In the wake of the Cambridge Analytica scandal exposing up to 87 million Facebook users worldwide and more than 300,000 Australians’ private data used without their knowledge, consumers and companies alike are wondering how many other firms they do business with could follow a similar route.
Unfortunately, the truth is that organisations are still under-investing in the key areas of access controls and incident response. With Australia’s Notifiable Data Breach (NDB) legislation coming into effect in February, this aims to bring us in line with nations across the world which have similar laws in place to spotlight businesses with lax security.
Another common issue is that many existing security solutions do not adequately protect new, digital networks. To ensure you are able to protect your organisation optimally, you need to deploy solutions and strategies that can actively protect your critical data and resources from theft and compromise.
Here are few critical strategies every organisation needs to consider:
Thorough risk assessment
This helps ensure you are focused on protecting and monitoring what’s critical to your business. Network architectures and designs usually start off well, but over time grow in size and complexity, either making security solutions less effective, or more challenging.
There are a variety of frameworks available to guide you, such as ISO, CIS Critical Security Controls (SANS Top 20), and the NIST Cyber Security Framework, to assess the available attack paths to your critical data, including chaining vulnerabilities.
Practice good security hygiene
The vast majority of attacks target vulnerabilities which have had a patch available for at least three years, with some as much as ten years old. It is essential that every organisation begins patching every inventoried device immediately, followed by establishing of a formal patching and updating protocol. Ideally, this entire process needs to be automated, tracked, and measured.
Advanced threat intelligence also enables organisations to shrink the time to detect threats and close the gap between detection and response. This starts by using the threat intelligence already being gathered across your network, which requires security tools designed to share and correlate information and take coordinated action.
Educate your employees
Despite the clear risks that employees pose, recent research has shown that less than 50 percent of companies make security training mandatory for their employees.
It’s imperative that organisations take time to educate their workforce through continuous awareness training. Basic things they can do to reduce data breaches include teaching employees to recognise social engineering attacks, use strong and unique passwords, update and patch their devices diligently, not connect to unknown wireless networks, and not download apps indiscriminately.
At the same time, IT security teams need to take the reality of human error into account when planning and deploying their security solutions. While proper training can reduce human mistakes, it’s impossible to entirely eliminate them.
Deploy appropriate security tools
Signature-based detection tools allow you to quickly look for and block any attempted infiltration, or the execution of an exploit targeting known vulnerabilities. They are effective in complex environments such as zero-patch network segments where IoT and other interconnected devices that cannot be updated are increasingly adopted by organisations.
Not all threats have a recognisable signature and sophisticated attacks can circumvent protections and evade detection. This means you also need advanced threat protection tools like sandboxes that can detonated, disassemble, and identify zero-day malware variants, as well as correlate that data with the rest of your security infrastructure.
User Entity Behavior Analytics (UEBA) tools make it easier to identify internal security threats and find individual offenders. Another new trend is Content Disarm and Reconstruction (CDR) tools used for data sanitisation, which process incoming files, deconstruct them, and remove active content.
Protect your cloud operations
With cloud adoption gaining popularity in recent years, cybercriminals are now attempting to exploit enterprise technology by proliferating malware through the cloud. It is good practice for organisations to deploy three types of security for cloud.
- Endpoint security – it is important to secure network access points and all connected devices, particularly in an environment where IoT devices proliferate.
- Application security - application security controls use advanced threat protection technologies to ensure that both known and unknown vulnerabilities cannot be exploited. They also offer effective protection against DDoS attacks.
- Cloud security and CASBs – As firms increase their use of the cloud, security solutions must be able to scale alongside the cloud infrastructure to make sure that no malicious traffic is allowed to enter or cross a cloud environment, even as it shifts and expands to accommodate changes in traffic. Organisations should also use CASBs (cloud access security brokers) whenever they deploy new SaaS applications.
Close web-based attack vectors with web application firewalls
Many threats no longer enter the network through traditional avenues. Web-based attacks exploit the exponential growth in applications – especially those designed to query and mine for information directly in the data centre.
An effective way to close that gap is by implementing a web application firewall (WAF). These security devices are specifically designed to provide deep, high performance inspection of web application traffic far beyond what is provided by traditional next-generation firewall (NGFW) technology.
Segment your network
Given the fluid nature of networked ecosystems, and the wide-range of applications and data flowing across many networks, it is more important than ever to employ effective and secure network segmentation that prevents threats from spreading horizontally across your network. The goal is to create consistent policy and enforcement deep in the network, beyond the perimeter, to manage and secure the lateral movement of data and applications.
Things have got to change – are you ready?
Australian Information Commissioner (OAIC) has received 31 breach notifications in just three weeks after the country’s new mandatory data breach disclosure laws kicked in. While the scale and frequency of today’s data breaches is alarming, the attacks organisations suffer are not unique.
Far too many organisations with highly flexible and adaptable network environments still rely on isolated second-generation security solutions and strategies to protect them. However, today more than ever, security cannot be an afterthought.
It requires planning, people, and processes combined with adaptive security technologies designed to dynamically scale to today’s digital networks, see and coordinate across the distributed network, and automatically respond as a single, proactive defence system to address the advanced cyberthreats targeting them.
For more information on the Threat Landscape, access Fortinet’s latest Quarterly Threat Landscape report here.