There is a persistent threat of cyber-attacks; and enterprises are becoming increasingly aware of this threat. Since cyber crimes have grown in complexity and variety, enterprises need to come out of their comfort zones and make proactive cybersecurity investments to stay ahead of the attackers. Here’s a look at what companies can do to actively prevent cyber-attacks on their data.
1.Comply with industry best practices as outlined in EU’s General Data Protection Regulation
Although cybersecurity has become avant-garde, the basics still matter. Any investment to classify sensitive data, identify where it resides, and protect it can never be understated. A sound data and security administration policy, with prompt notifications, is the backbone on which such an approach rests.
Relevant in this context is European Union’s General Data Protection Regulation (GDPR), the new data protection framework, which is slated to go live on May 25, 2018. GDPR empowers data subjects with the “right to erasure”, obliging enterprises to erase the subject’s personal data in certain situations. Among other provisions, companies would need to designate a data protection officer, and notify supervisory authorities of a data breach within 72 hours of knowledge. Other GDPR compliance requisites are – installing data discovery tools for better perception of sensitive, unstructured data, such as its location, volume, context and risk. They would also need to deploy data classification tools to handle sensitive data better.
GDPR is based on industry best practices, and as such, complying with its provisions makes for sound security practices and a worthwhile investment, even if the enterprise is not bound by European Union’s strictures. PwC estimates that 77% of US multinational companies have designated about $1 million for GDPR readiness (1). In fact, a majority of these – 68% – have earmarked anywhere between $1 million and $10 million for the purpose
2. Provision for the enhanced risk brought about by IoT
Gartner estimates that by 2020, more than 25% of enterprise attacks will involve IoT, though IoT will account for only 10% of IT security budgets (2).
The Internet of Things (IoT) is all set to unleash big disruptions; but all such disruptions will not be positive. Enterprises have no option but to make changes to their enterprise architecture to adopt IoT. Such changes often create new threats and enhance old vulnerabilities. Many enterprises and vendors are blinded by the short-term expediency of making the new IoT deployment usable, overlooking long-term security considerations.
Authentication is a perennial weak-spot. According to Gartner, by 2018, more than 50% of Internet of Things (IoT) device manufacturers will succumb to threats arising from weak authentication practices. Enterprises need to comprehensively review their identity and access management policies, and invest in advanced authentication tools such as biometric access. They also need to invest in products promoting an environment of continuous trust, without degrading the user experience.
IoT accentuates the botnet risk as well. Millions of IoT devices, from routers to DVRs, and from security cameras to medical devices, are already infected with malware. In the process, these devices become susceptible to being used for carrying out DDoS attacks. Enterprises would do well to deploy Distributed Denial of Service (DDoS) protection tools, and be prepared for the eventuality of the enterprise systems coming into the cross hairs of an IoT botnet.
Hybrid DDoS security solutions integrate on-premises and cloud protection. These deployments analyze data pertaining to bandwidth usage, SSL inspection, behavioral analytics, and other statistics to provide early warning signals of an attack, and mitigate threats at multiple levels of hardware – upstream and across cloud-based services.
Read: Tackling security issues in Consumer Internet of Things
3. Counter the menace of ransomware
Ransomware has grown to become one of the major cyber-threats faced by enterprises. In 2016, the FBI had estimated that enterprises will be paying a whopping $209 million to ransomware criminals in the first quarter of that year alone (3). About 40% of enterprises hit by ransomware in 2015 paid up, finding it cheaper to pay the ransom than lose the data, with all its implications.
Encouraged and emboldened by such success, ransomware operators have become more and more sophisticated, and have made the technology stealthier. In fact, there are now “Ransomware as a Service” (RaaS) providers, who host ransomware toolkits in the cloud, and sell access on a subscription basis.
Enterprises need to take effective steps to foil ransomware attacks rather than simply pay up, which would fuel more greed and exacerbate the situation for everyone.
Investing in strong backup systems allow enterprises to thwart attempts by ransomware operators to capture a company’s non-sensitive data. However, ensuring ransomware operators do not gain access to company operations, and worse, get their hands on sensitive data, is a far bigger challenge.
Read: Largest Ransomware Attack Observed in History
A sound approach is to upgrade from conventional signature-based solutions, such as anti-virus, host IPS and heuristics, to advanced endpoint detection and response (EDR) controls, such as continuous endpoint recording, live endpoint investigation, customized detection, remediation, and rapid attack banning. The four key areas of security investments in this front are threat prevention policies, threat detection and response tools, endpoint monitoring and management measures, and digital forensics. Enterprises need to complement such efforts with threat intelligence, and offer awareness training to employees and other stakeholders accessing enterprise systems.
4. Relook at the Overall Security Architecture to Counter the Menace of Shadow IT
The cloud is soaring in popularity, with about 85% of enterprises now storing sensitive data in the cloud. Many enterprises nevertheless remain oblivious to the unique security threats posed by cloud based resources. The danger is compounded by Shadow IT, or unauthorized provisioning of cloud services, as employees circumvent official policies and restrictions for convenient shortcuts. As per Gartner predictions, by 2020, one out of every three successful attacks on enterprises will be by their shadow IT resources. (4)
Enterprises can counter the cloud and shadow IT-based threats by realigning security to focus on securing the data itself rather than the storage location. Many enterprises now invest in cloud access security brokers (CASBs), a policy enforcement point – which acts as a gatekeeper – and is placed between the on-premises infrastructure and the cloud infrastructure.
5. Opt for Self-Testing and other Agile Interventions to Complement the DevOps Approach
Many enterprises are now adopting the DevOps approach to development and deployment of software to be more agile and competitive. The security approach of self-testing, self-diagnosing, and self-protection, without waiting for distinct extraneous interventions, perfectly complements the DevOps approach. By 2020, 40% of enterprises engaged in DevOps would secure developed applications by adopting such security measures.
Enterprises should invest in automation and orchestration technology, to enhance the productivity of their security engineers, minimize the mean time to resolution (MTTR), and forge strong integration among the diverse security products and tools deployed to defend against agile threats. The success of automation depends on a high level of maturity in key security deployments, such as a next-generation firewall (NGFW), security information and event management (SIEM), patch and vulnerability management, and data loss prevention (DLP).
Enterprises would also do well to identify security policy gaps, and develop data security governance (DSG) programs at the enterprise level. Seeking out cyber insurance may also be a good idea.
Security is never set in stone. Enterprises seeking to stay ahead of cyber criminals must be on their toes always. They need to make tweaks to their security approach to factor in the emerging threats caused by changes in technology, their business, and other intractable external factors.
Reference:
- 1. http://focus.forsythe.com/articles/540/Top-5-Cyber-Security-Predictions-for-2017
- 2. https://www.forbes.com/sites/gartnergroup/2016/08/18/top-10-security-predictions-through-2020/#58af3bb65b39
- 3. http://focus.forsythe.com/articles/540/Top-5-Cyber-Security-Predictions-for-2017
- 4. https://www.forbes.com/sites/gartnergroup/2016/08/18/top-10-security-predictions-through-2020/#58af3bb65b39