John Green, business and technology development director at IT security firm Accumuli, advises on how to get tough on cyber attacks
There has been a marked increase in cyber-attacks, resulting in significant data breaches – a rise of 48 percent from 2013 to 2014 costing the UK up to £27bn a year, according to PwC’s Global State of Information Security Survey 2015.
For IT security professionals it is no longer a question of if such an attack will occur, but rather when. As a result, IT security teams have clear remits; anticipate and monitor issues before they impact business, and manage them when they arise.
The opportunities created by The Internet of Things and advances in big data, cloud computing and mobile connectivity, for example, are forcing organisations to open up IT infrastructures at the same time as cyber threats are increasing the risk of corporate data breaches. These impinge on corporate brand and reputation, the performance of processes, supply chain, customer engagement strategies, the productivity of employees and mining of customer data to drive marketing efforts.
IT departments face the challenge of the Iron Triangle: time, cost or quality, having to balance all three. Impinging on one of these affects the other elements, all while dealing with an ever-evolving threat landscape. Access control, border guardian devices and authorisation techniques are no longer enough. They can not only be bypassed, but also used to gain access to sensitive material.
The key is to implement the right procedures and response strategy to counteract future cyber threats and recover from incidents faster. While creating and implementing a comprehensive policy will differ according to the type of organisation and information being secured, there are a few fundamentals that can form the basis of a solid defence:
• Fast breach identification
• Contained and isolated localisation of issues
• Rapid and automated resolution
• Constant productivity – without loss of user hours
• Full incident lifecycle visibility to support impact analysis
Here, John Green, business and technology development director at IT security firm Accumuli, shares his four top tips on defending against cyber attacks:
1. Get the basics right
A shared connectivity backbone and ICT infrastructure is more and more common in the business world. This extends to applications and services which support whole communities of users. All of these components are targets for an attack and confidentiality and integrity are at risk.
Perimeter security is usually the focus but really, where is your perimeter? Users work from home, from hotels abroad; borders as we knew them don’t exist. Typically, organisations fall down on the wider issues of creating a strategically planned and more robust defence inside and outside of a firewalled perimeter.
Users play a crucial role here as they are most often the targets. Alongside user education – on the proper usage of company devices, passwords, encryption and updates – companies should also prioritise monitoring and controlling privileges. This includes knowing what these accounts are, what they being used for and determining if that use is legitimate
2. The overall view
In a world where connectivity is part of everyday life and lines between work and personal activity, let alone devices are blurred; an integral part of cyber defence is ensuring that the organisation has visibility over the IT infrastructure. It is vital that IT security knows which devices (and users) are making use of the network, what they are accessing and where they are doing it from. Knowing where any sensitive data is held, and identifying any potential vulnerabilities is a critical step in any security strategy.
It is crucial to reduce the potential attack surface by remediating these weaknesses. The implementation of a consolidated ‘single pane of glass’ such as a Security Incident and Event Management (SIEM) platform is a significant first step to gaining this overall view. The platform correlates key infrastructure and security technologies and logs activities across the network.
3. Watch and monitor
All online threats begin somewhere. A breach, for example, could begin as a seemingly innocuous network probe to expose any vulnerabilities – continuous trawling across the Internet searching for an open door into a vulnerable network. This is where vulnerability management comes in: if you don’t know where you vulnerabilities lie, how can you close that door?
Knowing where an organisation’s vulnerabilities lie is crucial. There are legitimate reasons for allowing users onto a company’s network; supply chain management becomes increasingly important. Managing this risk enables business, security then becomes a business advantage. The core aim is to be able to closely monitor users and applications that utilise the network and determine the legitimacy of activity.
4. A layered defence strategy – defence in depth
A successful defence strategy is built in layers, protecting against internal and external threats. It starts with policy and process, takes into account people and boundaries. Only then does technology come into play.
Most companies have some level of security in place – a patching regime, antivirus, perimeter defences, etc. However, as the cyber threat changes and grows, additional measures need to be taken. At a strategic level, we have to weigh up and balance risk management against business opportunity.
Applying these measures can only be effective once you have determined the context in which your organisation functions. Important factors to consider include the threat landscape under which your business operates, your organisation’s risk appetite, how risks can be mitigated or managed to an acceptable level, are your current levels of protection sufficient, and are you leveraging the investment you have already made in security platforms.
Think you know all there is to know about hackers and viruses? Take our quiz!