By auditing your existing security solutions there may be opportunities to utilise these better, by identifying the solutions that are delivering poor ROI and the ones that could provide solutions to different security challenges.
Why is cyber security management so often reactive? Typically, it’s because security is bolted on to existing network systems and architecture when vulnerabilities are identified or a threat hits home. This often results in businesses deploying multiple prevention and detection solutions in an attempt to shore up different areas of the network architecture.
This reactive approach can be difficult to manage, with different security solutions addressing different challenges and all reporting on multiple dashboards. Moreover, the ‘sticky plaster’ approach is expensive. Businesses end up throwing money at security solutions that are underutilised and inefficient, and still there are gaps in their network security.
As we all know legacy systems can be a bit of a headache. They don’t work well together, they may be out-dated and require frequent patching and updates, and generally there is an intention that when these IT systems are eventually replaced a more proactive (even holistic) approach to security will be implemented.
However, budgetary constraints often scupper these plans too, and Information Security professionals have to find effective workarounds ensuring legacy systems do not pose a threat to the business in themselves.
While designed to protect business critical systems and data, legacy solutions can often expose the business to vulnerabilities, providing hackers or cyber criminals with an open invitation to exploit your systems. Once a product reaches its’ End Of Life (EOL) patches and updates are not available, increasing the risk of a cyber attack. Cyber criminals are targeting these kinds of vulnerabilities.
Moreover, it is unlikely you will know how vulnerable your business is, lulled into a false sense of security that your prevention and detection solutions are doing their job.
So how can your business or organisation drive efficiencies and savings, and become more proactive when managing your cyber security? The three core principles of information security provide a starting point:
1. Confidentiality – what data is sensitive and who should have access to it?
2. Integrity – how can we prevent data being modified or deleted except by authorised users?
3. Availability – how we can ensure that information is available to the right users and for business continuity if an incident occurs?
These are the core principles known as the CIA Triad, the basis for designing information security policies. By using these principles when addressing vulnerabilities and threats it may be possible to find more effective ways to protect your business than bolting on another solution.
Instead we can look at network architecture using these core principles and explore what solutions are already in place and how these supports the CIA Triad. For example, what existing solutions have Identity and Access Management capabilities? Are they fit for purpose, and can any of them be deployed in other areas of the network to support the principle of ‘confidentiality’?
Alternatively, do you have existing information security solutions in place that are making it difficult for users to get on with work, blocking them from accessing authorised data or systems? If so, they will most likely be looking for a workaround themselves that could result in security being compromised – for example by someone using another person’s password to access more sensitive data.
The availability issue is also pertinent when an attack does occur*. For example a denial of service (DDOS) or malware attack preventing authorised users from accessing business critical data. If your business requires maximum uptime and the damage caused by any period of downtime (either because of a cyber attack or incident like a power outage) is too much to contemplate; you need a robust business continuity / disaster recovery solution now.
We recommend that you get back to basics and take a total network architecture view of the threat landscape and your business’ vulnerabilities. This way you’ll be able to identify the gaps in existing solutions and how the core principles of information security apply to your network architecture. With this you can then build on those principles, and on solutions in a more proactive way.
When a cyber attack occurs
We’ve stopped saying if a cyber attack occurs, instead saying when an attack occurs. This is because increasingly security experts agree that cyber attacks are inevitable. Regardless of your company size, sector and business type, if you have IT systems for business operations, collate and store data on customers, suppliers and employees; your business is vulnerable.
The motives for a cyber attacks such as ransomware are easy to see. Ransom demands are on average $1000, it’s an economy of scale where attackers target multiple businesses and organisations. However the cost of a successful attack are higher as it results in disruption to the business, downtime, loss of productivity, loss of potential sales and reputational damage.
Many attacks can have wider repercussions than you might think. Often it’s not the personal data that your business stores that is of most interest to a hacker. It could be that your systems can be the backdoor to another organisation’s data, particularly if your business provides services to others.
You may think your business is small fry and not of interest to cyber criminals, but inevitably it is.
While a cyber attack may be inevitable the fallout doesn't have to be. Effective cyber security prevention and detection solutions can proactively block threats, secure sensitive data and minimise damage. You may already have these solutions in place but are not using them proactively, or perhaps you think you have it covered but the threat landscape has evolved and your business is exposed.
Ian McGregor, Invinsec
Image Credit: Flex