The Threat Landscape is Evolving

Trustack MSP Cyber Security, IT Services, IT Support. A cityscape at night with numerous high-rise buildings and glowing points of light. Blue lines connect the lights to various spots in the city, creating a networked pattern that stretches out from the skyline into the sky, hinting at an evolving threat landscape. The scene has a digital or futuristic feel.

The threat landscape is evolving – are you? Article Publish Date: As we continue through 2024 and beyond, the legal sector, like all businesses faces an increasingly complex landscape of security challenges.  Unlike some businesses, law firms are custodians of highly sensitive client data.   They must ensure their security policies and controls address the challenges of 2024 and beyond while adapting to significant changes in working practices. With a dispersed global workforce consuming data in various ways, robust security measures are essential. Two main changes Many business networks are now borderless, employees work from home, holiday homes, foreign countries or whilst travelling.     The devices they use may be company-issued or they may be personally provided.  Legacy security techniques such as corporate firewalls in offices or AV on the endpoint do not deliver the data protection businesses now need.   Combine this with the fact that most companies now operate a multi-cloud vendor model for services like case management systems, payroll, and Microsoft 365. Data locations are more disparate than ever, yet all need to be secured. Key security challenges The usual security challenges remain prevalent: ransomware, phishing and social engineering, insider threats (both intentional and unintentional), and third-party supply chain risks. These threats still need to be combated as the methods around these exploits mature to be more sophisticated.    Additionally new technology threats now also require defending against, such as API vulnerabilities, secrets management for app-to-app security, IoT exploits and obviously AI technologies designed to automate and streamline business processes, which bring a plethora of their own security challenges.   Often legacy security technology vendors cannot adapt existing products or develop new solutions quickly enough to comprehensively defend against these new threats or products against the new techniques used to exploit the more legacy type of threats.  Businesses need to adapt and mature their security policies, user education, and security controls.  New generation vendors offering market-leading Secure Access Service Edge (SASE) platforms, developed in the cloud to protect the hybrid cloud, provide the best protection to businesses in today’s multi-cloud vendor world.  Information security and acceptable use policies from only a few years ago likely do not cover your business’s new working practices and will need to be updated and recommunicated.   User cyber security education is essential. Employees now must be aware of social engineering scams and advanced phishing attacks, ensure their machines are rebooted to apply security patches preventing CVE exploits and remain productive in their daily tasks. A little education can go a long way.    Despite the new challenges, legacy controls still play a crucial role in protecting on-premises systems.  The guardians who manage all of this for your business are constantly under pressure to prevent exploits.  The reality is that breaches will occur at some point; the focus should be on limiting their impact, containing their spread, and responding quickly. Key tools to assist: Market leading: Manage Detection & Response (MDR) services Play a huge role in helping the security teams within your business spot the “needle in the haystack” quickly. This either prevents an exploit or allows you to react to it in real time limiting its impact. Learn more on our Arctic Wolf page. Next-Generation Antivirus and threat prevention solutions (NGAV) Leverage AI and latest techniques to prevent new forms of attacks. Some businesses might need to change their current antivirus vendor to find a product that offers true next-generation protection, but this technology will be fairly familiar to most businesses. SASE solutions integrate key modern security controls Such as Zero Trust Network Access (ZTNA), Next-Gen Firewalls/Web Application Firewalls, and SD-WAN into a single management platform, offering granular policy controls across all aspects of the solution. This is a newer aspect of security control for most businesses, but it is now necessary to secure business data based on the access methods and locations employees use. For instance, can you control how and where employees use cloud storage? For example, can you restrict downloads from a corporate OneDrive account to non-company devices whilst allowing them on company devices, as long as they are in the UK? Another crucial protective solution: Secrets and password management is another crucial protective solution many businesses are considering enhancing application-to-application integrated security. As you can see, usage, threats, and protection techniques have evolved. We all have a responsibility to adapt in order to safeguard our businesses against these new threats.   For more on the current threat landscape and need for recovery plans, read more here.  Get your business on the front foot Share the article to your socials About the Authors Connect on Linkedin

