SMB cyber security – time for zero trust

 

In the digitisation age, data increasingly is becoming ‘the business’ and hence the pressure to protect data and users from more sophisticated attacks calls for new more effective ways of cyber protection. Statistics show that the battle to protect data is not heading in the right direction, unfortunately, according to Gartner the number of breaches are increasing as are the average number of records affected. At the same time, businesses are spending more money on security. So how can the security effectiveness gap be reduced? 

One approach that is gaining currency and is slated to become predominant security architecture in the next few years is Zero Trust.  

Zero Trust Architecture for networks was devised by Forrester Research analyst John Kindervag in 2010. The essence of Zero Trust is that perimeter security is inadequate for today’s security threats. The approach should be that no one inside or outside of the organisation should be trusted and users should only be granted access to resources after the user and their device are identified.  

This reminds me of one of my favourite lines from the X Files, “trust no one, be afraid, be very afraid”. OK probably not totally relevant but I just thought I would work it in. 

Both enterprise Information Security Officers and IT suppliers are embracing Zero Trust as the most effective approach. 

Zero Trust addresses the tendency to leave default settings on systems and the fact that many businesses take a very egalitarian approach to internal users – everyone is equal. Also, many organisations do not implement a 2-factor authentication system and can rely on usernames and passwords stored on text files or worst still post-it notes. Generally protecting the perimeter is seen as the main security priority. This approach has been in recent years shown to be fatally flawed. When you consider attacks such as Nyeta, WannaCry etc, the hackers experienced very little resistance once they breached the perimeter and gained access to the network. The network perimeter is increasingly becoming a very blurry concept. As the way we work evolves, cloud services are becoming predominant, users are working remotely, branches are connecting directly to the Internet. So, the Zero Trust approach can easily adapt to the changing landscape because it ensures that security is pervasive.  

 

Some keys steps associated with Zero Trust are outlined below: 

User Identity – verify user identity before granting access to applications – use secure systems such as 2 factor authentication to identify users 

Device Visibility – gain visibility into devices users are accessing systems with, are they corporate managed devices or not 

Device trustworthiness – establish the posture of the device accessing systems, check if the device is secure has up to date security configuration such as endpoint protection and is patched to approved levels – access will not be granted if devices do not meet minimum security levels 

Enforce policies – define a granular policy of which users on which devices can access which applications providing that they meet the minimum security levels 

Secure all apps – enforce secure access to all apps irrespective of user location and based on single sign-on irrespective of user location 

Zero Trust is gaining currency and it is likely that you are already subject to such an architecture where you access other cloud systems. It will likely be a valuable and effective option for you to deploy in your environment if you haven’t done this already. In a future blog, we will look at some best practices for deploying a Zero Trust architecture.

 

Technology To Combat Cloud Security (2018)


cloud security

As the cloud becomes the backbone of the digitisation era we review what this means in terms of securing this emerging complex puzzle of users, data and applications. The interconnected world where access to business IT is expected anytime from anywhere poses different challenges than those previously faced by business leaders and technical teams.

While the changing compliance regimes, with regulations such as GDPR, have meant that your organisation is compelled to take a more comprehensive approach to all aspects of cyber security implementation, monitoring and reporting. Simply put new threats need new approaches because what was being done yesterday won’t protect you from today’s threats. 

What are the most common and emerging threats you need to protect against? 

  • Unknown or day zero threats – new threats that have not been seen before 
  • Use of stolen credentials in the cloud – illegal access to data 
  • Data theft – stealing sensitive data 
  • Ransomware – encrypting data and demanding ransom payment to decrypt 
  • Internal breaches (malicious and non-malicious) 
  • IoT compromise – using IoT device to breach the network 
  • Phishing attacks – bogus emails appearing to be from trusted sources 
  • Website hijacking and drive-by attack – planting malware code on insecure websites 
  • Password attack – guessing the password to gain users access 
  • Malware attack – malicious software is installed on a computer 

 A number of technology approaches have emerged which are needed to counter the threats posed by the evolving cyber security threat landscape. Some of these are briefly discussed in the following section. 

Endpoint protection 

The endpoint along with your user is the most common points of security compromise or breach. Adequately protecting the endpoint will go a long way to mitigating potential threats. The approach, however, needs to be a proactive form of protection rather than reactive prevention that is associated with anti-virus type endpoint protection.

