Your organisation's Internet connection is now a critical part of your business. It provides email for communications with customers and suppliers alike. Web applications like wetransfer.com allow us to send and receive files too big to email, web browsing gives us instant access to billions of pages of information from websites all over the world and allows e-commerce storefronts to be open 24x7.
Unfortunately, along with the good also comes the bad. Throughout our working lives we now have to contend with Cyber-Security, we're told not to open attachments from none trusted sources or answer emails from people asking for passwords. We all like to think we have a handle on the cyber risks were exposed to, we think we can spot a phishing email and nobody would double-click a .exe file attachment in an email. Unfortunately, fewer threats arrive in such an obvious way these days. Criminals have evolved the way they attack organisations and the expectations of the proceeds. Often the data held within an organisation are the crown jewels for cybercriminals. The ability to use the organisation's resources nefariously can also be the primary goal. Botnets, cryptocurrency mining and harvesting of credentials can all be done as background tasks, potentially displaying few signs of infection. Other infections such as ransomware have a more immediate effect and can be devastating to a business.
Many organisations aren't evolving cyber-security defences at the same speed as the as cyber-criminals are evolving attacks. A business's primary concern is likely focused on growth and profits, not cyber-security. The unfortunate effect of this leaves organisations open to the attacks mentioned above.
What can be done to help resolve the problems?
The best solution to the Cyber-security problem is to defend on several fronts, this is sometimes known as multilayer security. No matter how small or large your home is, we all have a front door to protect the contents. The cyber front door is the firewall. The trick is to stop the things we don't want getting in at the front door; while allowing the things we do. The router bundled in from an Internet Service Provider (ISP) may come with some simple firewall capabilities, but in terms of defence against modern cyber-threats offers slim to no protection. These firewalls typically performed stateful port filtering, which doesn't help with the attacks we've discussed.
A Next Generation Firewall (NGFW), unlike the bundled firewalls provided by most ISP, typically have the necessary security features to protect organisations from previously known threats.
NGFW provide, Intrusion Protection System (IPS) normally used to stop known inbound attacks, Web Content Filtering (WCF) to stop access to malicious websites, Data Leak Prevention (DLP) to ensure sensitive data does not leave an organisation and Anti Virus (AV) to block virus infected web pages and emails. NGFW can be augmented with Sandbox technology to protect against 'Zero Day threats', these are threats which have just been released and won't have IPS or AV signature yet.
An additional layer of defence is to protect the individual endpoints. Larger than ever numbers of workers are now using laptop PCs, MacBooks and tablets outside the office. They are used in locations which often provide raw unprotected Internet, then these devices are brought in to offices when they could be infected with malware and have the capacity to infect other devices within the organisation. Adding endpoint protection to these devices with features like WCF, Application Firewall, Anti Virus, vulnerability scanning, VPN and Sandbox integration significantly reduces the potential for infection in the first place, giving off-site workers the same level of protection as internal workers.
Secure access for both internal and remote users is often forgotten or overlooked. In the past, we needed to be sitting at a desk to gain access to the network, now we can gain access just as easily from outside the office in the car park via the WiFi or from any coffee shop on the other side of the world. This, of course, means the car park or coffee shops can be used to try and gain unauthorised access. Social engineering and phishing have tricked many people into revealing user id and passwords. Many organisations implement Active Directory (AD) single-sign-on so stop users having to remember several user ids and passwords, which is good, from the perspective of ease of use, but has a downside in terms of security. Multi-Factor Authentication (MFA) can be used to augment AD credentials. Once you have entered your primary user id and password, you would be prompted to enter the second level, this could be a physical token or a mobile phone app. Ensuring the person who enters the user details is the person they say they are.
Once you have strengthened your Cyber Security, you'll need to know when you have been attacked, what method was used and by who. Analytics is one of the most overlooked parts of Cyber Security, but also one of the most important. Without good visibility, its impossible to know if a vulnerability has been exploited. Often attackers need time to look at an environment to determine which assets they would like to exploit. Logging and archiving and reporting is not only important for detection and remedy but also key for GDPR compliance.