Patch Management: Preventing Breaches

Trustack Connectivity hero image

Patch Management: Preventing breaches Ensuring cyber security In the current digital landscape, organisations encounter a rising multitude of cyber threats and vulnerabilities. To safeguard their systems and data from potential breaches, organisations must give paramount importance to Patch Management. This guide will explain Patch Management, why organizations should use it, and answer common questions about this important cybersecurity practice. Testimonial “Patch management is a necessary headache facing all businesses; however, it is one of the key weapons in the fight against cyber threats. Patch Management keeps us ahead of evolving threats by regularly applying software updates. It closes security gaps, addressing vulnerabilities before cybercriminals exploit them. With up-to-date security measures, we reduce the attack surface and fortify defences. Continuous monitoring and adaptation are essential for Patch Management. Automated tools streamline the process, ensuring timely vulnerability scanning and patch deployment. Regular reporting and analysis help us assess our status, identify gaps, and strengthen our security posture. Trustack’s robust patch management solution cover both operating systems and a large variety of commonly used 3rd party applications.” Russell Henderson, Technical Director What is patch management? Patch Management is crucial for cybersecurity. It involves identifying, acquiring, testing, and applying patches to software to address vulnerabilities. Effective management includes systematic approaches like vulnerability scanning and testing patches before applying them to production systems to ensure compatibility and security. Why should organisations implement patch management? Patch Management is essential for organisations to maintain security and integrity of systems and data. 1. Patch Management helps organisations reduce cyber attack risks by promptly applying patches and updates to address known vulnerabilities. 2. Patch Management protects against cybercriminals by applying security patches to software and systems to prevent malware and exploits. 3. Organisations must update security patches to comply with regulations like PCI DSS, Cyber Essentials Plus, and GDPR. 4. Regular patch management strengthens cybersecurity by reducing vulnerabilities and making it harder for cybercriminals to exploit weaknesses. 5. Implementing Patch Management improves system stability, performance, and user experience by addressing security vulnerabilities and bug fixes. FAQ’s Why is Patch Management important for cyber security? Patch management is crucial for cyber security as it fixes vulnerabilities in software to prevent cyber attacks. How often should organisations apply patches and updates? Apply critical patches promptly based on system importance and vulnerability risk, while less critical patches can follow a regular schedule. What are the challenges of Patch Management? Patch Management poses challenges such as compatibility issues, testing needs, and coordination across systems. Organisations must establish a thorough process with testing, risk assessment, and change management. What happens if organisations don’t apply patches? Not applying patches puts organisations at risk of cyber attacks, data breaches, and legal consequences. Prompt software updates are crucial to prevent vulnerabilities exploitation. How can organisations streamline their Patch Management process? Trustack provides automated patch management solutions to streamline the process for companies, helping prioritise critical patches and ensure timely application.  What is the difference between a patch and an update? Patches fix software problems, updates add new features. Both are released by software vendors. Keeping software up to date is important for security and functionality. What is Auto Patch Management? Auto Patch Management automates patch deployment, ensuring systems are up to date with security patches. It offers benefits like timely updates, efficiency, and risk reduction. Proper planning, testing, and monitoring are still necessary for a secure IT infrastructure. Conclusion In conclusion, Patch Management is a critical practice for organisations aiming to maintain a secure cyber environment and prevent breaches. Patch Management helps organisations avoid security risks by updating software regularly. It also helps them comply with regulations and boost cyber security. Additionally, it enhances system performance and stability. With its numerous benefits, Patch Management should be an integral part of every organisation’s cybersecurity strategy. Get your business on the front foot

(NGAV): Enhancing Cyber Security and Preventing Breaches

Trustack MSP Cyber Security, cloud and hosting hero image symbolizing cloud hosting and digital networking. The background features a dark blue color with a matrix of dotted and numerical patterns.