The next generation of endpoint protection typically must have some or all of the following features; 

  • Zero-day threat protection 
  • AV and anti-malware protection 
  • Protection against rootkit attacks 
  • Central policy control and alerting 
  • Real-time threat analysis from intelligence feeds 
  • Multiple detection measures 
  • File and device trajectory 
  • API support 
  • Continuous analysis and retrospective detection 
  • Offline support 

Next Generation Firewall 

Network-wide protection at the perimeter as well as against lateral spread between domains is now an essential component of the new threat defence landscape. Next-generation firewalls have a major role to play in this respect. Just simply having a firewall with stateful packet inspection is like having a leaky bucket in the face of emerging attacks.

With the growth of IoT devices from industrial sensors to thermostats to light bulbs, IoT while presenting a huge opportunity for analytics and automation of businesses processes, IoT presents a real security risk.

Networks now need to be segmented by a next-generation firewall which can then implement some of the following protection measures. 

  • Application visibility and control – view the potential thousands of applications on your network and control what is or isn’t allowed and how many resources they can have 
  • Malware protection – discover and block network-based malware 
  • Advanced Intrusion Prevention – detect and block the latest intrusion attempts 
  • URL Filtering – block undesirable content and dodgy websites that may be hosting malware 

Cloud Security 

With the proliferation of cloud, more than 60% of business workloads are now cloud-based. Cloud security is at the forefront of consideration throughout the lifecycle of IT applications.

Given that workloads are accessed from anywhere the security that was formerly provided on network premises is no longer sufficient and now needs to be pervasive and advanced to meet the new reality. The new generation of security must embrace the cloud topology and will include the following features. 

  • Block threats for users irrespective of where they connect from and irrespective of whether they are using VPN 
  • Prevent access to malware sites as well as hijacked domains 
  • Protect users and data against compromised accounts 
  • Enable secure and responsive cloud access while maintaining productivity 
  • Extensive reporting of how, when and what users are doing 

Cloud security will feature a number of technologies configured to provide a layered security approach and should include; Secure DNS, Cloud Access Security Broker, Web Security, Email Security. 

The new cyber security reality and the necessary protection is likely not as big a step as some of us imagine given that many of these services are available as cloud services.

In addition, most security devices have only a small subset of their features enabled. Arm with a good plan and the will to take the necessary steps, achieving a healthy level of cyber security protection is within reach of most organisations today as it not solely the domain of the big well-resourced businesses.

Cisco Umbrella

9 Security Questions To Ask Your SaaS Provider

SaaS provider

Digitisation is driving the adoption of SaaS applications at an unparalleled rate. With this rapid adoption comes increased risks.

 

Cloud-based applications carry a joint responsibility where the SaaS provider is responsible for the security of the infrastructure while you, the customer, is responsible for the user and the data.  

Securing your users and data will be dealt with in a future article. This article will focus on some important questions you need to ask your SaaS provider.

The answers will determine the risk associated with SaaS offerings. This should act as a guide in making the decision on who to choose. 

1. Is Data in transit protected between clients and the service? 

Your data should be protected by your SaaS provider between the client and the SaaS service. When the client and server communicate the service should use a method of encryption to afford privacy. Furthermore, your provider should ensure no third party can eavesdrop or tamper with the message.

The recommended security protocol is Transport Layer Security (TLS) 1.2, it’s predecessor Secure Socket Layer (SSL) protocol is considered to be insecure. 

 

2. Do you protect external data in transit using correctly configured certificates? 

Certificates used with the TLS connection should be correctly configured by your SaaS provider. In addition, they should be sourced from trustworthy and reputable sources. 

 

3. Do you protect internal data in transit between services, using correctly configured certificates? 

Certificates used with the TLS connection should be correctly configured and sourced from trustworthy and reputable sources. 

 

4. Do you protect internal and external APIs through an authentication method? 

All externally exposed API queries which return information should require authentication before they can be called. 

 

5. If privilege levels exist, do you have the ability for low privilege users to be created? 

Ensure the SaaS product has a granular approach to privileges. In addition, it should have a mechanism in place to enforce separation of privileges between different accounts. 

 

6. If there is a granular approach to privileges, is multi-factor authentication available on elevated privilege accounts? 

Your chosen SaaS provider should implement a multi-factor authentication service which helps to lower the impact of credential theft. 

 

7. Do you collect logs of events? 

Your provider should ideally generate all relevant security logs as well as critical events. In addition, your event logs should be made available to your audit and monitoring service. 

