Protect Your Data - In the minutes, hours and days that follow a widespread, widely publicized data breach, most companies scramble to increase their security measures in an effort to overcompensate for their lack of proactive preparation.

Protect Your Data

Protect your assets with a complete security plan

In the minutes, hours and days that follow a widespread, widely publicized data breach, most companies scramble to increase their security measures in an effort to overcompensate for their lack of proactive preparation. However, in many cases, the damage may have already been done. A proactive, rather than reactive, approach to security helps to ensure that critical information is protected without businesses having to learn “the hard way.”

The cyber threat landscape is fluid and unpredictable, changing as new technologies emerge and as hackers become more knowledgeable. True data and network protection requires constant effort, as opposed to the completion of a security checklist that’s then filed away and forgotten. From organized cybercrime rings to “hacktivists” to foreign government hacking attempts, the complexities and motives of cyber security breaches are changing by the day.

Identifying Risks

Since each business and industry is different, cyber security must begin with a thorough risk vulnerability assessment. A large part of risk assessment depends on where businesses store and transmit data—whether it’s in the public cloud, an on-premises data center, or a mix of the two. According to the 2015 Cloud Security Report from Alert Logic, Windstream partner and provider of managed cloud security and compliance solutions, cloud adoption remains strong, and with it, the industry has experienced an increase in attack frequency for organizations with infrastructure in the cloud.

Alert Logic points out that it’s not necessarily a result of cloud environments being less secure, but a misconception on the part of many businesses about the level of security that’s needed in the cloud. In other words, the companies that don’t fully understand the risks associated with their specific environments are more likely to have holes in their security plans.

This applies to Information Technology (IT) infrastructure, as well as business operations, especially in terms of the nature in which businesses conduct their customer interactions. Alert Logic noted a distinct difference in threat profiles between businesses that primarily service their customers online and those that do not. Those that interact more online are often the targets of application attacks, whereas companies with less online interaction generally face more brute force and trojan attacks, according to the report.

Reinforcing the concept that different types of businesses face varying types of attacks, the Alert Logic report outlined the most common types of attack in each industry:

  • Advertising: application attacks
  • Computer services: application attacks
  • Financial: brute force
  • Healthcare: brute force
  • Manufacturing: application attacks
  • Accounting/Management: brute force
  • Mining: trojan
  • Real Estate: application attacks
  • Retail: application attacks
  • Transportation: application attacks

Risks can also be identified by employee activity. For example, businesses with mobile or remote employees must consider the impact of Bring Your Own Device (BYOD) policies. With more employees using multiple devices, both personal and company-issued, there is a greater possibility for them to unknowingly compromise corporate network security. Other employee activity such as neglecting necessary security patches and updates, responding to phishing emails and general lack of cyber security awareness can further amplify security risks. Understanding a company’s threat profile based on its activity is key to determining the most successful security strategy.

Understanding the Threat Landscape

Another component to a robust security plan is to understand the everchanging cyber threat landscape. Businesses must consider not only what actions they take that put themselves at risk, but also the latest threats and incidents that are occurring in cloud and on-premises environments.

The 2015 Alert Logic report revealed that for on-premises data centers, the top three current incident classes are suspicious activity, trojan attacks and application attacks. Suspicious activity is a threat that doesn’t fit in a typical threat category, such as the addition of a new domain administrator without the knowledge of existing administrators gaining control over the systems. It’s tough to predict and recognize suspicious activity without a dedicated security expert, which could be why it remains a top threat for on-premises data centers with limited resources.

Trojan, or malicious code, attacks occur when hackers execute a specific task or different tactics. Trojan attacks can often be found after an employee accidentally downloads assets from a compromised website. Trojans are very common threats for on-premises environments where there is little customer interaction online—so businesses that fit that description should have this threat on their radars.

Application attacks are the third most prevalent types of attacks in onpremises data centers, and the number one threat impacting cloud environments. In fact, according to the 2015 Alert Logic report, application attacks in the cloud increased by 45 percent from 2013 to 2014. Application attacks are tried-and-true methods for hackers since applications provide the gateway to sensitive data. The real estate industry is a great example of how making services and applications more available to customers also makes them more available to hackers, which is why more than half of the malicious activity in the field is comprised of application attacks.