NGAV: Enhancing cyber security and preventing breaches In today’s connected world, organisations in every industry are worried about cyber threats and data breaches. To combat these evolving threats, many organisations are turning to Next Generation Anti-Virus (NGAV) solutions. This article will discuss NGAV, why organisations should use it, and answer common questions about this new technology. Testimonial “As Trustack’s technical director, I recognise the critical importance of staying ahead of the ever-evolving cyber threats that organisations face to keep ourselves and our clients business as secure as possible. Traditional antivirus solutions are no longer sufficient in combating sophisticated attacks. That’s why we have implemented Next Generation Anti-Virus (NGAV) as a proactive measure to enhance our cyber security defence offerings. NGAV goes beyond traditional antivirus software by leveraging advanced techniques such as behaviour-based detection, machine learning algorithms, and real-time threat intelligence. This enables us to detect and prevent both known and unknown threats, including zero-day attacks that pose a significant risk. This combined with our hosted SoC solutions provides a highly secure, proactive threat hunting set of defences for ourselves and our clients. The behaviour-based approach allows us to identify suspicious activities and block malicious behaviour before it can cause harm to business systems and compromise valuable data. In summary, Next Generation Anti-Virus empowers us to stay one step ahead of cyber threats, detect and prevent advanced attacks, and safeguard our critical assets. NGAV has become an essential investment for all businesses in their cyber security arsenal.” Russell Henderson, Technical Director What is next generation anti-virus (NGAV)? Next Generation Anti-Virus (NGAV) is an advanced cybersecurity solution that goes beyond traditional antivirus software to provide comprehensive protection against modern cyber threats. NGAV is not like traditional antivirus. It uses advanced methods such as behavior-based detection, machine learning, and real-time threat intelligence. These methods help to find and stop complex attacks. Traditional antivirus only looks for known malware signatures. NGAV watches how files and programs act on a computer to find signs of malware. It looks for strange behavior that could mean malware is present. By analysing the behaviour of files in real-time, NGAV can identify and block malicious activity, even if the malware has not been seen before. NGAV uses machine learning algorithms to analyze big data and find patterns that could show malware. By continuously learning from new threats and evolving attack techniques, NGAV can adapt and improve its detection capabilities over time. NGAV is always updated with real-time threat intelligence, providing info on new malware, weaknesses, and ways attackers may strike. This ensures that NGAV can detect and block new and emerging threats, providing organisations with up-to-date protection against the ever-evolving threat landscape. Why should organisations implement next generation anti-virus (NGAV)? Implementing NGAV offers several benefits and advantages for organisations looking to enhance their cybersecurity posture and protect against data breaches. NGAV offers proactive threat detection to prevent significant damage by monitoring files and processes in real-time. NGAV improves system efficiency by using real-time threat intelligence, reducing the need for regular updates and minimising strain on performance. It works alongside existing security infrastructure, enhancing overall security posture. NGAV uses behaviour-based detection and machine learning to find and stop advanced attacks that traditional antivirus programs struggle with. It reduces false positives by accurately identifying and blocking malicious activity, minimising disruptions to legitimate operations. NGAV helps organisations strengthen cybersecurity defences, detect and prevent advanced attacks, and safeguard valuable data and assets. FAQ’s What is the difference between traditional Anti-Virus (AV) and Next Generation Anti-Virus (NGAV)? NGAV uses behavioural detection and machine learning for better protection against new threats compared to traditional antivirus software. What are the benefits of (NGAV)? NGAV uses machine learning and behavioural detection to provide better protection against malware with fewer false positives. Can (NGAV) prevent zero-day attacks? NGAV can prevent zero-day attacks using machine learning and behaviour-based detection to stop new threats before they can cause harm. Is (NGAV) compatible with existing security infrastructure? NGAV works with existing security systems like firewalls and SIEM platforms to enhance overall security posture and improve threat detection and response capabilities. Does (NGAV) require frequent updates like traditional antivirus software? NGAV uses real-time threat intelligence to stay updated on the latest threats, reducing the need for frequent updates and minimising impact on system performance compared to traditional antivirus software. Can (NGAV) detect and prevent insider threats? Next Generation Anti-Virus (NGAV) can detect and prevent insider threats by monitoring user behaviour for suspicious activities within an organisation, such as sudden access to sensitive files or large data transfers, reducing the risk of data breaches and insider attacks. Conslusion Next Generation Anti-Virus (NGAV) offers organisations a powerful and effective solution to combat cyber threats and prevent data breaches. By implementing NGAV, organisations can enhance their cyber security posture, detect and prevent advanced attacks, and safeguard their valuable data and assets. With its advanced features and capabilities, NGAV is undoubtedly a crucial component of any comprehensive cyber security strategy. Testimonial “Trustack understands the paramount importance of maintaining the trust and confidence of our customers when it comes to the security of their data. Cyber threats continue to evolve and pose significant risks to businesses like ours. That’s why we have made the strategic decision to implement Next Generation Anti-Virus (NGAV) as a critical component of our cyber security strategy. NGAV offers us a proactive approach to combating modern cyber threats that traditional antivirus solutions struggle to address effectively. By leveraging advanced techniques such as behaviour-based detection, machine learning algorithms, and real-time threat intelligence, NGAV provides us with enhanced capabilities to detect and prevent sophisticated attacks. By investing in NGAV as part of our stack, we have demonstrated our commitment to maintaining the highest standards of data security for our clients. This not only gives us a competitive edge but also instils confidence in our customers that their sensitive information is safeguarded.  In conclusion, Next Generation Anti-Virus has become a vital investment for us as a commercial organisation. It empowers us to proactively protect against modern

