By Omar Rafik, SolarWinds Senior Manager, Federal Sales Engineering
Here’s an interesting blog about the need to keep a continued focus on security. I can’t agree more about training and security checks as a useful method of keeping staff on their guard. I’d add that an incident response plan is a useful and often overlooked part of the plan—which is now required for the feds.
November 30, 2018 marked the thirtieth annual Computer Security Day. Originally launched in 1988, the day was one of the earliest reminders of the threats facing modern technology and data.
Now, thirty years on, the threats facing organizations’ data are more significant than ever—from ransomware to hacking—while the sensitivity and volume of data grows each year. According to a recent survey conducted by IDC and Zerto, 77% of businesses have experienced a malicious attack in the past 12 months, with 89% of these being successful—demonstrating just how prevalent these security threats are. As Shannon Simpson, cyber security and compliance director at Six Degrees put it: “Cyberattacks have crossed over into the mainstream, and guarding against security breaches requires constant vigilance throughout your entire business, not just the IT team.”
The case for training
As security professionals, we are acutely aware of the tricks scammers may use—such as emails with fake bank details or ones made to look like they were sent from another company employee. However, it’s important to remember that not all employees are exposed to this on a regular basis. This is why experts strongly support ongoing training and education programs for employees to help empower them to avoid evolving scams.
Moving away from a fixed perimeter approach
A key factor in the move away from fixed perimeter security is the adoption of the cloud and the rise in cloud-based applications. Steve Armstrong, Regional Director at Bitglass, stressed that despite such applications making businesses more flexible and efficient, “many of the most popular cloud applications provide little visibility or control over how sensitive data is handled once it is uploaded to the cloud.” One of the primary vulnerabilities that Armstrong highlighted was the problem of misconfiguration such as in Amazon A3 buckets or MongoDB databases, pointing out that “given how readily available discovery tools are for attackers, ensuring corporate infrastructure is not open to the public internet should be considered essential for enterprise IT. To do this, Armstrong recommends that organizations should “leverage security technologies such as those provided by the public cloud providers,” all of which “provide visibility and control over cloud services like AWS.”
In addition, automation technology can help reduce the risk to data, both at rest and in transit, said Neil Barton, CTO at WhereScape. This is because “by limiting or negating the need for manual input, businesses can better protect against security vulnerabilities.” Meanwhile, using automation to take care of the basics can help free up IT staff “to ensure the data infrastructure is delivering results with security top of mind.”
The importance of testing plans and learning from mistakes
Providing IT staff with more time could be critical to one of the most vital aspects of security preparedness—testing. Stephen Moore, Chief Security Strategist at Exabeam, commented that “organizations that handle sensitive data must implement constant security checks, as well as rapid incident response and triage when needed.” This was a sentiment also voiced by Paul Parker, Chief Technologist, Federal & National Government at SolarWinds. Speaking about the need for cybersecurity in the public sector, Parker noted that “most important is developing and routinely testing your emergency response plan. Much like the UK’s Fire and Rescue Services practice fire response and life-saving services, organizations should also practice their network breach response.” His core advice to organizations in the current security threat landscape? “Don’t learn how to extinguish a fire on the fly.”
Finally, a sentiment echoed by several experts was the inevitability of organizations facing a cyberattack at some point in time. Gijsbert Janssen van Doorn, Technology Evangelist at Zerto, concluded: “Yes, protection is important; however, in a culture where attacks and downtime are no longer a matter of ‘if,’ but ‘when,’ these precautions are not enough. Organizations also need to be prepared for what happens after a disruption, and will be judged not only on keeping people out and data safe, but also on how quickly they are back to functioning as normal—how resilient they are.” Meanwhile, Parker concluded that, following an attack, “public sector organizations can use the insights garnered from the incident to learn, perfect, and prepare for the next one”—a sentiment as true for all businesses as those in the public sector.
Thirty years after the first Computer Security Day, it’s clear IT and security professionals find themselves in a much more complicated landscape than their predecessors. However, there is much that can be done to keep data safe, and businesses online—from moving away from the fixed perimeter approach to cybersecurity to ensuring regular training and plan testing, and even making sure organizations can get back online when something does, inevitably, go wrong. The key, across all aspects of security, is preparation.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community.
More than 150,000 members are here to solve problems, share technology and best practices, and directly
contribute to our product development process.