I was inspired to write this article based on the fact that we are going to visit my family this summer for our annual family trip. I am blessed to have two daughters that are old enough to have their own laptop but not old enough to take proper care of it. Of course, by my standards and what I expect, that may not be a fair assessment. Being in an airport and trying to keep track of not one, but three laptops inspired me (for some reason) to write up 9 quick ways to improve an organization’s risk to a breach, attack, or virus.
Let’s get started with the first thing that crossed my mind.
- Encrypt your laptop! Did you know that 7500 laptops are lost every week in US airports alone! Only 40% of those (156,000) are ever recovered (Source-2010 Airport Insecurity: The Case of Lost Laptops, Ponemon Institute Independent Research Report Sponsored by Dell, December 2010). Even more sobering – only 5% of US business laptops are ever recovered. You can’t control user behavior, and humans by nature are forgetful, rushed, stressed and that’s only in airports! However, you can prepare for an imperfect world that expects perfect results.
If you haven’t implemented a good encryption product on your workforce’s PC’s, you are only waiting to have your data compromised. It’s not a matter of if, but when. The average cost of a missing laptop is over $49,000, determined by replacement cost, detection, forensics, data breach, loss of intellectual property costs, lost productivity and legal, consulting and regulatory expenses. (Source: The Cost of a Lost Laptop, Sponsored by Intel Corporation, Independently conducted by Ponemon Institute LLC, April 2009).
- Defend the Edge! My uncle once taught me that one needs to look under the hood of a car to see what is really powering the machine (okay, in this case it was a PC – he’s an engineer!). The point I am trying to make is, not all Firewall solutions are created equal. If you are using a “Managed Firewall” solution from a Telecommunications provider, chances are that you are utilizing a previous generation defense tool that looks to keep out AV elements but is lacking in Web 2.0 protection. The same goes for standard 1.0 Firewalls from the leading security providers. Those appliances became outdated pretty quick.
What are Web 2.0 threats? I am referring to Bots, SQL injections and other “zero-day attacks”. The latest and greatest solutions have clear strategies and processes for defense against these and will give your old Firewall some much-needed muscle. The solutions that make the most sense for edge defense to combat Web 2.0 threats are Intrusion Protection (IPS) and Data Loss Prevention (DLP). Implementing these, in conjunction with a Firewall, can boost the perimeter of your organization to minimize the risk of attack. Or, your organization could…..
- ….consider a Next-Generation Firewall! Designed for multiple purposes, the next-generation firewall provides protection against outside threats but also such elements as traffic shaping, filtering, IPS, DLP and other technologies. These devices may cost a bit more than your old, standard Web 1.0 Firewall, but when you consider that Risk=Security-Performance, this is really something that every organization needs (or will need very soon).
- Automate your Reporting Process! Chances are, your organization uses disparate products for Anti-Virus, Firewall, Filtering, etc…..and when an event occurs, it makes it quite difficult to gather data quickly. This time-frame, defined as the “window of vulnerability”, is critical to an organization because that is when it is most “at-risk”. One of the easiest ways to fix this problem is to find a Reporting Solution that allows you to manage disparate devices from one central console.
If your company has ever experienced a breach or has been audited, you likely have felt that pressure to produce the reports quickly. This is one of the simplest things that your company can fix. Find a reputable security consulting company and explore the options available to you. Some even allow management of devices that are non-native to their product set, significantly lowering the TCO (Total Cost of Ownership).
- Find a reliable Archiving solution! Given the proliferation of regulation in this decade, having a mechanism to quickly ward off a potential lawsuit or investigation is certainly something that provides CIO’s and CEO’s peace of mind. Finding an archiving solution, whether Cloud or Appliance-based, should provide you the ability to sort, discern quickly identify important content at a moment’s notice.
- Use a Web Filter! IT Risk is defined as Risk=Security-Performance. Most organizations look at performance as the ultimate metric, but at what cost of their security? The key for truly successful organizations is to find balance, and an effective web filtering solution can provide just that. The ability to keep traffic defined as less priority (Social Media, Video, etc…..) can take a back-seat to mission-critical traffic that keeps your business booming. Further, this can keep your workforce focused on applications/business during the time you need them focused-at work!
- Identify your mission-critical applications! All companies are different to some degree, but there is usually one commonality: there are mission-critical applications that must be kept up in order for the business to survive. What I’ve identified in my talks with CIO’s over the past few months (surprisingly to me but what the analysts have been saying for a few years now) is that many of these mission-critical applications are being outsourced through a Cloud or Software-As-A-Service (SAAS) model. That’s fine, so long as the SAAS/Cloud solution has a top-notch security infrastructure and a Continuously-available environment.
What about those companies that host their own mission-critical applications? At the most basic level, there are backup and restore options. In that scenario, restoration becomes just as important as the backup function due to the time of restoration being such a critical factor. The ultimate solution in this field is what is called “Continuous Availability”, which allows critical applications to be replicated in real-time and fail a primary server over to a second (or third) server in an outage. This cloned environment also allows companies to take advantage of commodity hardware.
One thing that is certain in this world – hardware will fail at some point. It’s just a matter of when!
- Secure those mobile devices! Make sure any solution that you are considering on an enterprise level includes a mobile solution. The use of iphones, Blackberrys, Droids and iPads has increased our corporate security risks exponentially as it has significantly expanded the workplace (and, as an extension, the corporate network). Typically, the use of social media sites on these devices is off-the-charts with these devices, so finding a true Enterprise Mobile Management solution is paramount to securing the network. This is expected to be one of the biggest growth areas in IT security over the next few years, as hackers and cyber-criminals are looking for the greatest areas of vulnerability.
- Analyze the network you’ve got now! So, you’ve paid a ton of money for an all-encompassing solution to protect your organization. Your defense strategy boasts Anti-Virus, Firewalls, Intrusion Protection, Data Loss Prevention, Reporting & Compliance Automation, Management Consoles that allow you to set up policy-based rules that can change on the fly, and so-forth. Would it hurt to take a look inside the network to make sure it’s clean?
A very cutting-edge solution provider that I work with absolutely blew me away with a metric a few weeks ago. They stated “100% of the time we have deployed our device in a test network environment (demo), we have found between 1-7% of all traffic within to be undesired”! This is an absolutely huge statement, and one that I have seen verified in test environments where all of the gear/software and strategy were previously in place.
In other words, there is now a solution to stay one step ahead of the cyber-criminals who are already in your network. Operating in a passively-deployed setup, the device searches the network for malware, bots, and other threats without any trace of detection. It is quite unlike any offering available today and is in what I would term “early adopter” stage presently.
Given the highly publicized breaches of the last 90-days (Sony, Sega, US Senate, Citigroup), it pays to stay ahead of the pack.
I hope that this article has provided an overview the cyber landscape of 2011 and given you some good ideas to use.
© 2011 – 2014, Eric Blaier. All rights reserved.