By Sumit Bansal
The infocomm security industry today moves at a rapid pace with new technologies cropping up as quickly as cybercriminals finding loopholes and breaking into networks.
Businesses therefore find it increasingly difficult in keeping up with security trends and staying ahead of cybercrime.
One of the barriers in enabling organizations, especially small and medium businesses (SMBs), to stay ahead of the game is the fact that they still hang on to commonly held beliefs that no longer work today.
As cybercriminals advance, security strategies must also be fluid enough to forestall any security incident that has the potential to paralyze any business. This calls for a much needed mindset change which should the first step towards achieving better protection and simpler management for the organization.
Let?s look at what these commonly held beliefs are, and why they should be jettisoned immediately.
#1 – Layered security can adequately protect organizations
Many organizations think that by having layered security, or by combining several security mitigation tools, it would keep them safe from cyberattacks.
Theoretically, if an organization installs a layer of defense such as traditional anti-malware, it will not guarantee 100% protection. Therefore, if an organization adds more layers and the layers become more diverse and dynamic, then the system is secure.
However, as cyberattacks become more complex, there are two major flaws of the layered security approach.
Firstly, it is time consuming and costly, especially for SMBs which have budget and manpower limitations. SMBs have to go through the process of evaluation, purchasing, deployment, configuration and maintaining the various layers, which are often from different vendors.
Secondly, attackers today are adept at finding inevitable loopholes between the security layers, and exploiting them successfully. The proliferation of Advanced Persistent Threats (APTs) also means that attackers are more determined and sophisticated than ever, and will definitely have the capabilities to break into networks.
An approach that provides better protection while being simple to deploy and manage should triumph over the layered security mentality. This requires true technology integration that allows security components to function as a cohesive system instead of a series of independent layers.
#2 – Security should focus on the present
Many organizations today still favor a reactive approach over a proactive one when it comes to security. As a result, they deploy products that are focused on what is happening at the moment. For example, these products analyze files when users open or save them, and allow files to run only when they look clean.
This no longer works in the age of sophisticated cybercrime. A computer may already be at risk or even infected, and products with a reactive approach will miss out on this. SMBs in particular are mostly ignorant on the magnitude of cyber attacks.
According to a Ponemon study, one-third of 2,000 respondents from SMBs were not certain whether a cyber attack has occurred in the past 12 months.
Organizations need a system that is more holistic with real-time capabilities. This system can monitor not only what is happening at the moment but also what comes on to the network such as web downloads, what goes out such as network communications, and what has happened over time such as installed applications.
This system should also be able to analyze data and patterns in real-time, alert administrators, block or remove threats and provide additional points of detection and control.
#3 – Organizations should just focus on device security
As more and more organizations begin to adopt Internet-connected devices such as laptops and mobile devices for productivity purposes, many organizations become focused on securing every computing device. It has become increasingly important to secure the devices from potential threats and loopholes such as software vulnerabilities.
Since users are the weakest link in the security equation, employees may accidentally perform actions that undermine security, such as using their device to connect to an unprotected network.
By focusing on device security, there are extra responsibilities for the IT team such as creating BYOD policies and ensuring every device that is connected to the corporate network is secure.
Instead, security should be extended beyond the endpoint to the users and their data. It is the data that is useful to cybercriminals in most cases, and not the device. Hence, data encryption is critical in this segment.
In conclusion, organizations need to continuously learn and unlearn in order to keep up with the constantly evolving threat landscape. Getting rid of commonly held beliefs that are out of date is the first step towards achieving complete protection and simpler security management for the organization.
The author is the director for ASEAN at Sophos