Keeping Complex Threats at Bay
Guest written by: Harish Chib, Vice President, Middle East & Africa, Sophos
2016 saw a huge number and variety of cyberattacks, ranging from a high-profile DDoS using hijacked Internet-facing security cameras to the alleged hacking of party officials during the US election. We also saw a rising tide of data breaches, from organizations big and small, and significant losses of people’s personal information.
Unfortunately, many organizations still don’t have their security basics right. With the year almost over, we’re pondering on what can organizations do to protect against new threats.
We offer six measures organizations should put in place to help keep more complex threats at bay.
Moving from layered to integrated security. Many organizations now possess multiple solutions that were once best-in-breed but are now too costly and difficult to manage. Moving towards integrated solutions where all components communicate and work together will help to solve this. For example, if malware knocks an endpoint’s security software offline, network security should automatically quarantine that device, reducing the risk to your entire environment.
Deploying next-generation endpoint protection. As ransomware becomes ubiquitous and endpoints grow more diverse, organizations must refocus on endpoint protection. But signature-based solutions are no longer enough on their own, and can miss zero-day attacks. Choose solutions that recognize and prevent the techniques and behaviors used in nearly all exploits.
Prioritizing risk-based security. No organization possesses the resources to systematically protect everything, and 100% prevention is no longer realistic. Clarify the risks associated with each system, and focus your efforts accordingly. Risks change fast: look for tools that track them dynamically, and respond accordingly. But make sure those tools are easy and practical enough to use.
Automating the basics. You can’t afford to waste time running the same reports and performing the same security tasks you always have. Automate wherever it can be done simply and easily, so you can focus scarce resources on serious risks and high-value tasks.
Building staff and process to deter and mitigate social attacks. Since social attacks now predominate, educating users and involving them in prevention is now even more important. Focus education on the threats each group is likeliest to encounter. Make sure it’s up-to-date: outdated guidance on topics such as phishing can be counterproductive, offering a false sense of security.
Improving defender coordination. Cybercrime is organized crime: defense must be organized, too. That means choosing tools and processes that eliminate barriers within your organization, so everyone can respond quickly to the same attack. It may also mean looking for legal and practical opportunities to collaborate with other companies and the government, so you can mitigate widespread attacks and learn from others’ postmortems.