PAM: Strengthening Cyber Security to Prevent Breaches

Trustack MSP Cyber Security, IT Services, IT Support. A digital globe with glowing blue lines and dots represents global connections and networks. Various geometric shapes, lines, and digital clouds surround the globe, suggesting a high-tech or hosting theme. The background is dark blue.

(PAM): Strengthening cyber security to prevent breaches In today’s interconnected and digitised landscape, organisations face a growing array of cyber threats and breaches. To safeguard sensitive data and critical systems from unauthorised access, organisations are increasingly adopting Privileged Access Management (PAM) solutions. This article will explain what PAM is and why organisations should use it. We will also address common questions about this important cybersecurity practice. Testimonial “We collaborate intimately with clients to establish and implement PAM rules, routinely scrutinize privileges, and upgrade the scheme to adjust to emerging threats. In summary, PAM is vital for cybersecurity. It protects sensitive systems and data, mitigates insider threats, and maintains stakeholders’ trust.” ‍Russell Henderson, Technical Director What is privileged access management (PAM)? Privileged Access Management (PAM) is a cybersecurity practice that focuses on managing and controlling privileged accounts within an organisation. Privileged accounts have elevated access privileges, allowing users to perform critical functions and access sensitive data. However, these accounts also pose a significant risk if compromised.  Provides a comprehensive approach to securing privileged access by enforcing strong access controls, authentication mechanisms, and monitoring capabilities. Enables organisations to establish granular control over privileged accounts, ensuring that only authorised users have access to sensitive systems and data. It stops unauthorized access and breaches by only giving higher access to those who need it for their job. Organizations can lower the risk of insider threats, external attacks, and accidental misuse by closely managing access to privileged accounts. Additionally, PAM solutions offer advanced authentication mechanisms, such as multi-factor authentication, to protect privileged accounts from unauthorised access. These methods increase security by asking users to provide more than one piece of evidence to confirm their identities. Through the application of robust authentication, companies can substantially lower the threat of breached credentials being exploited for unauthorized entry into vital systems and information. It is important for our cybersecurity strategy. It helps protect against insider threats and unauthorized access to sensitive systems and data. Allows users to manage and monitor privileged accounts, enforcing the principle of least privilege. This reduces the risk of misuse or abuse, limiting potential malicious activities and data breaches. Provides accountability by tracking and monitoring privileged activities. This visibility helps to detect and investigate suspicious actions promptly. Enforces strong authentication and access control measures, reducing the risk of unauthorized access and credential theft. Assists in meeting compliance requirements by providing detailed audit logs and reports, ensuring adherence to regulations and avoiding penalties. Why should organisations implement privileged access management (PAM)? Implementing Privileged Access Management (PAM) offers several key benefits for organisations aiming to enhance their cybersecurity posture and prevent breaches: 1. Enhanced Security: PAM provides a comprehensive approach to managing privileged access, significantly reducing the risk of unauthorised access and potential breaches. Strong access controls and PAM systems limit access to critical systems to authorised users only. 2. Mitigation of Insider Threats:Insider threats, whether intentional or accidental, can pose a significant risk to organisations.PAM solutions help organisations prevent insider threats by monitoring privileged accounts detecting suspicious behaviour in real-time. 3. Compliance Requirements: Many industry regulations and frameworks, such as PCI DSS and GDPR, require organisations to implement adequate controls over privileged access. PAM solutions help organisations meet compliance requirements through centralised management, auditing, and reporting functionalities. 