Gone are the days when enterprises used to think that they would be safe if they install and regularly update their end user antivirus software. Cybercriminals and target attackers are always finding new ways to infiltrate your network and install Trojans or other malicious virus. Recently we have witnessed attacks where cyber espionage groups install remote access Trojans (RAT) and thereby weaponizing malware payloads exploiting 0-day vulnerabilities. This sort of advanced persistent threats (APT) has pushed enterprises across the world to revisit their border security and focus more on their internal security. No enterprise is 100% secure and can avoid zero day attacks. Enterprises cannot afford to remain nonchalant and feel that their security measures cannot be breached.
To be prepared and mitigate attacks, there are certain areas where enterprises need to be more focused and vigilant.
Enterprise Password Security: Enterprises need to monitor the security logs of users while setting healthy clipping levels. An effective password management tool not only improves the enterprises productivity but also significantly impacts in reducing the cost of operation. This enables enterprises to take further steps like integrating top forgotten passwords, violated users etc. with an internal monitoring system.
An example of a recent password related security breach is that which Adobe suffered in 2013, where close to 150 million encrypted passwords were leaked which resulted in cyber attackers releasing a list of the 100 most commonly used passwords.
- Training and Phishing awareness: Phishing today is one of the most common type of cyber-attacks, especially in money laundering. However, it has been observed that attackers use various techniques such as shoulder surfing, dumpster diving and social engineering etc. before executing an attack. To counter these sort of attacks, enterprises can use fake phishing attacks to analyze user behavior. This can later be used to be trained and educate on users on potential threats and how to curb such attacks.
- Mobile devices: Enterprise today want their applications to be made available to users around the clock and users want to access them through handheld devices. This improves efficiency, productivity and response time but at the same time makes the system more vulnerable to cyber-attacks. This makes implementing BYOD policies in order to protect the data lying in handheld devices by implementing robust BYOD policies. Strong BYOD policies should prevent local storage of secure corporate data on personal devices such as containerization, and protect data-in-motion with encryption.
- Connectivity Security: Wi-fi networks are perhaps the most vulnerable to attacks. Irrespective of from where the user accesses his device, it's imperative for end users to understand the risks associated with wireless networks. Users should be well aware of common threats such as "evil twin" and "war driver" attacks. To defend themselves from these attacks and access networks securely, SSL VPN with additional layer of security must be used. The encryption prevents the war driver from being able to read your communications, and thus secure sensitive information.
- Data Protection: With more and more enterprises resorting to outsourcing their core operations, there is an increase in the number of temporary staff. This in turn results in making critical data more vulnerable to attacks. Recently, we have seen instances of disgruntled employees stealing and then selling sensitive data in the black market. To add to this non-compliance can lead to hefty penalties and damage to your enterprises brand value. This makes it imperative to use tools and technologies such as DLP to be prepared to properly defend such attacks.
- End Point protection: End point security is one of the most important parts of IT security. If not hardened properly, end Points are most vulnerable to attacks. End points have to be updated with service packs hotfixes, and enabled with security settings. Apart from that security policies will have to be fine-tuned and continuous auditing needs to be encouraged. The kind of threats looming uncontrolled endpoints in an enterprise network are often ignored because most users are not aware of the security risks involved. Therefore, educating the users of end point data protection and the potential threats will go a long way in helping in reducing risks.
- Proactive response and investigation team: The last but not the least, is the war room of any organization, which is the security operation center. The security operation center is responsible for day-to-day operations as well as investigating disasters. Here, it is suggested that you have three layers of security monitoring and management teams and properly segregating duties among them. While the monitoring team will have L1 resources which will be primarily responsible for monitoring the security logs. They will be well-equipped with standard operating procedures (SOP). Subsequently, this will enhance productivity and reduce false positives alerts. The next layer is comprised of L2 resources which will be responsible for configuration, change, incident and problem management. The last layer in the team comprises of L3 resources which will be responsible for troubleshooting and vendor case locking. This will not only ensure smooth operation but also assist in proactively responding alerts.
Learn more about End Point Protection Systems offered by HCL Tech!