 

8. Do you have a clear incident response and patching system in place to mitigate any issues in the service? 

Ideally, they should have a clear patching system and be able to demonstrate a good track record in this area. 

 

9. Do you provide clear and transparent details on your product and the implemented security features? 

A good provider should make available clear and transparent details on their security features and how best to configure them. 

 

In closing

A SaaS provider who has implemented a service based on best practices should be able to respond comprehensively to the questions raised. These responses can form the basis for an effective risk assessment of your potential provider.  

As you continue to migrate your services to the cloud and make use of SaaS applications, it is critical to avoid the security gap that appears between your provider and your business. Ultimately you are responsible for your data and the users that access them, therefore selecting a credible provider who will assist you to implement effective security for your SaaS application is well worth the extra due diligence.

You may be interested in our Cisco Umbrella.

Cisco Umbrella

DNS Security Guide: the centre of cloud security

Remote working: Cloud Security, DNS, Branches

DNS is a service we always make use of. So how can securing a simple background process like DNS have a dramatic effect on an organisation’s cyber security posture?

 

DNS is the most ubiquitous protocol on the Internet and is deployed in literally every connection that takes place whether surfing a website, watching YouTube videos or accessing corporate cloud applications. This ubiquitous use of DNS means that it is also involved in some very undesirable connections to sites like malware sites, known bad sites, command and control centres etc. Other attacks have involved data exfiltration in packets disguised as DNS.

 

The fact that DNS is involved in around 92% of web attacks strongly suggests that it is an area that is worthy of further efforts in the fight against cyber-attacks. DNS is one of those protocols that just works in the background like a utility and as long as resolution is working then no one pays attention to it.

 

DNS is a lynch pin, if it doesn’t work then most applications will stop working and the IT services will grind to a halt. It is vital therefore that DNS gets more prominence and is monitored and secured to ensure continued running of services. It has a pivotal role in getting us connected to literally any service we need to access, whether via email, web or a bespoke application.

 

Here are some numbers though that tell us not only what’s happening but also some concerns that we need to have at the forefront of our minds:

 

  • 82% of mobile workers admit they always turn off their VPN
  • 15% of command and control threats evades web security
  • 60% of attackers penetrate an organisation in minutes and steal data in hours
  • 100 days is the average detection time for an attack
  • 100% of networks interact with malware sites
  • 92% of attacks make use of DNS

 

Clearly, there is a wide range of threats that organisations need to address in crafting and implementing an effective approach to cyber security. One area that has and is receiving very little attention is the area of DNS.

DNS Monitoring

DNS monitoring and the implementation of an active security policy that cannot be circumvented by staff can have untold security benefits. Such an approach could be used to block malware and phishing attacks in real time as opposed to after the event. Also, the use of DNS to resolve requests for known malware sites could also prevent attacks before they happen.

 

The DNS controls could hold a regularly updated list of known malware sites and block devices from accessing these sites. Active monitoring could also provide valuable information about whose machine has been compromised and where they are connecting from.

 

DNS monitoring can also provide a baseline of what normal behaviour looks like for your organisation. Anomalous behaviour is, therefore, easier to detect and acted on. A number of high profiles sites such as Tesla, that have been hacked could have been prevented if the DNS records were being monitored and these organisations were then able to detect and block changes to their DNS records.

 

Visibility of who is connecting to what site is also a great benefit of DNS monitoring. The explosive growth of IoT devices poses significant threats if they are not properly secured. DNS security could play a vital role by enforcing policy e.g. if the CCTV network should be blocked from Internet access, DNS security controls could prevent these devices being used as a backdoor that could be used for malware propagation or data exfiltration.

 

Failing to monitor and control DNS is a lost opportunity not only to secure your organisation’s network but also to gain visibility into who is doing what.

 

An important service in addition to the above is the ability to query domains and file hashes from a central intelligence platform that has up to the minute data on the bad domains so that your security incident response team has the ability to conduct intelligent investigations independently of any infections. For instance if you keep doing a DNS query for a site in Russia and you don’t have any business relationship in Russia, that’s something that you should query.

 

DNS and Remote Working

Adoption of cloud based technology and the proliferation of remote working is driving a new approach to security that needs to be omnipresent providing the highest practical levels of cyber security for the user, the network and the data.

 

The decentralised nature of organisations due to remote working and the increasing importance of branch offices is another security challenge organisations are facing. Mobile devices such as laptops are the primary devices where user changes could compromise security. Around 80% of remote workers disable their VPNs when they browse the web.

