[metaslider id=2951] … Read More
Archives for August 2016
The 3 Biggest Mistakes in CyberSecurity
August 23, 2016 – Chris Moschovitis – Information Management
Everyone, from the small business owner, to senior executives in businesses of every shape and size are confronting a seemingly insurmountable problem: Constant and rising cyber security breaches. It seems no matter what we do, there is always someone that was hacked, a new vulnerability exploited, and millions of dollars lost.
In an effort to stem the tide people have tried everything: From throwing money at it by buying the latest and greatest tech gizmos promising security, to outsourcing cyber security management, to handing it over to the IT folks to deal with it. And, every time the result is money lost, productivity decreased, and the attacks continue.
Many business people complain that we’re not just losing a battle here and there. We’re losing the war. Is that true?
The truth is that those that keep losing their cyber battles and risk losing the war are making three critical mistakes:
1. They think cyber security is a technology problem.
2. They follow a cyber security check list once-and-done.
3. They don’t have a cyber security awareness training program in place.
First, cyber security is not a technology problem. Far from it. It is a business-critical problem, and more importantly: It’s a people problem, and we need to address it at that level.
Second, cyber security is a constantly evolving battlefield. The threats evolve, the attacks take new paths, the underlying technologies change. A static check list solves yesterday’s problems, not today’s, and certainly not tomorrow’s.
Finally, if people don’t understand the threat they will not even see the attack coming, much less be able to respond and protect themselves. Cyber security awareness training is the only way to prepare everyone for the new reality we live and work in.
Cyber security is not an IT problem either, according to Prosyn. It is a risk management problem. This is easier to understand in your work and in a regulated industry. Therefore, the concept, language, even governance of risk management is part of the daily lexicon. This is why it’s so important that you understand how to respond to risk as well as being aware of what the risks may be before they occur.
Not so with small and mid-market businesses less familiar with the risk management function. It doesn’t help that the very nature of the threat and the way the “payload” of the attack is delivered is via information technologies. It almost makes sense to have IT deal with cyber security. But the victims are not the computers. The victims are the businesses and their people.
More importantly: A company’s Information Technology generates Value. It does so through myriad different ways depending on the business you are in, from the actual delivery of goods to clients (e.g. software businesses, data businesses, media, and technology businesses, etc.) to complementing, enhancing, and realizing the mission and vision of the company (law firms, manufacturing, logistics, healthcare, etc.) Owing to these security breach issues, many businesses tend to opt for services of reliable service providers like Privacera (https://privacera.com/products/centralized-access-control/) and similar others. By having centralized and secure access to all the data of the business, they are most likely to be not affected by cybercrime.
That said, externally sourced IT management could do a better job at regulating data security as well as other IT-based functions. As they are professionals in the field, software facility management may be leveled and managed properly. Besides, the risk involved in such functions may be taken up by the IT outsourcing company, which means that external threats may be mitigated without client company involvement.
Cyber security, like all risk management, is there to protect value. Therefore, you can never have cyber security (the value protector) report to IT (the value creator). That creates a conflict of interest. Just like IT reports directly to the CEO, so must cyber security. They are parallel tracks keeping the business train aligned and moving.
Once you have the reporting structure correctly in place, you need to empower it with executive buy-in and engagement. Cyber security needs your direction on company goals and risk appetite so they can develop the right strategy to protect the company’s assets. Cyber security professionals, working with the board and executives, including IT and business units, will develop the right defense-in-depth strategy that is right for the company.
Cybersecurity is a crucial component of a defensive strategy for businesses that operate online, like e-commerce stores. It is likely that you will need to protect your website or mobile application from cyber threats if you operate such a store. In order to accomplish this, you may need to develop a strong security system to protect customer data and transactions. In the event that you do not have enough funds, you can consult with companies that provide ecommerce financing options to fund your cybersecurity development.
