Each year, irrespective of the slew of new technologies and solutions aimed at securing enterprises and small businesses alike, cyber crooks remain one step ahead. Add to this the growing complexity of the threat landscape, and it’s easy to understand why CIOs are staying up at night.
Simon Campbell-Young, MD of Credence Security, says companies are focusing too much on the next new, shiny piece of technology, and are ignoring the basics of good security.
“Even companies with small security budgets can follow a few basics steps to improve their security and keep their data safe. Firstly, they need to understand what their most valuable assets are, and where they are kept. Focus the majority of the security efforts on protecting the most valuable data. Know where that data is at all times, and where it is moving. Know if it is being abused, or altered, and if it is, by whom.”
Similarly, he advises to focus on privilege account security, as too many attacks are successful because privileged IDs are abused. “What works here is a strategy and solution that looks at detection, prevention and monitoring of privileged accounts. Remember that a privileged account is how admins login in to servers, applications, switches, firewalls, routers, database servers, and suchlike that they need to manage. A lot of these systems, by default, permit simple username/password pairs to log in. In some cases, when an employee or contractor leaves the company, their credentials remain active. This isn’t a very safe practice.”
According to Campbell-Young, it is also crucial that any business measures its security to get a genuine read of its current state. “Regular penetration testing and red team simulations are a good idea. If you are unaware of your vulnerabilities, you can’t fix them.”
Next, he cites the human weakness. “Remember that any security chain is only as strong as its weakest link, and nine times out of 10, that is your people. Train, train and train your staff some more. Over and above training, have solid processes and procedures in place, and make sure all your employees understand them. Have data leakage prevention (DLP) solutions in place, as this technology was built to defend against insider threats, either malicious or careless, delivering complete visibility into all data access and usage, as well as applying controls to enforce the company’s data protection policies and prevent sensitive data from leaving the company.”
Also scrutinise your third-party partners, and make sure their security controls are up to scratch. “You can have the best security solutions in place, and the most well-trained, tech-savvy staff. If a third party who is insecure connects to your network, you are compromised. Make sure your partners have the same levels of security as you do, and test this on a regular basis.”
Campbell-Young advises to never forget about the endpoint. “An increasing number of attacks are moving away from the network and servers to the end-user PCs, because they know that people are the weakest link, and that many people work on the go these days – from a laptop in an airport or coffee shop, or from the comfort of their homes, where there is no perimeter security to protect them. Make sure all anti-malware is kept up to date, and that patching happens on a regular basis. Enforce application whitelisting and have policies in place to cover shadow IT and unauthorised applications.”
Ultimately, a holistic approach to security is the most affective one, one that covers tools, policies, procedures and people. Focus not only on prevention, but on detection, as well as response, and instead of having different layers of security, adopt a strategy that integrates your people, tools, and solutions, allowing the different areas of security to be able to talk to each other, and better secure the enterprise.