 

Therefore, a DNS based security mechanism can help to maintain the security posture where these remote workers able to still make use of this form of protection even when they disable their VPNs. DNS security can protect any device including IoT, guest devices and roaming clients.

 

Remote Working: Cloud Security, DNS

Security Internet Gateway

Security analysts such as Gartner and IDC have a new security term that is relevant to this emerging security environment and have coined it the Security Internet Gateway. The principle function of the Secure Internet Gateway is to secure the cloud environment in the same way that we secure the on-premises environment.

 

Implementing a security platform in the cloud will break the limitations and constraints of centralised solutions. The security must be flexible in line with user access, virtualised to deliver security wherever it is needed and extend beyond just securing web protocols such as http and https.

 

Most security vendors now offer cloud based security solutions and in many instances what they have done is taken a conventional security component such as Anti-Virus or Web Proxy services and deployed it in the cloud. While this may be a good start, a range of other technologies need also to be included in the security stack deployed to protect users and data.

 

When users connect to the web they must immediately undergo inspection and policy enforcement to ensure their connection is being done in a secure manner. These may include but not limited to;

 

  • Visibility and enforcement of policy on or off VPN
  • Security against threats from all ports and protocols
  • Inspection of web traffic and file inspection including behavioural sandboxing
  • Live threat intelligence from global internet activity with near real time updates
  • Visibility and control of SaaS applications

 

Clearly no single solution can provide all of these components, but a Secure Internet Gateway correctly specified could go a long way to providing many of these security measures. Secure DNS must be a major component of the functionality of Secure gateway because of its ability to stop a large swathe of attacks before they reach the user or the data.

 

DNS Security Protection

An effective DNS security protection control can have the ability to identify the endpoints attempting the malware connection and therefore feed into the clean-up and mitigation plan.

 

Analysis has shown that most ransomware does a DNS call back, ransomware payment notification also uses DNS. The ability therefore to block a malware connection via DNS security at one or another step of the malware execution process can therefore prove to be the most effective way to implement malware protection.

 

DNS security can act as a form of perimeter security where the perimeter is pushed back to the source of the cyber threat. So the threat is initially blocked at the source or its point of origin. How this works is that the DNS points to a secure DNS service with up to date threat domain intelligence and machine learning that discovers and protects against emerging threats. Remember that 100% of organisations interact with known malware domains. Securing DNS will instantly block these connections as they are requested, as well as blocking future domains that have been identified as malware hosts.

 

Correct implementation of DNS security could make it the first line of defence even before a connection is established by checking the DNS request and blocking bad sites. This will help the IT teams by freeing them up from a large number of alerts that would be generated if the malware had been downloaded.

 

If a previously infected device connects to the network or service, secure DNS will block the command and control call back to the malware domain and notify the security team.

 

This level of security is highly scalable in that it can be provided for an individual roaming client, a branch site or the organisation’s principle location.

 

Another useful feature is the ability to track normal behaviour for your organisation in terms of the rate and volume of requests over time. Anomalous behaviour can then be detected by comparing significant changes in normal behaviour.

 

A secure DNS solution will also provide detailed information about the malware domain such as IP addresses, associated domains and attacks associated with these domains. A robust, secure DNS solution could also provide a data feed into other security components in the organisation, thus sharing security updates that can be actioned elsewhere in the security stack.

 

Cisco Umbrella

 

Cyber Risk Assessment– get good at it

Today’s reliance on IT technology is unparalleled and will only increase. While some businesses are pondering the benefits of IoT deployment or bespoke business applications, others are ploughing ahead and pioneering their initiatives.

Some of these initiatives are stuttering and some are big winners that have transformed their business. Digitisation and it’s attendant benefits is the new game in town and it is not going away soon.  

The constant question that new initiatives will always raise is, what about cyber security? These new initiatives also need to be balanced against new compliance regimes such as GDPR which can levy punitive fines for breaches involving sensitive personal data. IoT means a greater footprint or attack surface; a new cloud application means potential exposure of data or the possibility of unauthorised access.

While these risks and others exist, this should not hinder businesses taking advantage of the potentially major opportunities from digitization. What is therefore of paramount importance is a way to effectively assess and mitigate the risk from these initiatives and other IT activities that will enable the businesses to safely adopt new technology. 

