Three steps to co create enterprise security resilience

        Have you ever thought that a set of expired account passwords could cripple an entire company? It sounds like a scene from a movie, but it is actually portrayed in real life. In 2021, the largest fuel supplier in the United States experienced a VPN account password leak by an employee, coupled with the failure to activate Multi Factor Authentication, which allowed hackers to infiltrate the company's internal systems and subsequently paralyzed fuel supply on the East Coast of the United States. This is not just an isolated case, but a risk that all businesses may face. This article shares how Far Eastern New Century Corporation has constructed an information security defense system to safeguard confidential information of the company and its employees.

        A crisis caused by a set of accounting secrets

        The leakage of accounting secrets is like a crack in the door of a company, and hackers can easily penetrate the internal system as long as they find the crack. As the cloud and the internet become increasingly integrated into daily life, hackers' attack methods have become more diverse. From disguised phishing emails to implanted ransomware, traditional security defense methods are no longer sufficient to protect the information security of enterprises. It is necessary to shift from "passive defense" to "active warning" and further establish a "joint defense mechanism" to ensure immediate response when threats occur. Therefore, Far Eastern New Century Corporation is promoting a "three-step strategy: active perception, perception expansion, and joint defense reinforcement" to construct an information security defense system from three major levels and strengthen the enterprise's protection capabilities.

                Step 1: Proactively perceive - lock the door and do not enter unless requested

        The first step for hackers is often to invade enterprise systems through known vulnerabilities, such as using employee leaked passwords to log in to internal systems, using email attacks with malicious software to invade, and exploiting the opportunity of company equipment not being updated to launch vulnerability attacks... These seemingly basic issues are the most common breaches in enterprise security. The US fuel supply companies mentioned earlier, if they can add an extra layer of protection to their account security measures, such as enabling multiple factor authentication (MFA), hackers will not be able to easily log into the system even if they have the account security.

        In Far Eastern New Century Corporation's enterprise security architecture, this protective gateway covers:

        Email security upgrade: Upgrade the protection level for critical accounts to block phishing attacks.

        Endpoint Protection (EDR): Deploy advanced threat detection mechanisms to prevent malicious software intrusion.

        Password management and MFA enforcement: to avoid intrusion risks caused by account security breaches.

        The above measures are not simply technological upgrades, but rather reshaping the culture of cybersecurity. After all, although a strong city wall is important, it lacks a good management mechanism, and the gate may still be opened due to the carelessness of personnel.

        Step 2: Perception Expansion - Allowing Hackers to Have No Escape

        Even if the company's doors are locked, hackers will still try to take detours, such as deceiving employees through social engineering and infiltrating internal systems by exploiting vulnerabilities in supply chain partners. Therefore, enterprises cannot rely solely on traditional defense mechanisms, but need to enhance their threat perception capabilities and quickly identify abnormal behavior through AI and Big Data analysis.

        Microsoft Global Security Intelligence analyzes 78 trillion security signals every day, using AI to screen potential threats and assist businesses in responding in real-time. Far Eastern New Century Corporation has imported the Microsoft Sentinel cloud based security monitoring platform, which integrates security logs, monitors abnormal behavior, and uses AI to analyze suspicious activities, filter false positives, and identify real threats. If the system detects that an employee's account shows that they logged in from overseas in the early morning, AI will automatically compare the account's historical behavior to determine if it is an abnormal situation and immediately issue an alert. This mechanism not only reduces the burden of manual monitoring, but also improves detection speed and shortens the response time after hacker intrusion.

        Step 3: Joint defense reinforcement - ensuring zero blind spots in information security

        With the increasing complexity of enterprise security threats, relying solely on a central security team is no longer sufficient to address all challenges. Far Eastern New Century Corporation plans to enable each department to have independent monitoring capabilities, forming a cross unit security defense network. In addition, an automated monitoring system will be introduced to provide real-time security battle situation dashboards for members of the security defense team. Its functions include:

        Proactively monitor abnormal behavior: The system can instantly analyze the internal usage behavior of the department, such as abnormal traffic, suspicious login, sensitive data access, etc. Once an abnormality is detected, an alert will be triggered immediately.

        Instant notification and response: When abnormal account login, unauthorized data access, and other events are detected, the system will automatically notify members of the cybersecurity joint defense team.

        Horizontal joint defense mechanism: Each department's monitoring system is connected to each other, and as long as an attack is detected, information can be quickly shared to ensure that other departments can also defend synchronously and no longer fight separately.

        Far Eastern New Century Corporation enhances overall resilience, shortens defense time, and strengthens enterprise security resilience through an information security defense architecture and a mechanism involving enterprise participation, combining technology and automation.

        Cybersecurity, a marathon without a finish line

        Security defense is not something that can be solved by a single technology or tool, but rather a constantly evolving war. From basic protection (active perception), to advanced detection (perception expansion), and then to contingency mechanisms (joint defense reinforcement), what enterprises need is not only technological upgrades, but also the deep cultivation of information security culture in daily operations, making security awareness a part of every decision and action. In the face of increasingly complex cyber threats, the question we should ask is no longer 'Will hackers attack us?' but 'Are we prepared when an attack strikes?'

        Cybersecurity never waits until a crisis occurs to remedy it, but takes action now. Starting today, we will re-examine our account security, enable multi factor authentication, and work together to build enterprise security resilience.

        *Image source: freepik

        #