Last Saturday was Computer Security Day. The day itself is a clear reminder for organisations to ensure that not only their computers, but all the devices and data they have on-premises and in the cloud, are safe and secure. IT security has become an ever more pressing issue, and a recent survey by the UK government found that around a third (32%) of businesses and two in ten charities (22%) report having cyber security breaches or attacks in the last 12 months. Bearing this in mind, UK Tech News spoke to a handful of IT industry experts on how organisations can ensure security remains at the top of their agenda not just on Computer Security Day but all year round.
Update the IT infrastructure and show resilience
With cyber attacks and ransomware hitting the headlines regularly, it’s still shocking how many organisations have not learnt from others’ mistakes. Alan Conboy, Office of the CTO at Scale Computing discusses why this is an issue:
“Where before organisations were able to avoid modernising their infrastructure defences due to the cost, now, it is more costly not to do so.
“This malicious momentum has grown significantly since 1988, and it’s now more important than ever for businesses to realise that traditional legacy tools are not only slowing their digital journey down, but leaving them vulnerable to tactical and well-organised criminals. Organisations should take advantage of highly-available solutions, such as hyperconvergence and edge computing, that allow them to not only keep up with changing consumer demands, but deploy the most effective cyber defences, disaster recovery, and backup.”
Organisations need to have visibility of their IT infrastructure. Stephen Gailey, Head of Solutions Architecture at Exabeam says:
“An attacker with valid credentials looks just like a regular user. Identifying changes in the behaviour of these credentials is the key to successfully uncovering an attack. But in an age of alert overload, security teams are often overwhelmed and can struggle to make sense of the data in front of them. Applying User and Entity Behaviour Analytics (UEBA) to the data already collected within most organisations can help security teams connect the dots and provide a useful profile of network user activity. It may not stop you being breached, but it will tell you about it before the damage is done.”
Gijsbert Janssen van Doorn, Technology Evangelist at Zerto argues that implementing protective precautions is simply not going to cut it when it comes to cyber security:
“As the odds of suffering from a cyber-attack grow, businesses need to ensure they are prepared for what will happen after a disaster. Because, in order to maintain a healthy reputation and pocket, organisations will need to do more than just keep people out and precious data safe. They will also need to demonstrate how cyber resilient they are by quickly returning back to functioning as normal and minimising the potential long-term impact of a cyber attack.”
Secure data everywhere
Data stored in the cloud needs securing just the same as that stored on local servers. Anurag Kahol, CTO at Bitglass argues that cloud adoption has made sensitive data more accessible:
“Unfortunately, in cloud-based IT environments, organisations often don’t have the right security measures in place, making it highly challenging to detect anomalous or careless employee behaviours.
“In fact, a recent Bitglass report found that while 86% of enterprises have deployed cloud-based tools, only 34% have implemented single sign-on (SSO), one of the most basic and critically important cloud security tools. As such, Computer Security Day serves as a good reminder for businesses to review and revise their approaches to data protection. By better understanding modern threats and deploying the appropriate security solutions, many of these risks can be mitigated and even eliminated.”
Instil security awareness into employees
Having the right security software is vital to ensuring basic security in organisations, but employees should have an awareness too.
Jan van Vliet, Vice President & General Manager EMEA at Digital Guardian says:
“Businesses need to step up their phishing awareness efforts, including educating remote workers about attacks via SMS and smartphone apps. A method of good practice is to deploy software that can warn employees when a program attempts to download a file from the Internet or write a file to disk. Prompts can also help train users to recognise and report attacks in progress. Continued training initiatives are also very important in raising employee awareness and make them more cautious.”
Agata Nowakowska, Area Vice President at Skillsoft also agrees that security training needs to be part of employee training:
“There are a wealth of sophisticated education and training strategies now available that allow organisations to reward and retain employees whilst simultaneously improving corporate security from within. From expert-led instruction to continuous hands-on experiential learning, organisations are putting in place complete frameworks for training and certification that can tighten corporate IT security, making them less vulnerable to both external attacks and insider threats.”
Many employees are already used to seeing standard messages from their IT departments on the importance of installing anti-virus, ensuring software is up-to-date, enabling two factor and even not entering your credentials from a link sent via email. This is what Steve Nice, Chief Technologist at Node4 believes:
“However, looking forwards, cyber criminals will begin to employ big data analytics to feed AI systems that target their prey more efficiently for phishing emails. At the moment it’s still untargeted – even if it is directed at a specific company – and the hit rate is very low. Cyber criminals will continue to use phishing emails to deliver ransomware to target businesses, as they know that their assets are valuable, and to continue working they have to pay. But, what we’ll see is this activity spreading to household users who will have their cars and homes targeted. Wouldn’t you pay to get control of your car or home back? It’s a few years off, but it’s inevitable.”
Computer Security Day should be a clear reminder to organisations to not only update their IT infrastructure with the right security procedures in place and show resilience, but also educate employees to know what to do in the face of a ransomware or phishing attack.