 

Cyber security is everyone’s concern 

Cyber security is no longer just an IT issue, now it is definitely everyone’s concern. Responsibility is now being devolved as applications move to the cloud. More departments are involved in selecting and implementing their apps, therefore they also need to have security at the forefront in both the selection and operational processes. 

 

Comply with regulation or become extinct 

Regulation is now gaining real teeth and therefore compliance is no longer an optional nuisance. Consider the Carphone Warehouse breaches recently. If the recent 6m records breach occurred under the watch of GDPR, the fine could be a whopping £428m, compared with the max £500k fine which could have been levied under the previous Data Protection Act. Compliance is now an imperative and failure could mean business extinction due to the punitive fines.  Compliance should be seen as an opportunity to get your business in shape in which case everyone benefits. 

 

Cyber risk assessment is a specialism 

Change is another constant in IT, therefore risk assessment should be constant and continuous. Oftentimes risk assessments are left till the end of an initiative when in fact it should feature right at the beginning and be a part of the “go/no go” decision. If risk assessment is built into project implementation, the end result will definitely look a lot better than if it were an after thought. The struggle is to find the skills where there is a good understanding of IT risk management. It is an area where businesses need to invest in training staff at all levels of the organisation. 

 

Risk assessment and mitigation needs to be a continuous process where all departments in a business are engaged in continuing assessment, monitoring and improvement of the risk exposure.  

 

An interesting development in this light is a joint solution offered by Aon, Apple, Cisco and Allianz. The components of the solution include the following; 

  • Risk Assessment with a target output of an analysis of the businesses level of insurability, its security posture with recommendations on how to correct any gaps.  
  • Those wishing to improve their security posture receive a plan that includes an enterprise ransomware solution incorporating, advanced email security, endpoint protection and DNS layer security.  
  • The business will also deploy Apple MacOS and iOS endpoints.  
  • Businesses choosing this solution will receive favourable terms from Allianz who consider this combination to be a more secure solution.  

 

While it may not be practical for all businesses to adopt this solution, the method/approach is a useful indication of a what can be done. The importance things is the assessment needs to be continuous and reflect the status of the business and it’s use of IT at any point in time which of course is a moving goal post.

7 infographics from the Cisco 2018 Cyber Security Report explained

In our final part of Cisco’s 68 page 2018 Annual Cyber Security Report, we summarise the key findings and highlight the main takeaways contained in the report.
While most of the information is already known, put in context it gives a thorough view of the changing landscape and importantly identifies some of the steps that Information Security teams could take to mitigate the growing risk.
The reports highlights include;
  • Self-propagating ransomware is a growing trend
  • Legitimate cloud platforms are increasingly being exploited for cyber attacks
  • Cyber attackers are exploiting gaps in security coverage as organisations move to the cloud
  • Lack of skilled cyber security staff is a growing problem
  • Security is more effective when policies governing technology, processes and people are synced
  • Scalable cloud security, advanced endpoint protection and threat intelligence can be deployed to reduce the cyber threat risk
According to the Cisco report, cyber attackers are amassing their techniques and capabilities at an unprecedented scale.
Ransomware is the most profitable form of malware and has evolved into self-propagating network based cryptoworms as witnessed by Nyetya
and WannaCry. These ransomware variants took down whole regions and
sectors of infrastructure such as the Ukraine and the NHS.
Cyber attackers are weaponizing the cloud and using legitimate cloud services from well known vendors such as Google, Amazon, Twitter to host and conduct malware attacks. They are in fact capitalising on the benefits of cloud platforms such as security, agility, scalability and good reputation, oftentimes repurposing their sites before they are detected.
Cyber attackers are exploiting gaps in security coverage including IoT and cloud services especially where the organisation has not extended their security controls to include securing users and data in the cloud. Another growing obstacle to more effective cyber security is lack of skilled cyber security personal and inadequate budgets.
Cisco’s report also provides some essential guidance that organisations
should adopt in order to meet the growing challenge and provide more effective cyber security protection. Some of these measures include;
  • Implementing scalable cloud security solutions
  • Ensuring alignment of corporate policies for technology, applications and processes
  • Implementing network segmentation, advanced endpoint security and incorporating threat intelligence into security monitoring
  • Reviewing and practising security response procedures
  • Adopting advanced security solutions that include AI and machine learning especially where encryption is used to evade detection
While the security report is essential reading for all personnel responsible for an organisations information assets, in many areas it reiterates what we have been hearing about in the news and trade publications. The essential call to action is really to make a good start by doing the essentials. If you have already done this, then keep testing, refining and improving your cyber security posture.

