facebook pixel
Here’s what Akorbi is doing in response to COVID-19. Learn More »

Cybersecurity at Akorbi

hands on a keyboard with cybersecurity graphic overlay

Cyber-attacks are a growing threat with attack vectors changing daily. External attacks like exploiting vulnerabilities or Denial of Service attack, to more social engineering attacks like phishing and ransomware. Many enterprises that handle sensitive information, particularly those operating in the financial, healthcare, and large-scale retail sectors are subject to even more frequent and serious cyberattacks. But any entity that stores or transmits medical, financial, or sensitive information can be a tempting target for data-thieves and ransomware.  

Unfortunately, there is not a single playbook or checklist you can use to ensure an appropriate cyber security program for your organization. Yes, there are frameworks like National Institute of Standards and Technology (NIST) and Center for Internet Security (CIS) to help guide you down that path, but every company’s threat landscape is different and requires prioritization and customization of their security program to fit their specific needs. 

When we look at customizing security programs for industries at a high level, we break this down to what is called the CIA triad – no, this is not the Central Intelligence Agency. It stands for Confidentiality, Integrity, and Availability. Confidentiality is the ability to protect your data from theft or exposure. This is often accomplished by access control and file level encryption. Integrity means to protect data from deletion or modification from unauthorized parties and even erroneous mistakes. Availability means that the information or services are available to authorized users when it is needed. This is often accomplished by things such as business continuity planning and safeguards against power outages, hardware failures and events that might impact the systems. To each industry the priority of these items can often set the path for how to implement your security program. When we look at services like language service providers, we can often see that confidentiality, and availability outweigh that of integrity. Not to say integrity is not important, or that it does not play a role, it is often not as large of a threat and should not guide the direction of our security program and security related expenses. 

In an effort to reduce the risk of these cyberattacks, Akorbi has implemented several new security applications and processes to further enhance its existing security program. Listed below are just some of the security enhancements we have made to better our security posture. 

Privileged Account Management (PAM) – As you can assume by the name, privileged accounts have access to production and core systems that are critical to the business. These accounts are highly sought after by attackers because of their level of access to potentially sensitive data. With PAM We can monitor all privileged accounts, control access, and enforce one time use passwords limiting the likelihood an attacker will be able to compromise an account. User behavior analytics are used to monitor privileged accounts for unusual activity like accessing systems or starting services that the account does not commonly perform. 

Access Control – Access control works on the concept of least privilege, only having access to the data and systems that are necessary for that user. Their access is limited to only those systems that are required to perform the necessary function. This has been accomplished in several ways. First by limiting accounts with system access. Service accounts are set up per system and limited to function within that system or set of subsystems.  Service accounts have no access outside of their application, limiting the chance of lateral movement between systems if an account were to be compromised.  Second, remote access was removed for any user whose computer does not meet the minimum requirements set forth by Akorbi.   

Next Generation Antivirus (NGAV) – NexGen AV Provides heuristic detection of malware. Known malware is immediately removed from the systems and any unknown process is monitored for behavior. If at any point the process acts or performs like malware it is quarantined for examination by the security operations team. 

Vulnerability Scanning– Vulnerability scanning has historically been a difficult and inaccurate process often leaving lag times between the announcement of a vulnerability, and the detection of those vulnerabilities on our systems. Using an agent-based vulnerability scanners we can detect and identify vulnerabilities in our systems as soon as they are announced. This gives Akorbi a quicker response time to patch systems and remediate the threats. 

Enhanced Logging and Detection – With our new incident detection and response tools logs from all systems are collected and examined by machine learning to look for anomalies or possible threats. Using user behavior analytics, we can quickly detect changes in user behavior across the globe that could indicate malware or a compromised account within minutes. 

Email Filtering – Email filtering has become a priority for almost every industry. With the majority of attacks like phishing, malicious links, infected attachments, CEO fraud, or supply chain attacks, coming in as simple social engineering attacks. Akorbi has implemented the latest protections such as URL rewriting, which protects users from malicious links.  Sandboxing and sanitization of attachments and content examination to prevent against CEO fraud emails and supply chain attacks.   

MFA/SSO – Single sign on has been set up to ease the burden on users having to remember multiple passwords on multiple systems, encouraging users to use stronger passwords. Multifactor authentication has been configured to add extra layer to the authentication process to help ensure user accounts and system accounts are verified by the user and not easily compromised. 

As with any security program, the tools listed are the last line of defense. No good security program is able to function without good policies, procedures, and security awareness training for its users.  Ensuring users are properly trained empowers them to be the first line of defense, stopping attacks before they even begin, and knowing how to properly recognize and respond to anything suspicious.

Jesse Glaesman is Akorbi’s Director of Infrastructure, Systems and Security. Learn more about Jesse here.

Share this post:
Facebook
Twitter
LinkedIn
Pinterest

We use cookies to ensure that we give you the best experience on our website.

Here’s what Akorbi is doing in response to COVID-19. Learn More »