Cyber security doesn’t happen in isolation. It is not a set check list. It is dynamic, adjusting strategy to risk, asset value, and controls. As market conditions change, as company goals change, and as technology changes, so will the cyber security strategy.
Neither structure nor strategy will help if you ignore the most important element in cyber security: People. In 2016 ISACA published the top three cybersecurity threats facing organizations in that year. They were, in order: 52% Social Engineering; 40% Insider Threats; 39% Advanced Persistent Threats.
Excluding the advanced persistent threats typically targeted against large multinationals, governments, military, infrastructure and the like, the other two have one common element: People.
It is people that become the victims of cyber-attacks, and by extension, the businesses they work in or do business with. Be it through social engineering, extortion, or any of the many vulnerabilities that hackers can exploit, it is people that get compromised first. They are the ones that have to pick up the pieces when all the data is gone or when their identity is stolen.
The good news is that cyber security awareness training is one of the most effective controls against hackers. Training and sensitizing people to the threats, the methods used, vulnerabilities, even their own personal privacy risks, has been proven time and again as the one thing that makes a real difference in early detection, quick response and recovery during a cyber-attack. Having a quarterly lunch-and-learn will go a long way in developing a culture of cyber awareness, saving both your business and your employees from cyber-harm.
Avoiding these three mistakes in cyber security won’t help win every single battle. But it will guarantee you win the war.
Cyber Threat and Vulnerability Assessment
A NetSHIELD Cyber Threat and Vulnerability Assessment can help you to understand: Baseline Security–who and what is really on your network. Build a trust list and identifying unknown and unwanted assets
Threat Prevention – identify zero-hour malware not detected with AV. Capture, in real time, successful phishing attacks with no false positives. Ensure IT and employee productivity and create tangible, teachable moments for reinforcing employee cyber-awareness.
Vulnerability Assessment and Compliance Report – discover and prioritize vulnerabilities that exist on your network and run compliance assessments for PCI, HIPAA, SOX, etc.
Sign up for 7 days of auditing and monitoring.
LogRhythm Named a Leader – 5th Consecutive Year
LogRhythm Named a Leader for Fifth Consecutive Year in Gartner Magic Quadrant for Security Information and Event Management (SIEM)
LogRhythm recognized for completeness of vision and ability to execute
BOULDER, Colo.–(BUSINESS WIRE)–LogRhythm, The Security Intelligence Company, today announced that it has, once again, been positioned as a Leader by Gartner, Inc. in the 2016 “Magic Quadrant for Security Information and Event Management” research report. This is the fifth consecutive year that Gartner has recognized LogRhythm as a Leader among SIEM providers.
“Organizations are under immense pressure to quickly detect, respond to and neutralize increasingly sophisticated cyber threats,” said Chris Petersen, CTO and co-founder of LogRhythm. “We are honored to be recognized by Gartner and believe this year’s placement in the Leaders quadrant for SIEM speaks volumes about our leadership in the market, and our ability to address the most pressing customer needs in the areas of threat management, security and compliance. I believe this report validates the excellence and dedication of our engineering and product teams. With our latest up-and-to-the-right movement in the leadership quadrant, it is crystal clear that LogRhythm is delivering on our promise to help companies around the globe neutralize today’s cyber threats.”According to Gartner, the SIEM Leaders quadrant is composed of vendors that provide products that are a strong functional match to general market requirements, have been the most successful in building an installed base and revenue stream within the SIEM market, and have a relatively high viability rating (due to SIEM revenue or SIEM revenue in combination with revenue from other sources). In addition to providing technology that is a good match to current customer requirements, Leaders also show evidence of superior vision and execution for emerging and anticipated requirements. They typically have relatively high market share and/or strong revenue growth, and have demonstrated positive customer feedback for effective SIEM capabilities and related service and support.
LogRhythm’s security intelligence and analytics platform unifies next-generation SIEM, including log management, network monitoring and forensics, endpoint monitoring and forensics security analytics, and user, network and endpoint behavioral analytics. In addition to protecting customers from the risks associated with cyber threats, LogRhythm provides innovative compliance automation and assurance, and enhanced IT intelligence.