5 Takeaways from the Cisco 2018 Annual Cyber Security Report

Cisco Annual Cybersecurity Report 2018

Cloud abuse on the rise according to Cisco Security Report

Cisco’s Annual Cyber Security Report 2018 provides an insightful account into the changing cyber security landscape. This article summarises some findings of the report pertaining to cloud security.
Some main take aways from the report that will be discussed in this blog include:
  • Legitimate cloud services such as Twitter and Amazon being used by attackers to scale their activities
  • Machine-Learning is being used to capture download behaviour
  • Cloud Security is a shared responsibility between organisations and its provider
  • There is an increase of belief in the benefits of cloud security
  • Cloud abuse is on the rise
According to the report, increased security was the principle reason security professionals gave for organisations deciding to host corporate applications in the cloud.
Fifty seven percent believe the cloud offers better data security
Organisations who have a security operations team are likely to have a well defined cloud security approach that may include the adoption of Cloud Access Security Broker (CASB) as they deploy to the cloud.
Many smaller organisations however are adopting cloud services without a clear security strategy, there is therefore a blurring of the security boundaries where many organisations are not certain about where their responsibilities end and where the responsibility of the cloud provider starts.
Security in the cloud is a shared responsibility: Cloud Security, DNS, IaaS PaaS Saas
Security in the cloud is a shared responsibility
Cyber attackers are increasingly taking advantage of this blurring of the boundaries to exploit systems.
An increasing trend amongst cyber attackers is to use legitimate cloud services to host malware and command and control infrastructure. Public clouds that have been used for malware activity include Amazon, Google, DropBox and Microsoft.
This makes it doubly difficult for security teams to identify bad domains and take protective measures without risking significant commercial impact caused by denying user access to legitimate business services.
Examples of legitimate services abused by malware for C2
The misuse of legitimate services is attractive to cyber attackers for a number of reasons;
  • Easy to register a new account and set up a web page
  • Adopt use of legitimate SSL certificate
  • Services can be adapted and transformed on the fly
  • Reuse of domain and resources for multiple malware campaigns
  • Less likely that infrastructure will be ‘burned’ (service can just be taken down) with little evidence of its purpose
  • Reduce overhead for attacker and better return on investment
Cyber attackers are effectively using legitimate and well known cloud infrastructure with their attendant benefits; ease of scale, trusted brand and secure features such as SSL. This enables them to scale their activity with less likelihood of detection if current protection methods are retained.
The challenges posed for the security teams defending organisations from these new threats call for a more sophisticated approach because in effect you need to block services that users are trying to access for legitimate work such as Amazon or Dropbox. Furthermore, the legitimate services are encrypted and so malware will be encrypted and evade most forms of threat inspection techniques– the threat will only become apparent after it has been activated on a host.
Intelligent cloud security tools will need to be deployed to help identify malware domains and sub-domains using legitimate cloud services. Such tools can also be used to further analyse related malware characteristics such as associated IP addresses, related domains and the registrant’s details.
An emerging and valuable approach to detect anomalous behaviour is machine learning.
Machine learning algorithms can be used to characterise normal user activity, unusual activity can be identified, and action taken automatically.
Machine-learning algorithms capture user download behaviour 2017
To meet the range of challenges presented by cloud adoption,
organisations need to apply a combination of best practices, advanced security technologies, and some experimental methodologies especially where they need to overcome the use of legitimate services by cyber attackers.

Would you like to learn more? Claim your Free copy of our latest eBook “A View of the Cyber Threat Landscape”. Click here.

What’s HOT What’s NOT: Cyber Security 2018

What are the main cyber security trends and focus areas for IT Managers and Chief Security Officers so far in 2018?

One thing we know for sure is that cyber security won’t be taking a lower profile as IT embeds itself at the core of organisations becoming a true business enabler.
IT is at the core of organisations and if there is a glitch then the business impact is profound. It is therefore beneficial to be able to focus limited resources and efforts on the priorities that will really
make the biggest difference.
 So the question is what will be HOT and what will NOT in 2018. The list below, while not being exhaustive, gives a focus on what you should be prioritising.

