cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Computer Security Day: Suggestions for Today’s Data Threats

Level 13

By Omar Rafik, SolarWinds Senior Manager, Federal Sales Engineering

Here’s an interesting blog about the need to keep a continued focus on security. I can’t agree more about training and security checks as a useful method of keeping staff on their guard. I’d add that an incident response plan is a useful and often overlooked part of the plan—which is now required for the feds.

November 30, 2018 marked the thirtieth annual Computer Security Day. Originally launched in 1988, the day was one of the earliest reminders of the threats facing modern technology and data.

Now, thirty years on, the threats facing organizations’ data are more significant than ever—from ransomware to hacking—while the sensitivity and volume of data grows each year. According to a recent survey conducted by IDC and Zerto, 77% of businesses have experienced a malicious attack in the past 12 months, with 89% of these being successful—demonstrating just how prevalent these security threats are. As Shannon Simpson, cyber security and compliance director at Six Degrees put it: “Cyberattacks have crossed over into the mainstream, and guarding against security breaches requires constant vigilance throughout your entire business, not just the IT team.”

The case for training

As security professionals, we are acutely aware of the tricks scammers may use—such as emails with fake bank details or ones made to look like they were sent from another company employee. However, it’s important to remember that not all employees are exposed to this on a regular basis. This is why experts strongly support ongoing training and education programs for employees to help empower them to avoid evolving scams.

Moving away from a fixed perimeter approach

A key factor in the move away from fixed perimeter security is the adoption of the cloud and the rise in cloud-based applications. Steve Armstrong, Regional Director at Bitglass, stressed that despite such applications making businesses more flexible and efficient, “many of the most popular cloud applications provide little visibility or control over how sensitive data is handled once it is uploaded to the cloud.” One of the primary vulnerabilities that Armstrong highlighted was the problem of misconfiguration such as in Amazon A3 buckets or MongoDB databases, pointing out that “given how readily available discovery tools are for attackers, ensuring corporate infrastructure is not open to the public internet should be considered essential for enterprise IT. To do this, Armstrong recommends that organizations should “leverage security technologies such as those provided by the public cloud providers,” all of which “provide visibility and control over cloud services like AWS.”

In addition, automation technology can help reduce the risk to data, both at rest and in transit, said Neil Barton, CTO at WhereScape. This is because “by limiting or negating the need for manual input, businesses can better protect against security vulnerabilities.” Meanwhile, using automation to take care of the basics can help free up IT staff “to ensure the data infrastructure is delivering results with security top of mind.”

The importance of testing plans and learning from mistakes

Providing IT staff with more time could be critical to one of the most vital aspects of security preparedness—testing. Stephen Moore, Chief Security Strategist at Exabeam, commented that “organizations that handle sensitive data must implement constant security checks, as well as rapid incident response and triage when needed.” This was a sentiment also voiced by Paul Parker, Chief Technologist, Federal & National Government at SolarWinds. Speaking about the need for cybersecurity in the public sector, Parker noted that “most important is developing and routinely testing your emergency response plan. Much like the UK’s Fire and Rescue Services practice fire response and life-saving services, organizations should also practice their network breach response.” His core advice to organizations in the current security threat landscape? “Don’t learn how to extinguish a fire on the fly.”

Finally, a sentiment echoed by several experts was the inevitability of organizations facing a cyberattack at some point in time. Gijsbert Janssen van Doorn, Technology Evangelist at Zerto, concluded: “Yes, protection is important; however, in a culture where attacks and downtime are no longer a matter of ‘if,’ but ‘when,’ these precautions are not enough. Organizations also need to be prepared for what happens after a disruption, and will be judged not only on keeping people out and data safe, but also on how quickly they are back to functioning as normal—how resilient they are.” Meanwhile, Parker concluded that, following an attack, “public sector organizations can use the insights garnered from the incident to learn, perfect, and prepare for the next one”—a sentiment as true for all businesses as those in the public sector.

Thirty years after the first Computer Security Day, it’s clear IT and security professionals find themselves in a much more complicated landscape than their predecessors. However, there is much that can be done to keep data safe, and businesses online—from moving away from the fixed perimeter approach to cybersecurity to ensuring regular training and plan testing, and even making sure organizations can get back online when something does, inevitably, go wrong. The key, across all aspects of security, is preparation.

Find the full article on Information Security Buzz.

The SolarWinds trademarks, service marks, and logos are the exclusive property of SolarWinds Worldwide, LLC or its affiliates.  All other trademarks are the property of their respective owners.

14 Comments

I heartily support the idea that training is required, and that it should be recurring regularly to refresh users' ability to recognize existing schemes, and to introduce them to new ones.

Level 14

Thanks for the article. Certainly testing and learning from mistakes is of the utmost importance!

Level 11

Our security team will send out random phish emails to test users.  It works pretty well by opening dialog when someone asks 'Is this legit?'

Level 16

Thanks for the write up.

Level 14

Test... test...test.... analyze...train.... test.

MVP
MVP

Thanks for the article

Level 13

Thanks for the article.

Level 20

All of these things are now required for anyone working on Federal Networks in the USA.  If it's the DoD then it's even more requirements.  In addition to security certifications it's now also certificates in any technical discipline we work with.

Level 14

Training users.  Reminds me of the old saying.

You can lead a horse to water but you can't make them drink.

MVP
MVP

orafik Omar, I really appreciate you taking the time to write this article.. I have gone for the full article to add fuel for my security pursuit.

Level 13

Old saying "Try before you buy"  or test the crap out of it.

MVP
MVP

Testing plans and learning from mistakes - SOOO appropriate today.

This morning we upgraded some firewall clusters with one of our customers. The first one went well - Woo Hoo!, the second one went just as well - Woo Hoo!, the third one went well - Woo OOPS - George appears (He's their workstation team lead) "Um, a bunch of sights just went down." No problem we'll just roll back . . .  insert 3 hours of hair pulling and "assistance" by the vendor support. (pardon me for chasing a rabbit - but why in the world would you assign a site down ticket to a tier one tech???) Yes, 3 hours and 3 tech before one just threw out "let's reinstall the upgrade." Not for any reason, just a let's try it.

Long story short the reinstall did fix this issue, but in all the investigation we found an underlying issue - As long as host1 is the master the "cluster" works fine, but if you fail over to host2 the communication breaks - so there is an underlying issue that was the root of the matter. So we are adding checks for such things to our implementation plan for future upgrades.

MVP
MVP

tallyrich​ ahh the joys of upgrades and failover in production.  Now granted you can only test so much in dev or test environments as production always seems just a little bit different. 

Level 9

Training is definitely a key to a successfully operational organization. Customers as well as service members for my organization are constantly training and tested to maintain awareness across the Network!