5 cybersecurity practices to pursue in the second half of 2016
To protect sensitive data, businesses must take the time to refocus on best practices
In the past five years, businesses of all sizes have realized just how vulnerable they are to cyber attacks.
The astonishing increase in the number of attacks each year troubles corporate leaders, IT professionals and chief information security officers, who see their security efforts foiled by hackers.
The number of large corporations targeted since 2015 is proof that everyone is vulnerable. Wherever you look, there is an Ashley Madison, Home Depot or JP Morgan Chase breach that makes you realize just how precarious security structures are.
In sports, teams regroup at halftime and get back to work in the second half with a refocused goal of finishing the game strong. The same holds true for security practices. To help businesses beef up security in the second half of 2016, here are some ideas to keep data safe:
1. Be aware of stored data
It is astonishing how many big firms do not know they have huge chunks of data in their systems. Technologies such as the Internet of Things contribute a lot to this, but company data should be handled better overall. Knowing what is stored in their systems would provide companies with information about which data needs to be protected most against threats.
2. Focus on protecting data
The biggest cases of 2015 related to data breaches of global services and corporations. Business owners think that beefing up firewalls and security perimeters is the answer, but they couldn’t be more wrong. Protecting their data should be the priority. Secure encryption is vital to prevent data from being compromised easily should the corporate network be breached.
3. Address the mobile threat
Many corporations allow employees to use their personal devices in the workplace. It’s safe to assume that most employees do not take the necessary security measures for their mobile devices. This puts corporate data on such devices at great risk. IT administrators need to have better-not more-control over such devices.
4. Spread awareness
It’s always good to make employees companywide aware of the threats they face. Talking with employees regularly about new and emerging threats and sharing ideas about improving security is good practice. You can also provide your employees some basic cybersecurity training and assess your employees’ skills to judge how much more you will have to work on securing all your business networks and sensitive data.
5. Take insider threats seriously
You could shell out millions of dollars trying to protect your network from outside threats only to be undone by an employee who clicks on a nefarious link and compromises sensitive data. Hackers regularly send malicious emails to many employees in a firm in hopes that one of them falls for it-and someone frequently does. Encourage employees to be more vigilant since such emails often can easily be spotted.
Reprinted from ThirdCertainty Guest Essay by Oscar Marque
Sophos Server Protection Gets An Update
Sophos Server Protection is now in Sophos Central – adding Next-Generation Malware Prevention and detection techniques for server environments.
Solid server security starts with good operational hygiene, which includes restricting who and what can reach the server, and what applications can run.
Sophos has now made it easier in Sophos Central Server Protection with the inclusion of:
- Malicious Traffic Detection on both Linux and Windows servers: Malware frequently connects to remote servers for further instructions, updates or uploads of data. Malicious Traffic Detection, or MTD, monitors traffic for signs of connectivity to known bad URLs. If malicious traffic is detected, suspect executables are scanned on all servers licensed with Sophos Central Server Protection Advanced and can be blocked on Windows servers.
- Peripheral Control: For physical servers, good operational hygiene should include limiting access via peripheral devices, including removable storage, modems and devices such as phones, tablets and cameras. With Sophos Central Server Protection, customers can monitor (Standard license) and block (Advanced license) the use of peripheral devices for their servers with ease.
- Application Control: You can now define policies to allow or block certain categories of known applications on servers. This is in addition to our Server Lockdown feature, which doesn’t allow any applications to run other than those explicitly allowed. (Applicable for Windows servers with Advanced licenses).
- Download Reputation: Sophos provides a trustworthiness score for each downloadable file, based on SophosLabs research, giving you reassurance that you are downloading only safe files to your server. This is now available with either the Standard or Advanced licenses on Windows servers.
You can get a free trial of Central Server Protection Advanced here. Customers of Central Server Protection Advanced will automatically receive these updates.