Protect Your Data
Protect your assets with a complete security plan
- By Denny Heaberlin
- Nov 01, 2015
In the minutes, hours and days that follow a widespread, widely publicized
data breach, most companies scramble to increase their security measures
in an effort to overcompensate for their lack of proactive preparation. However,
in many cases, the damage may have already been done. A proactive,
rather than reactive, approach to security helps to ensure that critical information
is protected without businesses having to learn “the hard way.”
The cyber threat landscape is fluid and unpredictable, changing as new technologies
emerge and as hackers become more knowledgeable. True data and network
protection requires constant effort, as opposed to the completion of a security
checklist that’s then filed away and forgotten. From organized cybercrime rings to
“hacktivists” to foreign government hacking attempts, the complexities and motives
of cyber security breaches are changing by the day.
Identifying Risks
Since each business and industry is different, cyber security must begin with a
thorough risk vulnerability assessment. A large part of risk assessment depends
on where businesses store and transmit data—whether it’s in the public cloud, an
on-premises data center, or a mix of the two. According to the 2015 Cloud Security
Report from Alert Logic, Windstream partner and provider of managed cloud
security and compliance solutions, cloud adoption remains strong, and with it, the
industry has experienced an increase in attack frequency for organizations with
infrastructure in the cloud.
Alert Logic points out that it’s not necessarily a result of cloud environments
being less secure, but a misconception on the part of many businesses about the
level of security that’s needed in the cloud. In other words, the companies that don’t fully understand the risks associated
with their specific environments
are more likely to have holes in their
security plans.
This applies to Information Technology
(IT) infrastructure, as well as
business operations, especially in terms
of the nature in which businesses conduct
their customer interactions. Alert
Logic noted a distinct difference in
threat profiles between businesses that
primarily service their customers online
and those that do not. Those that interact
more online are often the targets of
application attacks, whereas companies
with less online interaction generally
face more brute force and trojan attacks,
according to the report.
Reinforcing the concept that different
types of businesses face varying
types of attacks, the Alert Logic report
outlined the most common types of attack
in each industry:
- Advertising: application attacks
- Computer services: application
attacks
- Financial: brute force
- Healthcare: brute force
- Manufacturing: application attacks
- Accounting/Management:
brute force
- Mining: trojan
- Real Estate: application attacks
- Retail: application attacks
- Transportation: application attacks
Risks can also be identified by employee
activity. For example, businesses
with mobile or remote employees must
consider the impact of Bring Your
Own Device (BYOD) policies. With
more employees using multiple devices,
both personal and company-issued,
there is a greater possibility for them
to unknowingly compromise corporate
network security. Other employee
activity such as neglecting necessary
security patches and updates, responding
to phishing emails and general lack
of cyber security awareness can further
amplify security risks. Understanding
a company’s threat profile based on its
activity is key to determining the most
successful security strategy.
Understanding the
Threat Landscape
Another component to a robust security
plan is to understand the everchanging
cyber threat landscape. Businesses
must consider not only what
actions they take that put themselves at
risk, but also the latest threats and incidents
that are occurring in cloud and
on-premises environments.
The 2015 Alert Logic report revealed
that for on-premises data centers, the
top three current incident classes are
suspicious activity, trojan attacks and
application attacks. Suspicious activity
is a threat that doesn’t fit in a typical
threat category, such as the addition of
a new domain administrator without
the knowledge of existing administrators
gaining control over the systems.
It’s tough to predict and recognize suspicious activity without a dedicated security
expert, which could be why it remains
a top threat for on-premises data
centers with limited resources.
Trojan, or malicious code, attacks
occur when hackers execute a specific
task or different tactics. Trojan attacks
can often be found after an employee
accidentally downloads assets from a
compromised website. Trojans are very
common threats for on-premises environments
where there is little customer
interaction online—so businesses that
fit that description should have this
threat on their radars.
Application attacks are the third
most prevalent types of attacks in onpremises
data centers, and the number
one threat impacting cloud environments.
In fact, according to the 2015
Alert Logic report, application attacks
in the cloud increased by 45 percent
from 2013 to 2014. Application attacks
are tried-and-true methods for hackers
since applications provide the gateway
to sensitive data. The real estate industry
is a great example of how making services
and applications more available to
customers also makes them more available
to hackers, which is why more than
half of the malicious activity in the field
is comprised of application attacks.
