tackles the Necurs botnet to protect customers and keep the Internet clean

One expected manifestation would be a direct hack of the device itself. Take for instance, wireless smart cameras used as home security surveillance. The popular ones are often in-built with cloud connectivity, so that users can view what's happening at home regardless of where they are.

To achieve this, the smart camera is configured to act as a wireless hotspot, connecting it to the user's main router via Wi-Fi. With a mobile app, users can watch the recording and control the camera to pan or zoom. Typically, the popular ones will come with an initial loader and thereafter a Linux core is loaded. The system is usually loaded to run with default services. If these devices are not hardened, they can easily be hacked by a perpetrator armed with basic knowledge of the default admin password.

There are numerous examples of how vulnerable IoT devices in combination with poor network security design could result in a successful breach. One such example was in the case of Target. There were no major obstacles in accessing their point of sale (POS) terminals inside their internal network. To illustrate this vulnerability, their external audit team supposedly accessed a cash register after they compromised a deli counter scale located in a different store4.
So, can you imagine the volume of threats extrapolated on a sea of IoT devices, particularly when many are maintained by third party vendors and can be used to access your network.
A software-generated attack, however, manifests on a very different scenario, as in the case of a DDoS attack.
 

A single controlling device connected to numerous other compromised devices can trigger an attack. By commanding them to send synchronization (SYN) packets to the target in a rush, where the volume of bot traffic generated is so overwhelming that it can take down an online service or crash an entire website.

The aftermath of such attacks is often cumbersome, with a string of damages for CISOs and CSOs to work through—from unplanned downtime and monetary losses, to service recovery and long-term management of reputation loss. 

The cybersecurity reality

Another grave concern is that DDoS attacks are no longer focused on traditional targets such as retail organizations or e-commerce sites—but are aimed at businesses of all sizes and industries.

CenturyLink has observed that several verticals such as online gaming service providers are potential targets for as high as hundreds of DDoS attacks each day. With multiple attack types and strategies such as multi-vector and diversionary attacks at their disposal, threat actors can go after a broader set of targets with much greater ease. 

Learn why CenturyLink was ranked by IDC as a "major player" among companies that protect against DDoS. 
Burgeoning smart cities in APAC such as Singapore have the connected infrastructure to accelerate IoT on 5G networks, hence becoming hotbeds for DDoS attacks.
 
Enterprises in APAC are well familiar with the demands of cybersecurity. However, their conventional defend-and-mitigate approach is passive against the scale and scope of what is upcoming. To effectively reduce the risk of a compromise, they must overcome their inertia for change, to adopt a holistic and proactive security monitoring and threat removal approach. 

For this to happen, they must first conquer their cybersecurity fatigue, which is the result of exhausting management and scaling of in-house security solutions that have become piecemeal from years of knee-jerk implementations. These could conflict, overlap and leave gaps in their security posture, and are challenges without easy fixes.

There is also the problem of security solutions flooding IT organizations with reports and alerts that lead to no action. This is mainly because they either lack the specialization or the manpower among their teams to effectively contextualize the wealth of data into actual cyberthreat intelligence.

Demo: Take a peek into CenturyLink Managed Security Services portal that helps protect businesses from cyberthreats
To resolve these issues, forward-thinking businesses are opting to face off the incoming wave of fast-evolving cyberthreats, by leveraging the expertise of external security talents and experts. 

Armed and ready to mitigate cybersecurity threats

Cyberthreats are not homogeneous and can occur from within an organization. Insiders, either employees or contractors, with authorized privileges or access, can potentially introduce risks which are tough to detect-making it a real challenge for enterprises to safeguard important customer data or confidential and proprietary information. Another risk within an organization is the human element, often in form of mistakes or misconfigurations to IT systems or networks.

Trusted security partners that offer user and entity behavioral analytics (UEBA) services, for example, are becoming essential in helping them identify and act on such insider threats.

With UEBA, artificial intelligence and machine learning are used to profile each user persona to baseline what is considered normal behavior and the network activities associated with these users.
 
Together with information gathered from other sources, such as security information and event management (SIEM) and logs correlation, enterprises will be able to identify malicious activities and insider threats anchored deep within the network and hosts, separating activities which fall outside the boundaries of normal.
Explore the key elements for businesses to build digital trust. 

With the involvement of a security partner, businesses can step beyond their traditional log-based monitoring tools and find new ways to quickly and accurately detect, respond and mitigate potentially damaging attacks. 

This method not only identifies potential insider threat activities and predicts risk propensity faster, but also removes the guesswork from security operations personnel, freeing them to conduct investigations, triage analysis accurately and to resolve threat situations quickly.

Partnering with a trusted, global managed security service provider

Today, digital businesses are also increasingly hosting business-critical data and applications across vast networks, increasing the risk of a security breach.

If you are a digital business with multiple offices that directly connect to the Internet on a single, corporate-wide MPLS network, you have a large attack surface. As such, merely having endpoint protection security and log correlation in your security program is likely ineffective for detecting data breaches, and this scenario is typical of many business operations in APAC.

Organizations need to adopt a ‘Connected Security’ approach in their cybersecurity strategy that is designed to help ensure holistic and proactive protection of data from both insider and external threats.

With CenturyLink Managed Behavioral Analytics, available on our Security Operations Center (SOC) in Singapore, companies can seek effective protection from cyber-attacks that steal administrator credentials or establish command-and-control channel from their servers. 

Inside the CenturyLink Security Operations Center: Securing Your Digital Business 

By applying automated behavioral analytics service on the servers that house critical data, all the user and network activities will be monitored for signs of credential thefts, reconnaissance or lateral movement indicative of an attack. An attempt to exfiltrate data from the server will be detected by the service, followed by an investigation from our 24/7 SOC analysts, before notifying the customer, where the early breach detection enables us to remediate quickly to prevent further loss.

This strategic approach fortifies passive monitoring with necessary actions – to investigate and determine if an event is truly positive – before getting a recommended remediation solution.

As the digital landscape continues to evolve, it is imperative that enterprises act quickly to address their security shortcomings. Partnering with a trusted Managed Security Services Provider like CenturyLink is a fast and cost-effective way to achieving their desired outcomes, without loading their security programs with more management complexity.

Get in touch with us to discuss how we can take your cybersecurity strategy to the next level. 

1 FutureIoT, Asia-Pacific to lead IoT spending in 2019, Feb 2019
2 2019 CenturyLink Threat Report
3 Gartner Identifies Top 10 Strategic IoT Technologies and Trends, Nov 2018
4 Journal of Information Systems Education, Teaching Case Security Breach at Target, Winter 2018

This blog is provided for informational purposes only and may require additional research and substantiation by the end user. In addition, the information is provided "as is" without any warranty or condition of any kind, either express or implied. Use of this information is at the end user's own risk. CenturyLink does not warrant that the information will meet the end user's requirements or that the implementation or usage of this information will result in the desired outcome of the end user.

Links to CenturyLink's products and offerings are represented as of the date of issue.  Services not available everywhere.  Business customers only. CenturyLink may change or cancel products and services or substitute similar products and services at its sole discretion without notice. ©2019 CenturyLink. All Rights Reserved.




Related Articles
Get Connected. See What's Next for Business.
LinkedIn YouTube Facebook