November 30th marked Computer Security Day, an annual event designed to raise awareness and promote best practices in Information Security. With different types of attacks and threats emerging all the time, it’s important that all businesses and indeed individuals, are up-to-date with their computer security to ensure that they are able to mitigate any risks, should they occur.
With this in mind, International Security Journal spoke with seven IT experts, to get their advice and tips as to how best to ensure IT security.
Keep up-to-date and up with the times
As cyber threats continue to evolve, so should computer security. It’s important that businesses keep up with the latest technologies, implementing them before an attack should occur. Alan Conboy, Office of the CTO, Scale Computing states, “Ever since its advent in 1988, Computer Security Day has reminded us all of the importance of keeping online data safe and secure.” However, Alan goes on to say, “more recently, the news cycle has been flooded with organisations from airlines to banks and hospitals, even entire local governments, falling victim to ransomware attacks. Threats such as these are evolving at a horrific pace and they will continue to become smarter, more lucrative and increasingly devious in 2020. Where before organisations were able to avoid modernising their infrastructure defences due to the cost, now, it is more costly not to do so.
“This malicious momentum has grown significantly since 1988,” Alan continues, “and it’s now more important than ever for businesses to realise that traditional legacy tools are not only slowing their digital journey down but leaving them vulnerable to tactical and well-organised criminals. Organisations should take advantage of highly-available solutions, such as hyperconvergence and edge computing, that allow them to not only keep up with changing consumer demands, but deploy the most effective cyber defences, disaster recovery and backup.”
This is a notion that Jan van Vliet, Vice President & General Manager EMEA at Digital Guardian agrees with. He believes: “Technology is part of everyday life for most people in 2019. But with the ubiquity of cyber threats like phishing and ransomware, the security of our devices and data must also be part of everyday life and Computer Security Day is a good reminder of that.”
Jan goes on to stress that, “For businesses, computer security should always be front of mind. Regularly reviewing system settings and disabling unnecessary services that may leave them open to attack is a must. It is also absolutely essential that IT systems are constantly updated and free from known vulnerabilities.”
Additionally, as Jan comments, “Businesses also need to step up their phishing awareness efforts, including educating remote workers about attacks via SMS and smartphone apps. A method of good practice is to deploy software that can warn employees when a program attempts to download a file from the Internet or write a file to disk. Prompts can also help train users to recognise and report attacks in progress. Continued training initiatives are also very important in raising employee awareness and make them more cautious.”
Stephen Gailey, Head of Solutions Architecture at Exabeam also suggests a way to identify any attackers: “Almost all of the huge breaches we read about in the news involve attackers leveraging stolen user credentials to gain access to sensitive corporate data. This presents a significant problem for security teams. After all, an attacker with valid credentials looks just like a regular user. Identifying changes in the behaviour of these credentials is the key to successfully uncovering an attack. But in an age of alert overload, security teams are often overwhelmed and can struggle to make sense of the data in front of them. Applying User and Entity Behaviour Analytics (UEBA) to the data already collected within most organisations can help security teams connect the dots and provide a useful profile of network user activity. It may not stop you being breached but it will tell you about it before the damage is done.”
Ensuring cyber resilience
It’s not up for debate whether cyber protection is important, because it always has been. But, in a culture where attacks and downtime are now not a question of “if” but a question of “when”, only implementing protective precautions is simply not going to cut it. This is what Gijsbert Janssen van Doorn, Technology Evangelist at Zerto believes.
He comments, “As the odds of suffering from a cyber-attack grow, businesses need to ensure they are prepared for what will happen after a disaster. Because, in order to maintain a healthy reputation and pocket, organisations will need to do more than just keep people out and precious data safe. They will also need to demonstrate how cyber resilient they are by quickly returning back to functioning as normal and minimising the potential long-term impact of a cyber attack.”
So, not only should organisations be looking into prevention from cyber attacks, they also need to ensure they can bounce back from anything that does manage to penetrate the defensive walls. Additionally, companies need to ensure that those working in the cloud are apt at keeping security high. Anurag Kahol, CTO at Bitglass says, “Cloud adoption has continued to grow at an astonishing rate and while cloud-based tools and policies like bring your own device (BYOD) have improved businesses’ agility, they have also made sensitive data more accessible, presenting a significant IT security challenge. Unfortunately, in cloud-based IT environments, organisations often don’t have the right security measures in place, making it highly challenging to detect anomalous or careless employee behaviours.”
“In fact,” Anurag continues, “a recent Bitglass report found that while 86% of enterprises have deployed cloud-based tools, only 34% have implemented single sign-on (SSO), one of the most basic and critically important cloud security tools. As such, Computer Security Day serves as a good reminder for businesses to review and revise their approaches to data protection. By better understanding modern threats and deploying the appropriate security solutions, many of these risks can be mitigated and even eliminated.”
Safety for all, not just the few
When it comes to computer security, data protection is quite possibly one of the most important aspects for a company to focus on. Yet it’s not just about getting the right security in place. Employees themselves need to both know how the security works and how to apply it for their own personal use. After all, a business is essentially as good as its employees. Agata Nowakowska, Area Vice President at Skillsoft points out that, “Mobile platforms, Big Data and cloud-based architectures are creating significant challenges for data protection, but no challenge is higher up the corporate agenda than IT security. Even the most careful organisation is vulnerable. A smartphone or laptop inadvertently left on a train, or a well-intentioned lending of access privileges to an unauthorised user can have far-reaching consequences.”
Agata continues, “Security is the number one IT priority in nearly every business sector today, but the scarcity of security-savvy IT experts means many companies can no longer rely on hiring their way to a robust solution. Fortunately, there are a wealth of sophisticated education and training strategies now available that allow organisations to reward and retain employees whilst simultaneously improving corporate security from within. From expert-led instruction to continuous hands-on experiential learning, organisations are putting in place complete frameworks for training and certification that can tighten corporate IT security, making them less vulnerable to both external attacks and insider threats.”
This is something that Steve Nice, Chief Technologist at Node4 agrees with. He states that, “The standard response to Computer Security Day will be about how it’s important to install anti-virus, ensure software is up-to-date, enable two factor, not to download apps from emails, have strong unique passwords and not to enter your credentials from a link sent via email.”
“However,” Steve concludes, “looking forwards, cyber criminals will begin to employ big data analytics to feed AI systems that target their prey more efficiently for phishing emails. At the moment it’s still untargeted – even if it is directed at a specific company – and the hit rate is very low. Cyber criminals will continue to use phishing emails to deliver ransomware to target businesses, as they know that their assets are valuable and to continue working they have to pay. But, what we’ll see is this activity spreading to household users who will have their cars and homes targeted. Wouldn’t you pay to get control of your car or home back? It’s a few years off, but it’s inevitable.”
When it comes to computer security, it’s best to make sure that your company has up-to-date technology installed, all employees know how to utilise it and they know how to stay safe themselves. Cyber resilience is key and being able to bounce back from any type of attack, threat or risk is vital for a company’s success.