There will be one million cybersecurity job vacancies globally in 2016, according to a recent report from Cisco. In Australia specifically there has been 5% growth in the number of ICT professionals in 2015, and demand peaking at a further 100,000 workers over the next six years.Though this is good news for all those seasoned IT security experts, and upcoming network and security professionals, this increase in opportunity shows us that more businesses are planning to take network security seriously in 2016.
Whether ensuring IT security is your main concern or not, the last thing you would want to hear about is that your network’s security has been compromised. According to PwC, some 71% of incidents go undetected[2], possibly due to a lack resources and implementation of best practice security policies. Let’s look at some key security aspects that may help you tide over 2016 without any discrediting cyber-attacks:
- Prepare/improvise the security framework: What does your current security framework look like? If you haven’t got one, start with a comprehensive audit of the available inventory, the user accounts, type of accounts, the type of transactions (public/internal), the sensitivity of the data being handled, account roles/responsibilities, BYOD policies and change management policies, to name a few.
- Automate threat detection and response: Users, devices and applications generate a large number of network connections, data transactions and application requests. Manually detecting threats in this cacophony is literally impossible, considering how sophisticated hackers and malware have become. Centralizing syslogs and events from network devices, servers, applications, databases and users via a SIEM software is a must-have. This way, it’s easier to automate threat detection as and when it happens, and provide corrective responses to mitigate the risks.
- Implement data-driven analysis: Can you detect suspicious network activities? Yes, if you have access to real-time data showing that there’s an increase in Web traffic activity on a critical router or firewall, or suspicious connection requests to assets from an unknown source outside the network. When an attack happens, data-driven analysis will help you with forensics and root-cause analysis to better understand how the attack happened, where it all started and it propagated into the network.
- Monitor end-point devices: Suppose you are a payroll processing company, potentially containing confidential data of your clients. Any user in your company can save this sensitive data on to a USB device, and you may not even know. Ideally, you must be monitoring all end-point devices, be it a laptop or an USB. In this case, as soon as the user plugs in the USB device, the device should be ejected/blocked automatically and a corrective action (warning message or account blocking) implemented.
- Demonstrate PCI DSS and Australian Government Protective Security Policy Framework compliances: Payment card and healthcare industries are more prone to data breaches than any other. The scenario mentioned in the prior point is just one possibility of data theft. In this case, if an attack happens, it could compromise millions of credit card data or patient records. The best practice is to automate and demonstrate these compliance standards, and avoid regulatory fines or criminal proceedings. Protect your servers and databases.
- Identify insider threat: The easiest and the most damaging security compromise may happen from the inside. You must be alerted immediately on suspicious user activities. For example, when an employee logs on to a business critical server or core router, on a weekend. Or, gets his credentials enhanced or added to the admin user group without prior approval.
- Enable threat intelligence: Most common attacks such as malware, DDoS attacks and botnets are spread by bad hosts on the Internet. Collective intelligence on these bad actors can be utilized to proactively pinpoint security concerns like potential phishing attempts and infections, by monitoring suspicious traffic that might be going to the command and control servers.
- Practice knowledge sharing: Knowledge sharing among your peers, and also educating the users on common attack types, phishing sites and malware infections can fortify your security framework to a great extent. The threat landscape is constantly evolving, and collective knowledge helps in proactively avoiding common threat types.
In short, 2016, with the ever increasing number of users, data and network connections, is going to be more challenging than ever from a cybersecurity perspective. However, the right security strategy when combined with the key aspects listed above can be seen as a step forward in being prepared to tackle security threats.