Organisations have spent millions of dollars to strengthen security, but malicious attackers continue to infiltrate systems regardless of what barriers are in their way. Because of this, organisations are now building security into each business process. Although this adds much more time to the project timeline, many believe it is worth it.
We believe that these 5 tips, mentioned in Computer World (October 2015), are critical to the security of mid-market organisations:
1. Strengthen the network perimeter
The continuing breaches at major organisations have hammered home the reality that signature-based perimeter tools are ineffective against the highly targeted attacks of the sort employed by malicious hackers these days. Few organisations appear ready to forgo perimeter technologies altogether, and many insist that the tools still play an important role in protecting against malware.
2. Build a detection and response capability
Preventative tools based on static rules and signatures cannot stop determined, advanced attackers from gaining a foothold. It's important, therefore, to prioritise early detection and response to ensure that an intrusion won't result in business damage or loss.
To drive this change, IT leaders need to use tools that give them more granular visibility into what is happening across their infrastructure.
It's necessary, for instance, to augment existing log-centric monitoring with network packet capture and endpoint-monitoring technologies that enable security administrators to get a more complete picture of attacker activity.
3. Secure code development
To prevent applications from being attacked, and thereby safeguard data integrity, mid-sized organisations must make security part of all the phases of the software life cycle, and proper code review practices need to be in place.
Developers and operations teams need to recognise that security must be a shared responsibility and work to integrate controls earlier in the product life cycle. And it needs to happen more often than what's going on now.
4. Take care of the people factor
Many of the biggest attacks in recent years have started fairly innocuously, with attackers gaining entry into networks using log-in credentials belonging to legitimate users such as employees, business partners or suppliers. Hackers use slick social engineering techniques and phishing emails to pry loose a password and username belonging to someone with access to a corporate network and then use that initial foothold to find and access critical organisational systems and data stores.
5. Secure your business processes
A company can have the best security technology and still be tripped up by bad practices and processes.
Cybersecurity should be a top priority, and leadership teams and boards of directors recognise this fact. Directors want and demand to know what the company's cybersecurity stance and position is from a controls, governance and operational perspective.
If you want to capture and retain the trust of your customers, security and privacy will be baked into your culture and value proposition.
At BTAS, we know how critical security is for mid-sized organisations. We ensure that we intelligently build security into the design and deployment of networks.
Contact us to find out more...
Source: Computerworld, 6 October 2015, http://www.computerworld.com/article/2987154/security/5-tips-for-better-enterprise-security.html?phint=newt%3Didge_insider_newsletter&phint=idg_eid%3D36d611807a30cff685e92f3bc129f2c2#tk.IDGENTERPRISENLE_nlt_insider_2015-10-08