Enterprise navigation in the dark era of cyber attacks and cyber security

What does the current cyber attack landscape look like, and and how can enterprises effectively change their patterns and secure their data?

While enterprise technology has seen major advancements around the world, the systems used to secure networks are, in comparison, frail and in need of attention. Cyber attacks on the other hand have kept pace with the technology and are becoming weapons of disruption.

Technology within the workplace has changed drastically over the past decade. While this change spells progress for businesses, that progress is being slowed by the rising tide of cybercrime. Just as tech solutions across organisations are evolving, so too are the hackers targeting organisations’ data. The latest WannaCry ransomware attacks are a perfect example of this; the fact is cyberattacks will only grow more sophisticated and powerful as time goes by, and this is not a problem any company can ignore.

>See also: 2 in 5 industrial computers faced a cyber attack in second half of 2016

People often blame technological progress for these cyber attacks, however the first part of the problem is businesses. The primary factor enabling increased threat surfaces are what businesses are doing, or rather to be precise, what they aren’t doing. While cybercrime has advanced, the company approaches to defending against it haven’t.

Here are some of the ways in which organisations are putting up a bullseye on themselves for hackers.

Outdated security measures

Endpoint security is something that needs to evolve with technology. Enterprises have adopted new technologies rapidly, but their endpoint security practices haven’t necessarily followed suit. And this is extremely dangerous.

How can yesterday’s security solution help prevent next year’s, or even tomorrow’s attack? Not proactively upgrading security solutions leaves enterprises with solutions that were viable in the past, but unequipped to handle the present or future malware world.

>See also: A credible threat: cyber attacks and stolen credentials

Cyber security practices

When an organisation’s cybersecurity plan begins and ends at their IT department, failure is evident. Especially in today’s world where remote workforce are a growing phenomenon and everything is connected.

Enterprises tend to assume that their staff have an understanding of cybersecurity practices and overlook the possibility that their IT department lacks complete control. All it takes is a single weak link for a security breach to happen – an employee who inadvertently downloads an infected document from a phishing scam, or another who leaves their company connected laptop unlocked and unattended while getting a coffee.

Next victim, not me

Too many enterprises operate on the dangerous presumption that they haven’t been attacked yet, so they’re good. Although misguided, this thinking is present across many industries. Ignorance is never bliss when it comes to cybersecurity. The more complacent the enterprise, the more that organisation is at risk.

However, the way businesses operate only forms part of the problem. The second and in no way smaller part is the threats themselves.

>See also: The cyber security industry is losing the cyber war

IoT and mobility

Smart technology exists and is the norm across enterprises these days. From mobile devices and mobile workforces to BYOD and smartphones, enterprises have had to become increasingly flexible within their infrastructure. Although this is great from the end users’ point of view, these changes add to the threats and possible vulnerabilities for any enterprise that chooses to leverage them.

Targeted attacks

While spam and phishing emails were commonplace intrusions in the past, today targeted and innovative attacks are the run-of-the-mill. Social media and emails are the number one distraction for workers and provide a lucrative entry point for cyberattacks. Imagine a worker using a Fantasy Football site or even Facebook in the workplace, and that being an attack surface for a cyber attack.

Attacks, attacks and more attacks

Cyber warfare has been dominating the news for the past few months. So far in 2017 alone, we’ve seen the likes of ransomware, NSA tools being used for cyber crimes and a large number of global sites under attack. The past was no better. Each past year pales compared to the next new year in terms of attacks and the lack of security measures in place to avert them.

>See also: The talent drought has led to costly cyber attacks on businesses

The bottom-line is that there is no escaping or shying away from cyber attacks. The best defense is to be prepared to the hilt. Here are three key measures all enterprises should be employing to help minimise and possibly mitigate these threats.

1. Keep critical data on-premises and encrypted

On-premises and encrypted data provides an enterprise with a greater sense of control compared with having their data in the cloud on third-party storage provisions. Encrypting on-premises data helps further lessen the blow of potential cyber threats while keeping your data secure.

2. Monitor systems in real-time

Investing in a good monitoring solution, which is deployed on-site provides IT departments with a proactive and reactive arsenal with which to fend off cyber threats. Monitoring systems in real-time while applying security policies enables IT departments to better control data and in turn their infrastructure.

3. Layer threat protection

A singular line of defense in the form a universal security policy is no help in mitigating today’s cyber attacks. Layering threat protection in the form of uniform security policies across all devices, multiple forms of authentication for users across the business, including remote branches and remote users, gives IT departments a better handle on security. Adding positive and negative threat detection with signatures to the security mix helps create a barrier from all angles.

>See also: Keeping the enterprise secure in the age of mass encryption

Let’s face it, no cyber security effort is going to be 100% effective or foolproof. The fact is that enterprises need to treat their IT security measures as a part of their risk management by adopting and updating their security tools to match technology advancements.

Keeping data secure and giving IT control while catering to the flexibility needs of the workforce is no easy task. After all, defense is one man guarding the ball and four others helping him. The only way to address the growing attack surface is to create a comprehensive strategy, integrated controls, end-to-end security mechanisms, monitoring, reporting and analytics.

 

Sourced from Pascal Bergeot, CEO of Goverlan

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...