 HOT

  • GDPR
  • Ransomware
  • Cloud

NOT

  • Anti-Virus
  • VPNs

HOT: GDPR

25th May 2018 is the date the GDPR will come into force. The regulation will affect literally every organisation that holds personal data. With the increasing regulatory powers for investigation and enforcement, firms not complying with the regulation could face severe penalties.
GDPR must, therefore, be high on the list of business priorities and a comprehensive approach to GDPR compliance will necessitate a comprehensive review of policy, process and technology.
In a recent article we discovered that 52% of medium sized business have NOT made changes/prepared for GDPR!

NOT: Anti-Virus

In the face of the new breed of sophisticated, adaptable forms of cyber attacks, traditional Anti-Virus is becoming redundant. The approach of traditional Anti-Virus which is based of signatures relies on threats having been detected and updates being propagated to clients before an attack occurs.
Organisations need multiple layers of protection to stand any chance of detecting and blocking new threats some of which can dynamically probe and adapt to the host environment.
Anti-Virus is still essential especially if it also monitors for abnormal behaviour, however if it is your primary line of defence, expect the worst, as Robert Mueller says, you will be attacked, depending solely on Anti-Virus increases the likelihood of it happen sooner and more frequent.

Related Resources

HOT: Ransomware

2017 saw the spread of global ransomware variants Wannacry and Nyetya. Wannacry made significant parts of the NHS powerless while Nyetya caused major losses for businesses. Fedex counted losses in excess of $300m and at one stage had to resort to WhatsApp for internal communications due to compromised email systems.
The ransomware ‘business model’ has stepped up a notch with it being made available to buy as a service. The avatar of the attacker has suddenly changed from a stereotypical hoody wearing geek to just about anyone who can pay with some Bitcoin.
Ransomware has been the most profitable form of cyber attack to date and franchising it just made it cement it’s pole position as the number one threat in 2018.

Related Resources

NOT: VPNs

Statistics indicate that nearly 50% of workforces are mobile, meaning they access their organisation’s IT applications from remote locations to the organisation’s offices. The ubiquitous VPN has been the secure way of connecting.
 With the various flavours and increasing range of users requiring connections, VPNs are becoming a greater management overhead and an increasing security risk especially if the controls are not kept up to date with the threats.
A need for a more sophisticated and granular method of providing remote access is emerging where users are connected only to what they require, when they require it and furthermore their security posture is established even before they are allowed any connectivity.

Cloud: HOT

Organisations having realised the benefits of cloud adoption have embraced it while mitigating the risks as best they can. The benefits of the cloud in many instances include lower operational costs, agility, increased resilience and scalability.
Cloud adoption is also well suited to the growth of a mobile workforce who need anytime anywhere access to their applications. Securing the cloud data and user access is however an area of cloud implementation that is emerging as a focus area that businesses have not paid sufficient attention to.
Technologies such as secure DNS and the secure Internet gateway are solutions that are highly likely to gain a lot of traction as organisations audit and protect cloud connectivity from a range of emerging cyber threats.

Related Resources

There will inevitably be questions about security topics such as BlockChain, IoT and Phishing just to name a few. Let us know how your list wouldn’t be different.

Trial Cisco Umbrella for 14 Days, completely free and no obligations!

If you have read the last few updates you should now have a deeper understanding of Cloud Security, that’s great! But what can YOU do about it? 

We are offering a 14 day trial of Cisco Umbrella, the industry’s first Secure Internet Gateway in the cloud.

Cisco Umbrella provides the first line of defence against threats on the internet. Because Umbrella is delivered from the cloud, it is the easiest way to protect all of your users in minutes.

It takes no time to install and you don’t have to provide any payment details (or even have a phone call).

So what’s to lose? 

Click here to start your trial! 

A View of the Cybercrime Threat Landscape

Download: A View of the Cybercrime Threat Landscape

$2,235,018 per year

The average amount SMBs spent in the aftermath of a
cyber attack or data breach due to damage or theft of IT
assets and disruption to normal operations.

 

The amount is staggering, and enough to jeopardize the viability of
many companies. Yet the business benefits that come with the internet,
Cloud computing and other applications are impossible to forego
and remain competitive.

 

That’s why business owners and executives are asking one question:

  • Is our internet safe?

 

If your service provider can’t demonstrate how it is making you
company less likely to become a victim of cybercrime, then it is time
to consider alternatives.

 

In this eBook, we’ll outline what companies are up against
today, and how Cisco Umbrella can help bring you peace of mind.

Download: A View of the Cybercrime Threat Landscape