Less than 15 years ago, having a good firewall, an anti-virus package on the desktop and some user education about clicking links in e-mails was enough to have a moderate expectation of safety. Those were the good old days.
Today, we face threats conducted by evolving and sophisticated attackers. Organized crime, nation states and politically motivated groups (hacktivists) have replaced the youngster in his parents’ basement and the uber-nerd whose code just got away from him. Attackers are now well funded, highly motivated and have access to unannounced exploits (a.k.a. Zero Day). In fact, there’s an entire market based on finding those vulnerabilities, writing the code to exploit it and selling the code for as much as six figures. It’s enough financial incentive to not tell the manufacturer about the vulnerability.
The Network Has Evolved
The firewall – once the consummate guardian of our computer resources – has become just a single layer of a security program. Society and computing has become more mobile, with laptops, tablets, mobile phones, cloud services and “always-on” Internet access.While these advances offer convenience and productivity, they also expand the threat vectors that your IT department must consider in its management, security and response plans.
Yes, Products Have Evolved
The tech industry has evolved with a variety of product categories aimed at defending against threats. Vulnerability Scanners, Next-Gen Firewalls, Intrusion Detection/Prevention Appliances, and Security Information and Event Management (SIEM) are all built and updated to help a security team deal with potential threats.But products alone are not the panacea. As Bruce Schneier said in 2000, “Security is a process, not a product.” Putting products in place and checking the box labeled “secure me” will not provide the protection you need. A repeatable process to deal with the alerts that these products generate is key to keeping your systems safe.
The 2013-14 Target breach is a perfect example: Alerts were generated about the breach, but the process to research and respond was not followed. As a result, personal data and millions of credit cards were stolen and sold.
Too Small to Be Targeted
“Too small to be targeted” and “no one would want our data” are a couple of the misconceptions we often hear.Smaller companies offer easy targets with computers, storage, bandwidth and little-to-no auditing. They also make great reflector points to directly attack the real targets.
Beside the annoyance and possible public embarrassment of being part of an attack, if your systems are part of a large enough attack, you could find your equipment and data confiscated as evidence in an official investigation.
But there are steps you can take now to ensure the security of your IT systems, and we’ll look at those in a follow-up blog post next week.
Jeff Garell is co-founder of Convergent Technologies Group
No comments:
Post a Comment