The cyber security remedy: prevention is better than a cure

Wonga’s recent announcement that it was hit by a data breach affecting 245,000 of its UK customers is yet another sharp wakeup call for businesses. All available information concerning the attack indicates that this could be one of the biggest financial information leaks the country has ever seen.

Businesses across Britain are waking up to the fact that it is a case of “when” not “if” they will be targeted. Just look at what has happened to NHSTalkTalk… the list goes on and on and on. Whatever the malware, threats in today’s cyber arms race are constantly evolving and frustratingly, the virus always seems a step ahead of technology’s ‘vaccine’.

>See also: 3 pre-breach remedies in the age of the cyber attack

To combat this, a layered approach to security should be deployed, with preventative measures for known vulnerabilities. Risk and identity-focused solutions can provide the smartest form of defence and prevent the initial infection becoming a full-blown catastrophe.

White blood cells inspire the software-defined approach

A fundamental shift in how organisations approach cybercrime is urgently required. Businesses must advance from traditional network security to actual information security, to stop inevitable attacks escalating to damaging levels.

Think of the role your white blood cells play within your immune system; similarly, it is vital for organisations to have security imbedded in the network itself. Employing software-defined security (SDS) enables more targeted and appropriate security policies, with digital identity attributes used to enforce detailed access entitlements across systems and applications.

Today, SDS represents the security ideal. It is real-time and transaction-based, focusing on data and user access requests across multiple channels, protecting mobile enterprise apps, workstation web browsers, and backend administration – not just the vital organs. This approach also offers an attractive value proposition.

>See also: How AI has created an arms race in the battle against cybercrime

Common issues around authentication and access management are ‘automatically’ solved via behavioural analytics, vastly improving organisations’ risk posture and transaction decision speed. Further, SDS makes for a smoother user experience (UX) – critical to the success of any business or security initiative.

Smart defence to protect the vital organs

Having an effective and robust procedure in place with escalating privileged access throughout an organisation is vital. It allows inevitable attacks and breaches to be shut down before they penetrate vital organs, causing catastrophic damage. Access control is crucial to enterprise security here – particularly in the age of bring your own device (BYOD), which sees employees, customers and partners using multiple devices to access and store company information along with their own, potentially leaving data exposed.

Effective access controls not only allow organisations to identify individuals, but decide and monitor what each can and cannot do, access, or share – from the opening of files, to the areas of a building entered.

Unfortunately, authentication mechanisms in many businesses remain archaic. Often, simple passwords are used across multiple accounts, employees fall prey to phishing attacks, and outdated tools inadequately monitor data access.

>See also: Corporations ‘not prepared’ for mobile breach 

With the latest technologies at hackers’ fingertips capable of tracing keyboard strokes and cloning whole devices, companies must use equally sophisticated solutions to protect their data.

The entering of stolen or misused credentials continues to be the number one way to gain access to information, with the majority of breaches exploiting weak or stolen passwords.

This calls for the likes of two-factor authentication (2FA), an effective access control method which layers identity verification, helping ensure only authorised users gain network admittance. The varied information used within 2FA includes passwords, knowledge-based authentication (KBA), software tokens and hardware credentials.

Additionally, adaptive (or risk-based) authentication is indispensable in helping judge whether users are who they say they are, determining minimum credential requirements working across a portfolio of factors.

>See also: The mobile threat landscape

The adaptive technology evaluates a set of contextual factors related to an access attempt or transaction to better estimate the risk involved, without impacting the experience for legitimate users. It is a particularly robust multi-channel risk assessment solution, detecting and preventing fraud.

Employees are the front line of the immune system

Many organisations struggle to find the right balance between undisrupted employee experience and ensuring appropriate security controls. While security operations should be seamless and unseen, they often end up ‘disrupting’ a working device and happening too often – prompting employees to put off, or altogether opt-out of updates that may be crucial cracks in the company’s immune system.

Awareness, education and understanding of risks is essential in tackling basic cybersecurity threats. A simple security posture check can raise awareness among employees and lead to common sense improvements, such as applying patching updates in a timely fashion – a vaccine jab that could prevent the worst-case scenario.

>See also: The biggest challenge holding back Europe’s Digital Single Market

Case in point: a patch preventing the WannaCry ransomware attack that took down over 75,000 computers worldwide this month has been available from Microsoft since March. Victims simply had not downloaded it.

Businesses must educate and train their staff from the top down to ensure there is critical understanding of the importance of security awareness and the correct procedures to follow.

It is important for employees to understand that this doesn’t just rest within the IT department, but is a consideration for everyone company-wide, as the business looks to avoid the illness of the next inevitable cyber attack.

 

Sourced by Paul Ferron, director, Security Solutions, EMEA, CA Technologies

 

The UK’s largest conference for tech leadership, Tech Leaders Summit, returns on 14 September with 40+ top execs signed up to speak about the challenges and opportunities surrounding the most disruptive innovations facing the enterprise today. Secure your place at this prestigious summit by registering here

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...