While enterprise technology has seen major advancements around the world, the systems used to secure networks are, in comparison, frail and in need of attention. Cyber attacks on the other hand have kept pace with the technology and are becoming weapons of disruption.
Technology within the workplace has changed drastically over the past decade. While this change spells progress for businesses, that progress is being slowed by the rising tide of cybercrime. Just as tech solutions across organisations are evolving, so too are the hackers targeting organisations’ data. The latest WannaCry ransomware attacks are a perfect example of this; the fact is cyberattacks will only grow more sophisticated and powerful as time goes by, and this is not a problem any company can ignore.
People often blame technological progress for these cyber attacks, however the first part of the problem is businesses. The primary factor enabling increased threat surfaces are what businesses are doing, or rather to be precise, what they aren’t doing. While cybercrime has advanced, the company approaches to defending against it haven’t.
Here are some of the ways in which organisations are putting up a bullseye on themselves for hackers.
Outdated security measures
Endpoint security is something that needs to evolve with technology. Enterprises have adopted new technologies rapidly, but their endpoint security practices haven’t necessarily followed suit. And this is extremely dangerous.
How can yesterday’s security solution help prevent next year’s, or even tomorrow’s attack? Not proactively upgrading security solutions leaves enterprises with solutions that were viable in the past, but unequipped to handle the present or future malware world.
Cyber security practices
When an organisation’s cybersecurity plan begins and ends at their IT department, failure is evident. Especially in today’s world where remote workforce are a growing phenomenon and everything is connected.
Enterprises tend to assume that their staff have an understanding of cybersecurity practices and overlook the possibility that their IT department lacks complete control. All it takes is a single weak link for a security breach to happen – an employee who inadvertently downloads an infected document from a phishing scam, or another who leaves their company connected laptop unlocked and unattended while getting a coffee.
Next victim, not me
Too many enterprises operate on the dangerous presumption that they haven’t been attacked yet, so they’re good. Although misguided, this thinking is present across many industries. Ignorance is never bliss when it comes to cybersecurity. The more complacent the enterprise, the more that organisation is at risk.
However, the way businesses operate only forms part of the problem. The second and in no way smaller part is the threats themselves.
IoT and mobility
Smart technology exists and is the norm across enterprises these days. From mobile devices and mobile workforces to BYOD and smartphones, enterprises have had to become increasingly flexible within their infrastructure. Although this is great from the end users’ point of view, these changes add to the threats and possible vulnerabilities for any enterprise that chooses to leverage them.
While spam and phishing emails were commonplace intrusions in the past, today targeted and innovative attacks are the run-of-the-mill. Social media and emails are the number one distraction for workers and provide a lucrative entry point for cyberattacks. Imagine a worker using a Fantasy Football site or even Facebook in the workplace, and that being an attack surface for a cyber attack.
Attacks, attacks and more attacks
Cyber warfare has been dominating the news for the past few months. So far in 2017 alone, we’ve seen the likes of ransomware, NSA tools being used for cyber crimes and a large number of global sites under attack. The past was no better. Each past year pales compared to the next new year in terms of attacks and the lack of security measures in place to avert them.
The bottom-line is that there is no escaping or shying away from cyber attacks. The best defense is to be prepared to the hilt. Here are three key measures all enterprises should be employing to help minimise and possibly mitigate these threats.
1. Keep critical data on-premises and encrypted
On-premises and encrypted data provides an enterprise with a greater sense of control compared with having their data in the cloud on third-party storage provisions. Encrypting on-premises data helps further lessen the blow of potential cyber threats while keeping your data secure.
2. Monitor systems in real-time
Investing in a good monitoring solution, which is deployed on-site provides IT departments with a proactive and reactive arsenal with which to fend off cyber threats. Monitoring systems in real-time while applying security policies enables IT departments to better control data and in turn their infrastructure.
3. Layer threat protection
A singular line of defense in the form a universal security policy is no help in mitigating today’s cyber attacks. Layering threat protection in the form of uniform security policies across all devices, multiple forms of authentication for users across the business, including remote branches and remote users, gives IT departments a better handle on security. Adding positive and negative threat detection with signatures to the security mix helps create a barrier from all angles.
Let’s face it, no cyber security effort is going to be 100% effective or foolproof. The fact is that enterprises need to treat their IT security measures as a part of their risk management by adopting and updating their security tools to match technology advancements.
Keeping data secure and giving IT control while catering to the flexibility needs of the workforce is no easy task. After all, defense is one man guarding the ball and four others helping him. The only way to address the growing attack surface is to create a comprehensive strategy, integrated controls, end-to-end security mechanisms, monitoring, reporting and analytics.
Sourced from Pascal Bergeot, CEO of Goverlan