On 30th November every year, Computer Security Day serves as a reminder to businesses to protect their technology. Since the first home computer, how we all use this technology has changed drastically. As such, the security precautions that are required to protect them, too, developed over time to match. To recognise the day, IT experts all specialising in security share their thoughts and advice on how best to protect technology in the current digital climate.
Avoid falling prey to ransomware
“Ever since its advent in 1988, Computer Security Day has reminded us all of the importance of keeping online data safe and secure,” explains Alan Conboy, Office of the CTO at Scale Computing. “More recently, the news cycle has been flooded with organisations from airlines to banks and hospitals, even entire local governments, falling victim to ransomware attacks. Threats such as these are evolving at a horrific pace, and they will continue to become smarter, more lucrative and increasingly devious in 2020. Where before organisations were able to avoid modernising their infrastructure defences due to the cost, now, it is more costly not to do so.
“This malicious momentum has grown significantly since 1988, and it’s now more important than ever for businesses to realise that traditional legacy tools are not only slowing their digital journey down, but leaving them vulnerable to tactical and well-organised criminals. Organisations should take advantage of highly-available solutions, such as hyperconvergence and edge computing, that allow them to not only keep up with changing consumer demands, but deploy the most effective cyber-defences, disaster recovery, and backup.”
Prevent falling hook, line and sinker to phishing
The standard response to Computer Security Day will be about how it’s important to install anti-virus, ensure software is up-to-date, enable two factor, not to download apps from emails, have strong unique passwords and not to enter your credentials from a link sent via email. But Steve Nice, Chief Technologist at Node4 believes it's time to think more outside the box:
“Looking forwards, cyber-criminals will begin to employ big data analytics to feed AI systems that target their prey more efficiently for phishing emails. At the moment it's still untargeted – even if it is directed at a specific company – and the hit rate is very low. Cyber-criminals will continue to use phishing emails to deliver ransomware to target businesses, as they know that their assets are valuable, and to continue working they have to pay. But, what we'll see is this activity spreading to household users who will have their cars and homes targeted. Wouldn't you pay to get control of your car or home back? It's a few years off, but it’s inevitable.”
Technology is part of everyday life for most people in 2019. But with the ubiquity of cyber-threats like phishing and ransomware, the security of our devices and data must also be part of everyday life and Computer Security Day is a good reminder of that. Jan van Vliet, Vice President & General Manager EMEA at Digital Guardian, comments:
“For businesses computer security should always be front of mind. Regularly reviewing system settings and disabling unnecessary services that may leave them open to attack is a must. It is also absolutely essential that IT systems are constantly updated and free from known vulnerabilities. Businesses also need to step up their phishing awareness efforts, including educating remote workers about attacks via SMS and smartphone apps. A method of good practice is to deploy software that can warn employees when a program attempts to download a file from the Internet or write a file to disk. Prompts can also help train users to recognise and report attacks in progress. Continued training initiatives are also very important in raising employee awareness and make them more cautious.”
Pin down your cloud security
“Cloud adoption has continued to grow at an astonishing rate, and while cloud-based tools and policies like bring your own device (BYOD) have improved businesses’ agility, they have also made sensitive data more accessible, presenting a significant IT security challenge,” says Anurag Kahol, CTO at Bitglass. “Unfortunately, in cloud-based IT environments, organisations often don’t have the right security measures in place, making it highly challenging to detect anomalous or careless employee behaviours.
“In fact, a recent Bitglass report found that while 86 per cent of enterprises have deployed cloud-based tools, only 34 per cent have implemented single sign-on (SSO), one of the most basic and critically important cloud security tools. As such, Computer Security Day serves as a good reminder for businesses to review and revise their approaches to data protection. By better understanding modern threats and deploying the appropriate security solutions, many of these risks can be mitigated and even eliminated.”
Use data intelligently
Stephen Gailey, Head of Solutions Architecture at Exabeam points out how security teams can use analytics to grasp a better understanding of network user activity:
“Almost all of the huge breaches we read about in the news involve attackers leveraging stolen user credentials to gain access to sensitive corporate data. This presents a significant problem for security teams. After all, an attacker with valid credentials looks just like a regular user. Identifying changes in the behaviour of these credentials is the key to successfully uncovering an attack. But in an age of alert overload, security teams are often overwhelmed and can struggle to make sense of the data in front of them. Applying User and Entity Behaviour Analytics (UEBA) to the data already collected within most organisations can help security teams connect the dots and provide a useful profile of network user activity. It may not stop you being breached, but it will tell you about it before the damage is done.”
Your people are your best asset
Agata Nowakowska, Area Vice President at Skillsoft believes companies should be placing more importance on training their staff:
“Mobile platforms, Big Data and cloud-based architectures are creating significant challenges for data protection, but no challenge is higher up the corporate agenda than IT security. Even the most careful organisation is vulnerable. A smartphone or laptop inadvertently left on a train, or a well-intentioned lending of access privileges to an unauthorised user can have far-reaching consequences. Security is the number one IT priority in nearly every business sector today, but the scarcity of security-savvy IT experts means many companies can no longer rely on hiring their way to a robust solution. Fortunately, there are a wealth of sophisticated education and training strategies now available that allow organisations to reward and retain employees whilst simultaneously improving corporate security from within. From expert-led instruction to continuous hands-on experiential learning, organisations are putting in place complete frameworks for training and certification that can tighten corporate IT security, making them less vulnerable to both external attacks and insider threats.”
And if you are hit with an attack…
Gijsbert Janssen van Doorn, Technology Evangelist at Zerto advises, “It’s not up for debate whether cyber-protection is important, because it always has been. But, in a culture where attacks and downtime are now not a question of ‘if’ but a question of ‘when’, only implementing protective precautions is simply not going to cut it.
“As the odds of suffering from a cyberattack grow, businesses need to ensure they are prepared for what will happen after a disaster. Because, in order to maintain a healthy reputation and pocket, organisations will need to do more than just keep people out and precious data safe. They will also need to demonstrate how cyber-resilient they are by quickly returning back to functioning as normal and minimising the potential long-term impact of a cyberattack.”