A report from the World Economic Forum has found that cyber security is among one of the major emerging risks to the global economy. The report found there was a 435% increase in ransomware in 2020 and that attacks are becoming more widespread and sophisticated to compromise vulnerable targets.
Businesses need more protection now than ever before and the shift to remote working since 2020 has left many businesses vulnerable and is one of the biggest factors that has led to the growing threat landscape.
At Trustack, our best-of-breed cyber security management solutions can help you protect your data both on premise and in the cloud.
In this edition of Trustack Talks, our Technical Director Russell Henderson, shares his top tips to guide our customers on their journey to hardening their security posture
1. Prevention
The saying goes “Prevention is better than cure” and that’s exactly what we try to ensure when talking to our clients about a multi-layered security approach and the managed solutions we offer. Having the latest generation security in place from the edge of your network through to the central applications and services both on premises and in the cloud can help strengthen your defences. From immutable backups both on premise and in the cloud together with server and endpoint protection, AV and AM with advanced threat hunting and correlation across the estate, a hosted/ managed SIEM or Security Operations Centre and disaster recovery solution, this multi-layered approach to your security solutions will work in tandem to detect threats and protect your business.
2. Cure
A truly air-gapped and immutable copy of your backup data is really the only form of cure in today’s world. With manufacturers announcing vulnerabilities weekly, it’s futile to expect a business to be able to class itself as secure from cyber threats. Between a multi-layered security approach and a strict and comprehensive patch routine, the best you’ll achieve is limiting the speed or breadth an exploit can reach in your environment. So, the only true cure is a known guarantee of restoring your data and systems to a known working state as quickly as possible with the use of immutable backups. There will be disruption to your business as you will suffer some data loss following a breach, with the prevention layers deep scanning systems to prove they are clear of threats, but ultimately you will call upon the ‘cure’ to recover your data.
3. General best practice
With human error playing a big role in many security breaches, it is imperative that businesses keep on top of employee training to ensure they understand the risks, are better equipped to spot threats such as a phishing attempt and also to help them adopt best practices to ensure they behave in a data-secure way. In addition to training, it is important to define a robust data handling policy that employees adhere to at all times. Areas that may be included are user access control permissions, best practices for data protection such as encryption and two-factor authentication and the process employees should follow to securely dispose of data.
4. Self-reliance
It’s sometimes surprising to hear how dependent a client has become on their third-party IT provider, for example not being able to manage and drive a solution that has been deployed for them. This can sometimes be their larger security platforms, which admittedly can be complex. However, I see this as a big risk. Security vulnerabilities are being found at an increasing rate; exploits are being developed at the same speed if not faster. I can see at some stage a large exploit attack against a major vendor vulnerability resulting in third-party service companies becoming swamped. Imagine a major Microsoft vulnerability being exploited that corrupts a current server operating system in a major way. No third-party IT company is geared up to facilitate full system recovery or threat defending for the majority of their client base simultaneously.
Whether they are a global supplier with tens of thousands of clients or a small local supplier with a couple of hundred clients, they will have both scaled their business to accommodate the usual run rate from their clients, not to accommodate a deluge of large-scale protracted defence or recovery services that can be delivered to all clients simultaneously. In this scenario having the skills to drive and manage your security solutions yourself will become critically important, being able to self-service against the exploit or threat initially until your third-party provider can respond to you could be the difference between being completely dead in the water or being able to continue to operate at a reduced capacity for a few days.
5. Listen to advice
A lot of the time people think they are just being sold to, but if you have a trusted provider of knowledge telling you that you need to do something, you probably need to do it. Listen to them. Good quality consultancy companies should be bringing new ideas, best practices and solution improvements to their client base continually, the reason being, that technology solutions and requirements are continually evolving. What was suitable for purpose not so long ago is probably now either seen as too slow, too cumbersome, too inefficient or not secure enough. However, I have had first-hand experiences of people who don’t invest in their security estate over the years with the mentality of “it will never happen to me” or “who would want to get their hands on our data?” The fact is, if someone compromising your data stops your business from functioning and can earn ransom money, they want your data. The tools available to attackers these days make it easier than ever to exploit one of the many vulnerabilities that continue to surface
6. Security-first mindset
Retrofitting security around a solution that has already been designed, or worse still already deployed is harder work than factoring it in from the beginning. It is far easier to ensure it is secure from the outset before it is rolled out to users. It is also often more costly to subsequently adopt MFA, conditional access or develop RBAC controls in a system that is already operating in a live manner. This is partly because it is often somewhat disruptive to introduce, test and deploy these security methods with live users, often resulting in changes being required based on feedback. In some cases, it simply isn’t possible to retrofit the level of security you want into a live system with 10’s or 100’s of thousands of records being used, either because of cost, disruption or the business/ user mindset that you are now being too restrictive and impacting their ability to deliver their job compared to what they had before. It is far simpler and cost-effective for a business to get the security requirements understood and baked into a new solution from the outset.
