by David Levine
Cybercriminals continue to expand their tactics and adopt new technologies to carry out devastating cyber-attacks. Their ability to find and leverage gaps in security, evade detection and conceal malicious activities has only gotten better and more sophisticated. Enterprises need to adopt an ‘all hands on the deck’ approach to defend against new security threats. If CIOs fail to take a proactive approach to security that includes not only advanced tools and intelligence to track threats, but the careful training of both IT staff and employees, they could well face serious issues in the future.
How do we know that traditional measures aren’t enough? One recent study surveying IT decision makers across several industries found that 90% of them felt either “concerned” or “highly concerned” that they would face a data breach in the coming year — but only 15% felt “well prepared” to deal with a breach if it happened.1 This is despite the fact that a majority of these respondents aren’t what you would typically consider “vulnerable.” Most are actively taking at least partial steps to secure their organisations:
• 81% deploy a traditional firewall
• 66% make use of anti-virus software
• 60% use IDS/IPS technologies
Securing your network
For the new generation of threats, companies should consider a Next-Generation Firewall (NGFW). With traditional firewalls, IT is left adding on additional appliances to try and answer new threats. This is far from thorough, and also has the consequence of progressively degrading the performance of the network. NGFWs have the benefits of a traditional firewall, plus a number of advanced features that can help protect you from new threats, including deep-packet inspection, which gives insight into network traffic and helps identify anomalies; granular permissions on the application level (for example, blocking Google Hangouts while still allowing the use of Gmail or Google Inbox); and user identifications that limit access to approved names and IP addresses. NGFWs also have a negligible effect on network performance when compared to stacking traditional firewalls with secondary appliances.
But even with NGFWs and other technologies securing your systems and infrastructure, IT needs to intensify the monitoring they already do. Breaches are inevitable, and they often aren’t detected for weeks or months after they actually occur. IT needs to be able to recognise the subtle cues that may indicate unauthorised entry, which include:
• Login credentials suddenly not working
• New admins and login accounts to system portals have been created
• A network that is normally quick now runs sluggishly
• A device is running an unauthorised file transfer protocol (FTP)
• DNS settings have been changed
By identifying and investigating these and similar incidents, IT can help identify breaches early and implement their data security incident response plan as soon as possible.
Trained employees: Your best defence
While IT plays a major role in keeping the company secure, information security is everybody’s responsibility. Your employees play a critical role in helping you protect your organisation’s security, confidential documents and valuable information. Increasing employee awareness of some basic security best practices is a good investment for everyone. This can include training employees on:
• Email security to identify phishing emails, dangerous attachments and other email scams
• How to spot fraudulent URLs
• How to recognise and avoid social engineering scams
• Security beyond the office (working from home or on the road)
• When and how to report suspicious activity
And just as with compromised networks, it’s also important to educate employees about the symptoms of a compromised device. If employees experience, for example, any of the following on a device they use for work, they should notify IT immediately:
• False notifications about updating anti-virus software: Hackers use phony “your software is out-of-date” alerts to get people to enter valuable personal and financial information into false renewal forms. And if these false notifications show up on an employee’s device, it means the device is already infected.
• Frequent pop-ups when browsing the internet: Like with phishing, pop-ups often appear to be from legitimate sites – and in fact, many legitimate sites actually do use pop-ups. Copious pop-ups, however, are a likely sign that a device is infected with malware.
• False search results: Sites often pay vendors to drive traffic their way, and some of those vendors drive that traffic illegally, by inserting particular sites into search results regardless of what the search query is. If certain websites appear among search results time and again, with no relation to what was searched for, it’s a sign the device is compromised.
• Unexpected negative change in system performance.
At the end of the day, you can go and spend the money on the latest technology, and you should but if you can’t sensitise your employees to the key role they play in proactive information security, then you are still leaving yourself exposed. Good proactive security isn’t just about technology – it’s about the whole ecosystem. And if you are not prepared, all it takes is a single email to breach your entire network.
1 The Business Journals, ‘Data Breach – Top Concern of IT Security Pros for 2015,’ 2014.