This Cybersecurity Awareness Month, Let’s Get Back to Basics

Cybersecurity Awareness Month always represents a good opportunity to reflect on the challenges of the year and start planning for the future. While 2021 hasn’t quite been the sigh of relief that many were hoping for after a chaotic 2020, it has been a year of fascinating developments in the cybersecurity world.

Early in the year, the world was forced to grapple with the fallout from the SolarWinds breach, one of the largest third-party attacks in recent memory. Between Congressional hearings, security advisories, and follow-up attacks, the SolarWinds attack colored a significant portion of the threat landscape over the first half of the year. Of course, it was not alone. In May, Russian hacker group DarkSide forced the Colonial Pipeline—one of the largest fuel pipelines in the U.S.—to shut down operations for several days due to a ransomware attack. The attack triggered a rise in gas prices, and the attackers ultimately made off with a ransom of roughly $2.3 million Bitcoin.

The list goes on. In March, Chinese hacker group Hafnium used a zero-day exploit to carry out an attack on hundreds of thousands of servers running Microsoft Exchange software. Malicious actors hacked Facebook in April, leaking the personal information of hundreds of millions of users online. Attackers breached Verkada, a security startup, in May, gaining access to countless live camera feeds throughout the country. In the later half of the year, a hacker breached T-Mobile’s network to steal data from more than 50 million customers.

The world is a dangerous place, and attackers are always on the lookout for opportunities to hack into networks, steal valuable data, and otherwise disrupt operations. But the good news is there are concrete steps that today’s enterprises can take to protect themselves, and Cybersecurity Awareness Month is the perfect time to get back to basics.

What to Think About: Breaking Down the Fundamentals

The Four Pillars of Certificate Lifecycle Automation. There has been an explosion of digital identities over the past decade – especially in a post-COVID digital world -- and attackers are increasingly looking to exploit weaknesses in identity security. Unfortunately, with thousands (or tens of thousands) of identities in use by the average enterprise, it is no longer feasible to manage those identities manually. Brush up on the digital identity management basics and learn how automation makes Certificate Lifecycle Management (CLM) easier than ever.

What Is PKI, Anyway? Public key infrastructure (PKI) manages identity and security within internet communications to protect people, devices, and data. This technology has been around for decades, but most people don’t know what it really does. Learn about how PKI-based digital certificates secure today’s digital identities.

Business Email Security: How to Encrypt Email and Why It’s Important. Understanding when encryption is necessary and how to implement it is critical. Email-based attacks remain popular among cybercriminals, and tools like S/MIME use PKI to protect your emails by digitally signing them to authenticate the identity of the sender and by encrypting content and attachments in transit and when stored on an email server.

What Are the Differences Between RSA, DSA, and ECC Encryption Algorithms? PKI is used to manage identity and security in internet communications and computer networking, and public key cryptography is the core technology behind it. Understanding the algorithms used to generate today’s most reliable and effective cryptography can help users gain a more complete picture of how their data is being protected.

Quantum Cryptography and Encryption: What It Is and How It Works. Even as RSA, DSA, and ECC remain today’s most effective encryption methods, the quantum computing revolution is nearly upon us. Organizations like the National Institute of Standards and Technology (NIST) are hard at work identifying new encryption algorithms capable of standing up to quantum computing. Today’s enterprises should already be preparing for that future.

What to Watch For: Attacks and Threats

New Microsoft CA (MSCA) Attack Toolkits. At the Black Hat USA 2021 event in August, a presentation and whitepaper detailed the threat of MSCA root key attacks, which can be used to create unauthorized certificates. This release includes a pair of offensive toolkits and a defensive toolkit. In this Root Causes podcast, learn the importance of this release and get a clear action list for IT professionals in charge of MSCA.

How to Avoid Root Expirations. Widespread outages like the recent Let’s Encrypt root expiration illustrate knowledge gaps that still exist in enterprise organizations today. The need for radical certificate agility and best of breed CLM as the standard comes clearly into focus when considering the outages that are occurring from expired root certificates. The consequences of going without can be catastrophic. Automated CLM leaves nothing to chance and provides visibility and lifecycle control over all digital certificates in an IT environment. This is what cybersecurity looks like for today’s modern businesses.

How Digital Identity and PKI Fit Into Ransomware Attacks. The ransomware attack against the Colonial Pipeline made major headlines. Dig into the details of the attack in this Root Causes podcast and learn how digital identity and PKI fit in.

What to Do: Action Steps

Mitigating Risk with a Private CA. It’s important to understand the difference between a public CA and a private CA. Learn about the role that each plays in security—and how a private CA can help you take greater ownership over CLM.

How to Set Up Your Own Private CA. Need to secure remote workers? Expanding DevOps workflows on the cloud? IoT devices rapidly expanding? Setting up a private CA can help enterprises implement greater digital identity security across networks. Best of all, it can be done in the blink of an eye, and Sectigo can help.

Your Guide to Passwordless Authentication. Cybersecurity experts have been declaring the password “dead” for years. It’s not true yet, but it is increasingly clear that enterprises are headed toward a passwordless future. Today, username and password combinations expose users to unnecessary risks. Learn about why asymmetric authentication methods are actually more secure than passwords—and easier than ever to implement.

Cloud or On-Premise? Recent cyber threats like the PetitPotam relay attack on Microsoft, the SolarWinds supply chain compromise, and countless others have put a bright spotlight on the age-old debate: Is the cloud as secure as an on-premise infrastructure? As enterprises are targeted with increasingly sophisticated on-premise breaches – despite firewalls and other roadblocks – it is clear data center proximity does not equal impenetrable protection. In this BrightTALK webinar, Sectigo Chief Compliance Officer Tim Callan and Chief Technology Officer of PKI Jason Soroko explain the benefits of a cloud-based approach to security and why certificate-based authentication between all systems is critical to securing enterprises today and tomorrow.

Automated Certificate Lifecycle Management Is No Longer a Nice to Have—It’s Essential. Facing down today’s threats, it’s not enough to just implement PKI. It’s important to consider the entire lifecycle of a digital certificate, and automated CLM can help avoid costly outages and unforeseen challenges. At today’s certificate volumes, it’s not just a “nice to have” technology anymore. It’s absolutely necessary.

To learn more about automated Certificate Lifecycle Management, reach out to us directly or browse our website to review the products and services Sectigo offers.