I’ve seen many instances of our customers struggling with viruses and malware-related challenges over my past 15 years of working in the IT security arena. However, no more so than now has malware seemingly become an everyone problem.
It is unbiased as to whom it preys upon and has no regard for an organization’s vertical market, size or market presence. Why? Simply put, your data has changed. Conventional security has taught us to protect the perimeter. This is not the best approach in today’s ‘new’ network. Now data resides in multiple locations:
- It is uploaded
- Shared Resides in the cloud
- On mobile devices
- Virtualized and replicated
Your employees can access data from anywhere, anytime and they can leverage consumer oriented cloud sharing apps for business purposes. By the way, do you have proper permissions governance tools to verify who has access to your Active Directory, Exchange, SharePoint and NAS resources?
The next generation of threats is alive and well and acting now: APTs, spearfishing, bot networks, mobile threats. You don’t have to search long and hard to come across today’s cybersecurity epidemic to know that our nation is currently facing a conundrum. Not to mention, it is almost a regular weekly cadence that a high-profile business or familiar brand is compromised by a hostile attack. These are the headline grabbers, but what about the sophisticated attacks that go unnoticed?
Security is not a product, it is a necessary element within IT and it is a support structure. It should touch everything in IT. Sadly, malware can as well.
The Harsh Reality
It’s okay to be humble; it’s not your fault. We’ve been taught to stop bad things from happening. We’ve invested in countless revisions of conventional antivirus solutions, configured and tested firewalls galore, blocked our users from going to inappropriate websites and defeated email spam. So how is this still happening? Why do we have infected systems, network outages, denial of service attacks and more?
Managing the Gap
It’s easy to say close the gap, but let’s focus on managing it first. What does that mean? It means that we should accept the fact that intruders are already inside your network. Act as if you have been compromised. No single shiny new crime fighting security technology exists that can wield a hammer and defeat malware once and for all.
Thus, it is imperative to begin embracing the notion that we must manage this problem to an acceptable level of risk. There is no finish line, and we cannot stop every bad thing from happening, entering (or leaving) our network. Rather, let’s focus on combating threats by minimizing how bad the damage is by quickly being able to identify, contain, isolate, recover, monitor and prevent the threat; then rinse and repeat.
Know What’s Happening
Identify your most prized assets and make it difficult for intruders to compromise your data. Make the bad guys work harder! Sometimes the best offense is a solid defense! Review how data is accessed and if proper permissions management structures align directly to the principle of ’least privilege’ model.
Focus on centering technical controls as well as your human investments in processes to secure your highly valued data. Don’t give bad guys or malware a free shot at your data. Defense in depth strategies move far beyond just the essential cornerstones of security that we have deployed and known for years.
Defense in depth is a customized playbook that is finely tuned to address the needs of your organization. There is no single play that can be run to fit all organizations. But through a combination of managing risk to an acceptable level and centering strategies and controls around critical assets first, your organization’s ability to get back up after being knocked down will be more efficient than ever.