Sanjay Rohatgi
One of the greatest advantages of a mobile-enabled workforce is no doubt the employee’s ability to always be connected. Unfortunately, this also expands risk. While employees previously left their data at work, they are now traveling the world with access to corporate data anywhere, anytime.
In the former single-phone corporate environment, mobile devices were relatively straightforward to manage and secure as they had limited or no access to corporate data. As the popularity of smartphones exploded in the last five years, IT departments have learnt to deal with the trend of ‘Bring Your Own Device’.
But today, it is no longer just about the device, but also about ‘Bring Your Own Application’ and ‘Bring Your Own Cloud’ into the workplace.
Mobile applications and cloud services are increasingly embedded into all parts of our personal lives. Organisations are finding that their employees increasingly want to use their own apps, clouds, personal mobile devices and platforms to work (often alongside corporate-provided devices/platforms). And they can’t be stopped. Employers need to embrace the use of mobile devices and cloud storage tools, such as Dropbox and Google Drive, for both work and personal agendas, or risk losing their talent.
In today’s complex and rapidly changing threat environment, information security professionals are facing increasing number of security breaches than ever before – in 2014, more than 317 million new pieces of malware created last year, and five out of six large companies were attacked.
Another trend observed this year was the increase in security threats in small and medium-sized organisations. About 60 percent of all targeted attacks struck small and medium sized organisations globally, since these organisations often have fewer resources to invest in security. Many are still not adopting basic best practices like blocking executable files and screensaver email attachments.
With personal devices and cloud applications now being used to access corporate email, calendars, applications and data; many organisations are struggling with how to fully define the impact to their security posture and establish acceptable procedures and support models that balance both their employees’ needs and their security concerns.
Companies are managing up to 75 point products, resulting in too many alerts and false positives to deal with. Most attacks go undetected because today’s security products are not integrated across all three control points: endpoint, network, email.
So, what can companies do to better protect themselves and their customers’, sensitive data from security threats?
Uncover advanced threats – The first step is to gain visibility of the present state of dormant and active live threats within your network environment and across your IT asset estate. Advanced attacks can cut across multiple control points making it worse for customers. What’s more, many threats go undetected for months or longer. Your IT department will need to secure user devices accessing emails and also provide additional access to content and web apps. Consider threat protection solutions for your organisation that can detect and analyse advanced attacks designed to bypass traditional security defenses.
Prioritise what matters – With hundreds of available security products, you’d think that enterprises would be able to quickly uncover and remediate new attacks, but we know this often isn’t the case. Why is that?
Well, for one thing, today’s security products are largely not integrated – security analysts need to examine many distinct consoles and manually “connect the dots” to get visibility into suspicious activity in their environment. Then, once a security team does learn about an attack inside their organisation, it can require days, weeks, or even months to completely remediate it. That’s why organisations should assess the situation and prioritise those that are the most critical and time-sensitive. Which of these vulnerabilities could lead an attacker to our critical business assets? Which of these vulnerabilities are easy for attackers to exploit?
Remediate fast – For incident response teams, the clean-up process often requires manually hunting through hundreds or thousands of systems to find all of the attack artifacts and remediate all attack components. Followed by individual policy updates to each individual security product – networks, endpoints and e-mail gateways – to ensure that the attack can’t gain access to the company again in the future. All these takes a lot of time and organisation can’t always patch or remediate all IT vulnerabilities as soon as they’re discovered.
So how can organisations identify vulnerabilities to isolate those that will have the greatest impact, and deploy their limited resources in the most effective manner possible? If you lose your phone or PDA that was issued by an organisation, your IT department may consider to revoke issued certificates or ask you to log into websites to change your password immediately. Furthermore, companies should opt for security products that can provide administrators with the visibility and “rich” intelligence needed to uncover and remediate advanced attacks.
Leverage existing investments – Organisations don’t want to install any more point products or any new agents that potentially cause disruption to their entire enterprise. Solutions like Symantec Advanced Threat Protection (ATP) leverages existing threat protection infrastructure, helping companies to achieve an effective data protection regime without the expense and implementation issues from vendors.
These are some of the steps businesses can consider to protect against security breaches. By adopting strategies that are flexible and scalable and taking advantage of new and upcoming security features, organisations will be better-equipped to deal with incoming — and even sometimes unforeseen — challenges to their security infrastructure.