Also, in the top three threats to cloud
environments, behind application attacks,
are trojan attacks and brute force
attacks, respectively. Brute force attacks
remain a popular hacking method because
they can be executed easily with
simple tools and computing power.
These types of attacks, where hackers
gain access to a system by trying different
user names and passwords until
the right combination is found, are difficult
to block and can give the hackers
access to entire networks, applications
and/or other assets.
Implementing Security
Solutions
Threats that businesses are facing this
year may not be what they see next
year, which is why companies must be
elastic in their security planning. By
identifying the most vulnerable points
in their current environments—whether
it’s on-premises/private cloud, public
cloud or hybrid cloud—businesses can
then start to draft strategies and analyze
potential solutions.
When developing a security strategy,
businesses shouldn’t automatically
jump to technology selection, but instead
should think about the type of
data and applications they will be using
in the cloud or on-premises. Once
they understand what they are protecting,
they can then build out the security
process that includes responsibilities,
stakeholders, incident response plans
and contingency plans should something
go wrong.
With a security process in place,
businesses can then look at the actual
solutions and tools that will help to
keep them protected. Just as the cyber
threat landscape changes, so does the
latest technology in security solutions,
which is why a customized plan that
changes as a business’ needs change isthe best course of action. A complete security solution should protect data and
applications from all angles—network, cloud and employee communication—to
mitigate any and all threats to data. A Managed Services Provider (MSP) can provide
personalized solutions and enhance network and cloud security by helping
to implement tactical solutions such as firewalls, antivirus protection, Operating
System (OS) hardening, intrusion detection and web filtering.
The right security solutions are only effective if businesses take the right actions
and implement the right policies. Some of the most important steps to a
successful security plan involve testing, governance, education and implementing
security policies for employees. Nonexistent or relaxed cyber security and access
management policies can leave organizations vulnerable to attacks. However, having
well-defined regulations as part of a larger employee IT governance policy can
help prevent the potential for damage from network or data hacking attempts.
The majority of businesses’ security is in the hands of their own employees,
and robust security solutions are most effective when strongly aligned with employee
awareness. Ongoing security awareness training and communications keep
security a priority in the minds of employees; when they’re educated and vigilant,
there’s far less risk of a cyber threat becoming a serious problem.
Regardless of the business type, part of that employee awareness and training
should address the growing trend of a BYOD workplace. In a BYOD workplace
environment, people can work from anywhere, at any time, which is a great benefit
to organizations and increases collaboration and efficiency. However, with such
advantages comes the responsibility of protecting the network and critical data,
which requires implementation of a solid BYOD policy.
BYOD practices take security concerns to a heightened level, adding new dimensions
to IT management, administration and control. When creating a BYOD
policy, specify approved functions and applications that users can access, as well
as acceptable behaviors.
Companies should also adopt a plan for overall patch management, since unpatched
software and systems can lead to major security issues. In addition to
establishing a process to update systems regularly, all updates should be tested to
confirm that they don’t create additional vulnerabilities. Other actions that companies
should take include regularly reviewing logs to identify vulnerabilities and
testing and securing their code to thwart future attacks.
The final component of a successful security plan is allocating enough staff
and resources to support that plan, which is why security is considered to be a
shared responsibility between executives, employees and a trusted service provider.
The best-protected systems are those that are constantly managed by a dedicated
IT team. If companies find that they are lacking resources to provide ongoing
support and monitoring, managed network security solutions are the answer. To
choose the right Managed Service Provider (MSP) and solutions, a company must
first look at what security options are available and partner with a provider that
delivers the right type of security to support its core IT environment and activities.
Providers should also allow businesses to manage elements of their own security
and customize services, which can be critical for meeting regulatory compliance
and security requirements specific to certain fields and/or industries.
Data security should be an ongoing effort for businesses that adapts as needs
change and new threats emerge. The service provider and solutions that a business
chooses are crucial, but those are only components of a complete security plan. Taking
a proactive approach to cloud and network security involves
careful risk assessment, knowledge of threats and, most importantly,
careful planning to combine solutions and practices that
provide peace of mind for business leaders and IT executives.
This article originally appeared in the November 2015 issue of Security Today.