Magazine Button
Duo Security CISO on why cybercriminals are targeting enterprises

Duo Security CISO on why cybercriminals are targeting enterprises

Enterprise SecurityTop Stories
Richard Archdeacon, Advisory CISO at Duo Security, now a part of Cisco, discusses why cybercriminals target enterprises

Richard Archdeacon, Advisory CISO at Duo Security, now a part of Cisco, discusses why cybercriminals are increasingly looking to target the enterprise instead of consumers.

There has always been a huge interest in the enterprise as a target. Criminals are motivated by revenue as with any business and so they have looked for the best ROI on any activity. Enterprise businesses offer a larger opportunity for revenue and an increased payback.

Core information such as customer details can be resold at a known margin and the interconnected nature of enterprises means one breach may provide the door to another target. There is also an interoperation between pure criminals and nation states; stealing IP, or producing the tools to do so, can be just as profitable when sold on to a third-party nation state.

When prioritising the defence of the enterprise one approach is to mirror the criminal attacker by looking at security as a financial issue. Analyse the biggest risk to the business, whether it is maintaining a constantly available network, protecting a specific piece of IP, or ensuring that there are no breaches that will impact the brand value. Focus efforts on the business areas which underpin this requirement first.

Thinking like the bad guy is the starting point to reduce these risks to the enterprise. Criminals benefit from a vulnerability, whether in technology, a broken or tardy process or the unfortunate but willing employee who provides a route into the organisation.

Criminals will also look for low hanging fruit and often use exploits that are many years old – reducing their costs and increasing ROI. So, having an up to date view is a priority and focusing the basic elements is often has a better ROI than a complex solution.

There are a number of key steps that can be taken. Firstly, understand your users and make sure that their access to applications is controlled and authenticated. This stops any compromised user account being used. It closes the open front door.  Secondly, understand what devices are used within the organisation and who owns them.

Identify a device when it is entering your network, or using one of your applications, and update your understanding at that stage. Finally, understand that nearly every major security incident involves an exploited vulnerability, such as an outdated or unpatched device.

Having fully up-to-date view when vulnerabilities are announced so often is a major operational headache. Taking an approach which checks the device status and approves its trustworthiness at the point of login will reduce this risk.

Understanding why and how criminals could make money from the organisation and how to make it impossible, too difficult or too expensive is the most important first step to take to protect the business.

 

Click below to share this article

Browse our latest issue

Intelligent CISO

View Magazine Archive