Photo - Sumit Bansal, Director, ASEAN, Sophos
This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.
The IT security industry today moves at a rapid pace with new technologies cropping up as quickly as cybercriminals find loopholes and break into networks. Businesses therefore find it increasingly difficult to keep up with security trends and stay ahead of cybercrime.
One of the barriers in enabling organisations, especially small and medium businesses (SMBs), to stay ahead of the game is the fact that they still hang on to commonly held beliefs that no longer work today. As cybercriminals advance, security strategies must also be fluid enough to forestall any security incident that has the potential to paralyse a business. This calls for a much needed mindset change which should be the first step towards achieving better protection and simpler security management for the organisation.
Let's look at what these commonly held beliefs are, and why they should be jettisoned immediately.
#1 - Layered security can adequately protect organisations
Many organisations think that by having layered security, or by combining several security mitigation tools, they will be kept safe from cyberattacks.
If an organisation installs a layer of defence such as traditional anti-malware, it will not guarantee 100 percent protection. Therefore the thinking goes, that if an organisation adds more layers and the layers become more diverse and dynamic, then the system is secure.
However, as cyberattacks become more complex, there are two major flaws in the layered security approach.
Firstly, it is time consuming and costly, especially for SMBs which have budget and manpower limitations. SMBs have to go through a process of evaluation, purchase, deployment, configuration and maintenance of the various security layers, which often comprise offerings from different vendors.
Secondly, attackers today are adept at finding inevitable loopholes between the security layers, and exploiting them successfully. The proliferation of Advanced Persistent Threats (APTs) also means that attackers are more determined and sophisticated than ever, and will definitely have the capability to break into networks.
An approach that provides better protection while being simple to deploy and manage, should triumph over the layered security mentality. This requires true technology integration that allows security components to function as a cohesive system instead of a series of independent security layers.
#2 - Security should focus on the present
Many organisations today still favour a reactive approach over a proactive one when it comes to security. As a result, they deploy products that are focused on what is happening at the moment. For example, these products analyse files when users open or save them, and allow files to run only when they look clean.
This no longer works in the age of sophisticated cybercrime.
A computer may already be at risk or even already be infected, and products with a reactive approach will miss out on this. SMBs in particular are mostly ignorant of the magnitude of cyber attacks. According to a Ponemon study, one-third of 2,000 respondents from
SMBs were not certain whether a cyber attack had occurred in the past 12 months.
Organisations need a system that is more holistic, with real-time capabilities. Such a system can monitor not only what is happening at the moment but also what comes on to the network - such as web downloads, what goes out - such as network communications, and what has happened over time - such as installed applications. The system should also be able to analyse data and patterns in real-time, alert administrators, block or remove threats and provide additional points of detection and control.
#3 - Organisations should just focus on device security
As more and more organisations adopt Internet-connected devices such as laptops and mobile devices for productivity purposes, many of them become focused on securing every computing device. It has become increasingly important to secure devices from potential threats and loopholes, such as software vulnerabilities.
Since users are the weakest link in the security equation, employees may accidentally perform actions that undermine security, such as using their device to connect to an unprotected network.
Focusing on device security creates extra responsibilities for the IT team, such as the creation of BYOD policies, and ensuring every device that is connected to the corporate network is secure.
Instead, security should be extended beyond the endpoint to the users and their data. It is the data that is useful to cybercriminals in most cases, and not the device. Hence, data encryption is critical in this segment.
In conclusion, organisations need to continuously learn and unlearn in order to keep up with the constantly evolving threat landscape.
Sign up for CIO Asia eNewsletters.