Why security depends on outbound communications
IT security is firmly in the sights of most boards and business leaders. Because most businesses rely so heavily on their IT systems, the repercussions of a successful cyberattack can be disastrous for the business. Consequently, it’s essential for CEOs and board members to not just know what measures are in place to protect the organisation from malicious online activity but to drive a strong culture of security.
Within progressive businesses, the CEO is the owner of the information security management system with the company’s CSO reporting directly to the CEO. There is also a shift taking place where the CSO now has a place on the board.
Most business leaders know of the pressing need to protect the network perimeter. The proliferation of Internet of Things (IoT) devices and other end points means corporate networks are under increasing strain, because each connected device creates a new potential vulnerability. So it’s no surprise that organisations are so closely focused on closing these gaps and protecting the perimeter.
But focusing on perimeter protections to the exclusion of all other security measures can leave organisations vulnerable to attacks that use outbound communication to activate.
Cyberattacks can lead to huge losses
Every organisation is a potential target and Lloyd’s, one of the world’s largest insurance companies, has warned that the Australian economy faces a potential damage bill of $16 billion over the next decade due to cyberattacks. These potentially huge losses mean it’s incumbent on CEOs and other business leaders to put security at the top of their priority list.
A clear example of an attack that can cause losses is ransomware. Recent iterations of ransomware, such as WannaCry and Bad Rabbit, have hit many Australian businesses. Ransomware locks up a business’s files, making them unusable until the victim pays a ransom.
The amount is usually affordable to encourage victims to pay. Unfortunately, once they do, they’ve marked themselves as an easy target, and these cybercriminals are likely to target them again. Not paying means files remain locked and unusable until the business can find a workaround (usually through restoring backups).
Australian businesses can’t beat cybercriminals simply by throwing more resources at the problem: the criminals are too organised and well-funded. Instead, businesses need to be smarter than their hacker adversaries.
Why securing outbound communications matters
While most businesses have done a good job of protecting themselves against inbound attacks, many aren’t even aware of the threat posed by advanced persistent threats, data exfiltration and outbound communications.
This is important because, no matter how strong a perimeter is, simple mathematics and the law of averages suggest it’s still likely to be breached at some point. When this happens, the best a business can do is contain the threat. This is accomplished by detecting the adversary in their post-exploit phase and preventing the attacker from communicating outside the network.
No matter how strong a perimeter is… it’s still likely to be breached at some point. When this happens, the best a business can do is contain the threat.
Attacks are successful when hackers gain access to the network, then send a message from within the network to download the virus, malware or other payload. Blocking that outbound communication can nullify the attack. But, because many businesses don’t clearly understand the importance of detecting and then blocking this outbound communication, they don’t have appropriate security measures in place.
A holistic approach is essential
IT managers can use web/application content filtering, firewall rules and network segmentation to block and manage outbound traffic but may be reluctant to do so because it can affect the way users experience the network. It may make it harder for employees to access non-business sites and applications, and it can make it challenging to apply patches (which is a crucial aspect of end-point security).
However, the security risk outweighs these concerns. In fact, post-breach detection and protecting outbound communications could be considered the most important tools in neutralising attacks. As an essential component of that approach, web/application content filtering, network segmentation and breach detection should be mandatory.
Therefore, CEOs and business leaders need put in place information security management systems that align to industry standards such as ISO27001. Strong leadership is crucial: by taking the lead and setting the policy, CEOs can work closely with IT and security leaders to position holistic measures essential for the organisation’s protection.