The dawn of the Internet brought with in many things, including the birth of cybercrime – providing criminals with a new way of conducting wrong-doings. There’s also no doubt that cyber-attacks, whether internet or intranet-based, continue to grow in sophistication. Unfortunately, cybercrime costs the UK economy £21bn a year, affecting businesses, enterprises and organisations, everywhere.
In light of this, businesses need to be able to understand what can be done to safeguard and protect the confidentiality, integrity and availability of their information assets – especially as end users are becoming more mobile, moving sensitive data along with them. However, the disturbing reality is that many small and medium enterprises (SMEs) are unaware of, or appear unconcerned by, the security risks they face with regards to information assurance.
These risks have been increased by the latest trends such as Bring Your Own Device (BYOD) and the increased usage of uncontrolled and unauthorised, internet based file repositories, such as Dropbox in the enterprise – which are rapidly being incorporated into the workplace. In fact, this move towards a more flexible style of IT governance, combined with an increasingly mobile culture, is creating a lucrative portal for cyber criminals to exploit – offering them a far lower likelihood of prosecution when compared to traditional crimes.
However, as business users start to use multiple mobile devices more expansively than ever before, IT departments have to keep up with the pace of change, by finding ways to combat this problem. An effective security defence is required; one that is a nimble tactical approach that can react rapidly to the threat of a security breach and act decisively and automatically when a response is required.
Moreover, businesses need a strategic approach to cyber security to balance risk management with business opportunity. Even the smallest businesses need to learn from previous infiltration, exfiltration and business disruption attacks and take practical steps to combat cyber threats.
Traditional cyber security measures remain critical – patching regime, antivirus, perimeter defences are all necessary – but contemporary threats demand enhanced and innovative responses if they are to deter hackers; indeed, one must now assume that someone ‘will’ get in. One thing that may help is having an agile cyber security solution that is designed to consider eventualities before they occur and deal with them when they do.
Once a secure and effective solution is in place – one that works with the business – companies can reap a number of benefits including: fast breach identification, contained and isolated localisation of issues, rapid and automated resolution and uninterrupted productivity – without full system lockdown and full incident lifecycle visibility to support impact analysis.
There’s no doubt that hackers are getting smarter. It’s no longer feasible to only do patch updates on current systems and hope that this will do the job. By bringing in additional defences and responsive technologies, for instance, non-signature based malware detection, application execution control or even a virtual security engine that can adapt to business changes, organisations can build a defence-in-depth capability. IT departments need to learn to identify both internal and external threats or engage someone with the necessary skills to get the job done.
In the wake of consumerisation, no matter the size of the company, you need cyber assurance.
By John Green, CTO at Prolinx