4. Protecting against Credential Theft: Cybercriminals often target privileged accounts to gain unauthorised access to sensitive systems and data. PAM solutions enhance security by enforcing strong passwords, multi-factor authentication, and regularly rotating privileged account credentials. 5. Efficiency: PAM solutions make managing privileged accounts easier for IT teams by automating tasks and reducing administrative work. PAM streamlines privileged access management, allowing IT teams to focus on other tasks. It also provides auditing and reporting features for compliance and audit requests. FAQ’s What is the difference between Privileged Access Management (PAM) and traditional access controls? Traditional access controls manage user access based on roles, while Privileged Access Management focuses on controlling privileged accounts with elevated access privileges to prevent unauthorised access and breaches. How does (PAM) help prevent data breaches? PAM prevents data breaches by controlling access, monitoring accounts, and responding to threats quickly. It implements least privilege and strong authentication to protect privileged accounts. Can (PAM) be integrated with existing cybersecurity tools and systems? PAM solutions can be integrated with IAM, SIEM, and vulnerability management tools to enhance cybersecurity posture by providing a holistic view of privileged access and potential security risks. Is (PAM) only relevant for large organisations? Privileged Access Management is important for all organisations, regardless of size. Smaller organisations may benefit even more due to limited resources and vulnerability to threats. How does (PAM) address remote access and third-party vendor management? Privileged Access Management tools enhance security by controlling and monitoring remote access to privileged accounts. What is the difference between Privileged Identity Management (PIM) and Privileged Access Management (PAM)? (PIM) focuses on securing identities associated with privileged accounts, while (PAM) controls access to those accounts. PIM manages creation, usage, and deletion of identities, while PAM governs how accounts are accessed, used, and monitored. Both are crucial for cybersecurity in organizations. Conslusion In conclusion, Privileged Access Management (PAM) is a critical component of any comprehensive cybersecurity strategy. By implementing PAM, organisations can enhance their security posture, protect against insider threats, meet compliance requirements, prevent data breaches, and improve operational efficiency. With its robust access controls, monitoring capabilities, and integration possibilities, PAM is an essential tool for organisations seeking to strengthen their cybersecurity defences and safeguard their most critical assets. Testimonial “At Trustack we understand the significant role that Privileged Access Management (PAM) plays in safeguarding our business, customers, and reputation. PAM is a key pillar of our cybersecurity offerings, providing critical controls to protect against insider threats and unauthorised access to sensitive systems and data. By implementing PAM solutions for our clients, we can effectively manage and monitor privileged accounts, which have elevated access rights within our organisation. This ensures that users only have access to the resources necessary for their roles, reducing the risk