Also, in the top three threats to cloud environments, behind application attacks, are trojan attacks and brute force attacks, respectively. Brute force attacks remain a popular hacking method because they can be executed easily with simple tools and computing power.

These types of attacks, where hackers gain access to a system by trying different user names and passwords until the right combination is found, are difficult to block and can give the hackers access to entire networks, applications and/or other assets.

Implementing Security Solutions

Threats that businesses are facing this year may not be what they see next year, which is why companies must be elastic in their security planning. By identifying the most vulnerable points in their current environments—whether it’s on-premises/private cloud, public cloud or hybrid cloud—businesses can then start to draft strategies and analyze potential solutions.

When developing a security strategy, businesses shouldn’t automatically jump to technology selection, but instead should think about the type of data and applications they will be using in the cloud or on-premises. Once they understand what they are protecting, they can then build out the security process that includes responsibilities, stakeholders, incident response plans and contingency plans should something go wrong.

With a security process in place, businesses can then look at the actual solutions and tools that will help to keep them protected. Just as the cyber threat landscape changes, so does the latest technology in security solutions, which is why a customized plan that changes as a business’ needs change isthe best course of action. A complete security solution should protect data and applications from all angles—network, cloud and employee communication—to mitigate any and all threats to data. A Managed Services Provider (MSP) can provide personalized solutions and enhance network and cloud security by helping to implement tactical solutions such as firewalls, antivirus protection, Operating System (OS) hardening, intrusion detection and web filtering.

The right security solutions are only effective if businesses take the right actions and implement the right policies. Some of the most important steps to a successful security plan involve testing, governance, education and implementing security policies for employees. Nonexistent or relaxed cyber security and access management policies can leave organizations vulnerable to attacks. However, having well-defined regulations as part of a larger employee IT governance policy can help prevent the potential for damage from network or data hacking attempts.

The majority of businesses’ security is in the hands of their own employees, and robust security solutions are most effective when strongly aligned with employee awareness. Ongoing security awareness training and communications keep security a priority in the minds of employees; when they’re educated and vigilant, there’s far less risk of a cyber threat becoming a serious problem.

Regardless of the business type, part of that employee awareness and training should address the growing trend of a BYOD workplace. In a BYOD workplace environment, people can work from anywhere, at any time, which is a great benefit to organizations and increases collaboration and efficiency. However, with such advantages comes the responsibility of protecting the network and critical data, which requires implementation of a solid BYOD policy.

BYOD practices take security concerns to a heightened level, adding new dimensions to IT management, administration and control. When creating a BYOD policy, specify approved functions and applications that users can access, as well as acceptable behaviors.

Companies should also adopt a plan for overall patch management, since unpatched software and systems can lead to major security issues. In addition to establishing a process to update systems regularly, all updates should be tested to confirm that they don’t create additional vulnerabilities. Other actions that companies should take include regularly reviewing logs to identify vulnerabilities and testing and securing their code to thwart future attacks.

The final component of a successful security plan is allocating enough staff and resources to support that plan, which is why security is considered to be a shared responsibility between executives, employees and a trusted service provider. The best-protected systems are those that are constantly managed by a dedicated IT team. If companies find that they are lacking resources to provide ongoing support and monitoring, managed network security solutions are the answer. To choose the right Managed Service Provider (MSP) and solutions, a company must first look at what security options are available and partner with a provider that delivers the right type of security to support its core IT environment and activities. Providers should also allow businesses to manage elements of their own security and customize services, which can be critical for meeting regulatory compliance and security requirements specific to certain fields and/or industries.

Data security should be an ongoing effort for businesses that adapts as needs change and new threats emerge. The service provider and solutions that a business chooses are crucial, but those are only components of a complete security plan. Taking a proactive approach to cloud and network security involves careful risk assessment, knowledge of threats and, most importantly, careful planning to combine solutions and practices that provide peace of mind for business leaders and IT executives.

This article originally appeared in the November 2015 issue of Security Today.

Featured

Featured Cybersecurity

Webinars

New Products

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3