#HowTo Neutralize Wide-Area Network Cyber-Threats

Amid the many heartwarming stories to emerge during the COVID-19 pandemic about people, communities and businesses mobilizing to support one another and the public good, the global health crisis also has revealed a darker reality about the digitally-focused world we live in: that as soon as vulnerabilities are exposed, attempts to exploit them are sure to follow.

This certainly applies to the communications networks on which businesses, schools, governments, medical providers and citizens have been dependent during the pandemic. As the crisis escalated, so did the reliance of many of these entities on their digital communications networks, and so, too, did the cyber security threats posed to these organizations, their data and their users.

The COVID-19 CTI League, a volunteer group of CTI experts formed specifically to neutralize cyber threats aimed at exploiting vulnerabilities related to the current pandemic, cited “reports of suspicious domains, compromised infrastructures, and other cyber-attacks by malicious actors.”

As a communications services provider that manages network security on behalf of healthcare providers, businesses, government agencies, schools and other organizations, Windstream recommends several steps and safeguards to protect wide area networks (WANs):

  1. Accelerate the move to a cloud/SaaS-based network with managed security. The surge in remote working requires a network to be not only secure for a distributed workforce but rapidly scalable in terms of bandwidth. Migrating a network and applications to the cloud can provide that cost-efficient scalability, while helping to relieve the added pressure and risk that increased traffic from remote workers place on a WAN. To protect the growing volume of data flowing across a WAN in a remote working environment, enterprises also might consider turning to a managed security solution for their remote access network. In doing so, they gain peace of mind knowing a third party is actively monitoring the network, administering enterprise-level security tools and responding to threats as needed. 
  2. Shift to a software-defined WAN environment. Relying on a legacy WAN with disparate, isolated links can make enforcing consistent security policies across a network exceedingly difficult. As a result, many enterprises are overlaying their network with software-defined WAN (SD-WAN) functionality, which enables consistent policy implementation and holistic use of security solutions across the network. SD-WAN also gives enterprises the agility to rapidly add bandwidth and adjust capacity to respond to fluctuations in network traffic due to remote working. Additionally, SD-WAN provides an unprecedented level of visibility allowing organizations to understand and react to new applications in their network environment.
  3. Focus on inbound security. The perceived vulnerabilities created by an exponential increase in people working remotely, and in many cases using their own devices to do so, has invited a wave of new cyber threats. In a joint alert issued in April by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the U.K.’s National Cyber Security Centre (NCSC), the agencies said they observed “a growing use of COVID-19-related themes by malicious cyber actors. At the same time, the surge in teleworking has increased the use of potentially vulnerable services, such as virtual private networks (VPNs), amplifying the threat to individuals and organizations.” Enterprises are responding by enforcing stricter security measures around inbound network traffic. BYOD policies must be stronger than ever, but also more flexible to extend to entire workforces, with the ability to quickly and securely validate the credentials of employee devices accessing the network.
  4. Deploy multi-layered security tools. The best defense against cyber threats, during a pandemic and otherwise, is to implement multiple levels of security. That includes broad, integrated encryption across the WAN, as well as a PCI DSS compliant service. Even organizations that aren’t directly involved in payment card activity should still consider services that meet the standard, which entails a network that has a certain level of access control, including two-factor authentication, to regularly undergo process and documentation audits, as well as penetration and vulnerability testing. Next-generation firewall (NGFW) integration provides an additional layer of protection for a WAN at key locations and at the nexus of key traffic flows.

Ultimately, these kinds of tools and practices create a pathway to unified threat management — a model for a single, unified security instance to protect an enterprise, its network and its data during a crisis and whenever business returns to normalcy.

What’s Hot on Infosecurity Magazine?