Security Operations Centre

Trustack MSP Cyber Security, IT Services, IT Support. A laptop displaying graphs and code sits prominently in the foreground. To the right, a digital illustration of a cloud with data streams represents cloud computing and data transfer. The overall theme is technology and data analysis, emphasizing operations efficiency and security measures in a modern data centre.

Security Operations Centre (sOC) Article Publish Date: Security operations to protect your business 24/7 with the best-in-class cyber security solutions In most cybersecurity breaches, you will not know you have been compromised until the intruder runs their payload which may encrypt your files. In some compromises, there may not be a payload.   The likelihood is that activity such as reconnaissance or data infiltration has been carried out over an extended length of time and is most likely not detected.   But, how do you know if you have been compromised? Arctic Wolf is the market leader in security operations. Security Operations Centre can help by analysing, in real-time millions of events which your IT systems generate to very quickly detect, respond and recover from advanced threats.     Using the cloud-native Arctic Wolf Platform, we help organisations end cyber risk by providing security operations as a concierge service. Highly trained Concierge Security experts work as an extension of internal teams to provide 24/7 monitoring, detection and response, as well as ongoing risk management and fully managed security awareness training to give your business the protection, resilience and guidance you need to defend against cyber threats. Managed Detection and Response Dedicated Security Analysts Monitor, Detect, and Respond to cyber threats before They Impact Your Business. The Arctic Wolf Managed Detection and Response solution is anchored by a dedicated Concierge Security Team who monitors your network 24/7, handles log aggregation and correlation, actively hunts for threats, and provides custom alerts and reports when cyberattacks occur. Managed Risk Continuous Vulnerability Scanning and Endpoint Analytics Managed by Security Experts.     The Arctic Wolf Managed Risk solution helps your organisation reduce its attack surface by identifying vulnerabilities within your network continuously. Get your business on the front foot Our dedicated team is available to answer any queries and provide the guidance and support you need. Contact us on 0191 250 3000 or email at [email protected] to learn more about how we can help protect your business. FAQs What does a Security Operations Centre (SOC) do? A SOC, or Security Operations Centre, is a centralised facility or team responsible for monitoring, detecting, and responding to cybersecurity threats and incidents within an organisation. It serves as a dedicated command centre that focuses on maintaining the security and integrity of an organisation’s systems, networks, and data.   A SOC typically leverages advanced technologies, such as Security Information and Event Management (SIEM) systems, Intrusion Detection Systems (IDS), and other security tools, to collect and analyse security event data. The SOC team monitors this data in real time to identify potential security incidents, investigate them, and respond promptly to mitigate the impact of any threats. The goal of a SOC is to enhance an organisation’s overall security posture, protect against cyber threats, and minimise the risk of data breaches or unauthorised access. How much does a Security Operations Centre (SOC) cost in the UK? The cost of a Security Operations Centre (SOC) in the UK can vary widely depending on several factors, such as the size of the organisation, the desired level of sophistication, the scope of services offered, and whether the SOC is built in-house or outsourced. It is recommended to consult with cybersecurity service providers to get accurate cost estimates based on specific requirements. Do I need a Security Operations Centre (SOC)? The need for a Security Operations Centre (SOC) depends on the size of your organisation, the sensitivity of your data, and the level of cyber threats you face. Generally, organisations that handle sensitive data, have a large online presence or are subject to industry regulations can greatly benefit from having a SOC in place. A SOC helps detect and respond to security incidents promptly, minimising the potential impact on your business. What are the components of a Security Operations Centre (SOC)? A Security Operations Centre (SOC) typically consists of several key components, including: Security Incident and Event Management (SIEM) system for log analysis and correlation. Intrusion Detection and Prevention Systems (IDPS) for monitoring network traffic. Threat intelligence feeds and vulnerability management systems. Incident response team for investigating and mitigating security incidents. Security analysts and engineers responsible for monitoring, analysis, and response. Incident ticketing and tracking system for managing incidents and their resolution. What are the capabilities of a Security Operations Centre (SOC)? The capabilities of a Security Operations Centre (SOC) typically include:   Real-time monitoring of security events and alerts. Threat detection and analysis. Incident response and management. Vulnerability management. Forensic analysis. Threat intelligence integration. Continuous monitoring of security controls. Regular security assessments and audits. What are the levels of Security Operations Centre (SOC)? A Security Operations Centre (SOC) can be classified into different levels depending on its capabilities, resources, and maturity. The common levels are:   Level 1: Basic monitoring and triage of security events. Level 2: Advanced monitoring, threat detection, and initial incident response. Level 3: Comprehensive threat detection, incident response, and ongoing management. Level 4: Advanced threat hunting, security analytics, and proactive threat intelligence. What is the difference between the Security Operations Centre (SOC) & the Cyber Security Operations Centre (CSOC)? SOC stands for Security Operations Centre, while CSOC stands for Cyber Security Operations Centre. The terms are often used interchangeably. However, some organisations may use “CSOC” to emphasise a stronger focus on cybersecurity and advanced threat detection capabilities. How do I set up my own Security Operations Centre (SOC)? Setting up your own SOC requires careful planning and consideration. It involves defining objectives, identifying the necessary tools and technologies, hiring or training skilled personnel, establishing processes and procedures, and ensuring integration with existing security controls. It may be beneficial to consult with experienced cybersecurity professionals or consider partnering with a managed security services provider for guidance and support. How much does it cost to run a Security Operations Centre (SOC)? The cost of running a SOC can vary significantly depending on factors such as the size of the organisation, the level of sophistication required, the number of security analysts needed,

