After some very public problems on Census night, IT security has been well and truly shoved into the spotlight. While fortunately, most of us don’t have the eyes of the entire nation on us while we go about our jobs, breaches can draw very unwelcome attention to lower profile organisations. For the unprepared, attacks can be catastrophic to a business in terms of reputation.
As cyber-criminals adapt their methods and constantly create new attacks, vendors engage in a game of cat-and-mouse to try to stay one step ahead. While on the plus side, this means that new products offer unprecedented security features, the potential downside is complacency.
Think about it. Some of the world’s biggest companies – with enormous budgets at their disposal – have been penetrated. While you may not attract such concerted efforts as the CIA or the Bank of America, there is a trend towards casting the net wider to catch a larger number of smaller prey. After all, while major corporations and governments have significant resources to hunt down cyber-criminals, law enforcement agencies may have few resources to address thousands of smaller crimes.
Put simply, if anyone tells you that your defences cannot be breached, they’re being economical with the truth. You can definitely work to present the smallest possible target, but that is only a part of the story.
Cisco’s Mid-Year Security Report 2016 highlights the need for high visibility and fast time to detection (TTD) of known and emerging threats. This is a sensible approach. In many cases, once in a system, cyber-criminals are not detected for days, or even months. The ramifications for the businesses involved are huge. Those businesses without a solid plan may never recover.
If a huge amount of effort to infiltrate your systems only results in promptly being detected and shut down, it may be more trouble than it is worth. To do this means a combination of well-designed IT environments and a thorough, frequently tested plan. It is noteworthy that the high-profile breaches that quickly disappear from the news pages are those where the organisation has involved executives beyond the IT department in its planning. Others without a solid plan endure ongoing scrutiny that seems never-ending.
So how are breaches happening? A huge proportion of breaches don’t so much try to batter down the security gate as to sweet talk their way in. When writer Stephen King said that ‘the trust of the innocent is the liar’s most useful tool’, he could well have been talking about the relationship between users and cyber-criminals. As tactics become more sophisticated, users need to be better educated about the risks.
Gone are the days when it was easy to pick the malicious emails thanks to poorly punctuated requests for bank account details. Cyber-criminals are far more professional, and often backed by better resources than legitimate businesses. Users, busy with their daily tasks, are likely to lack the cynicism of the hardened IT professional. No matter how good your defences, they are limited unless partnered by regular user training and reminders.
Register your interest for our upcoming security events here.
For more information about high-visibility environments, faster time to detection and strong security plans, contact the security experts at Computer Merchants.