Your Journey to a Stronger Security Posture

Your journey to a Stronger security posture Article Publish Date: A report from the World Economic Forum has found that cyber security is among one of the major emerging risks to the global economy. The report found there was a 435% increase in ransomware in 2020 and that attacks are becoming more widespread and sophisticated to compromise vulnerable targets. Businesses need more protection now than ever before and the shift to remote working since 2020 has left many businesses vulnerable and is one of the biggest factors that has led to the growing threat landscape.    At Trustack, our best-in-class cyber security management solutions can help you protect your data both on-premise and in the cloud. In this edition of Trustack Talks: Our Technical Director Russell Henderson, shares his top tips to guide our customers on their journey to hardening their security posture. 1. Prevention The saying goes “Prevention is better than cure” and that’s exactly what we try to ensure when talking to our clients about a multi-layered security approach and the managed solutions we offer.   Having the latest generation security in place from the edge of your network through to the central applications and services both on premises and in the cloud can help strengthen your defences. From immutable backups both on premise and in the cloud together with server and endpoint protection, AV and AM with advanced threat hunting and correlation across the estate, a hosted/ managed SIEM or Security Operations Centre and disaster recovery solution, this multi-layered approach to your security solutions will work in tandem to detect threats and protect your business. 2. Cure A truly air-gapped and immutable copy of your backup data is really the only form of cure in today’s world. With manufacturers announcing vulnerabilities weekly, it’s futile to expect a business to be able to class itself as secure from cyber threats. Between a multi-layered security approach and a strict and comprehensive patch routine, the best you’ll achieve is limiting the speed or breadth an exploit can reach in your environment.   So, the only true cure is a known guarantee of restoring your data and systems to a known working state as quickly as possible with the use of immutable backups. There will be disruption to your business as you will suffer some data loss following a breach, with the prevention layers deep scanning systems to prove they are clear of threats, but ultimately you will call upon the ‘cure’ to recover your data. 3. General best practice With human error playing a big role in many security breaches, it is imperative that businesses keep on top of employee training to ensure they understand the risks, are better equipped to spot threats such as a phishing attempt and also to help them adopt best practices to ensure they behave in a data-secure way.   In addition to training, it is important to define a robust data handling policy that employees adhere to at all times. Areas that may be included are user access control permissions, best practices for data protection such as encryption and two-factor authentication and the process employees should follow to securely dispose of data. 4. Self-reliance It’s sometimes surprising to hear how dependent a client has become on their third-party IT provider, for example not being able to manage and drive a solution that has been deployed for them. This can sometimes be their larger security platforms, which admittedly can be complex. However, I see this as a big risk. Security vulnerabilities are being found at an increasing rate; exploits are being developed at the same speed if not faster. I can see at some stage a large exploit attack against a major vendor vulnerability resulting in third-party service companies becoming swamped. Imagine a major Microsoft vulnerability being exploited that corrupts a current server operating system in a major way. No third-party IT company is geared up to facilitate full system recovery or threat defending for the majority of their client base simultaneously. Whether they are a global supplier with tens of thousands of clients or a small local supplier with a couple of hundred clients, they will have both scaled their business to accommodate the usual run rate from their clients, not to accommodate a deluge of large-scale protracted defence or recovery services that can be delivered to all clients simultaneously.   In this scenario having the skills to drive and manage your security solutions yourself will become critically important, being able to self-service against the exploit or threat initially until your third-party provider can respond to you could be the difference between being completely dead in the water or being able to continue to operate at a reduced capacity for a few days. 5. Listen to advice A lot of the time people think they are just being sold to, but if you have a trusted provider of knowledge telling you that you need to do something, you probably need to do it. Listen to them.   Good quality consultancy companies should be bringing new ideas, best practices and solution improvements to their client base continually, the reason being, that technology solutions and requirements are continually evolving. What was suitable for purpose not so long ago is probably now either seen as too slow, too cumbersome, too inefficient or not secure enough. However, I have had first-hand experiences of people who don’t invest in their security estate over the years with the mentality of “it will never happen to me” or “who would want to get their hands on our data?”   The fact is, if someone compromising your data stops your business from functioning and can earn ransom money, they want your data. The tools available to attackers these days make it easier than ever to exploit one of the many vulnerabilities that continue to surface 6. Security-first mindset Retrofitting security around a solution that has already been designed, or worse still already deployed is harder work than factoring it in from the