Water is wet, the sun is hot, and cyber-security risks are at the top of the list of IT pros concerns. Some statements are so obvious that uttering them adds little to a discussion—we know that data breaches are set to increase in both volume and visibility, yet mentioning it is doing little more than adding fuel to the fear fire.
So instead of revisiting the perennially woeful state of security, we should instead consider specific threats and take a look at how we may better equip systems to mitigate them.
Cause and effect
A contributing factor in the alarming acceleration in data breaches and cyber-attacks is an often-discussed and overhyped industry talking point: hybrid IT. As hybrid IT has grown and its adoption continued apace, existing security vulnerabilities have been exacerbated.
More important than the location of your infrastructure or data is accessibility. IT pros now face additional headaches as sensitive data and workloads continue to expand IT beyond the “save” boundary of local data centre and into cloud and software as a service.
This has resulted in added complexity when it comes to security policies and procedures, with IT pros having to contend with separate processes across both on-premises and in the cloud. In-fact, in a SolarWinds study, 22 percent of respondents said that the environment complexity is their greatest IT security obstacle.
This added complexity further magnifies an existing skills gap with hybrid IT. Security experts are in short supply as innovation continues to alter the landscape, making it increasingly difficult to keep up.
Indeed, for IT pros who must now be equipped to deal with everything across networks, systems, and the cloud, managing an organisation's security measures is often a bridge too far.
This would suggest the need for businesses to dedicate resources to hiring bespoke security experts. Unfortunately, this isn't always the case. Instead, due to the limited number of such experts, businesses are weighing business risk—whether they can afford a data breach, over the cost of enlisting a security expert.
Mount a proper defence
At a time when your business may be more vulnerable than ever to a cyber-attack, it's important that IT pros do everything possible to defend not just their data centres, but all elements in the expanding hybrid IT infrastructure. Here are some tips on how to do just that:
- Investing in compliance software, such as security information and event management (SIEM), is the best way to maintain accountability. By integrating compliance software into an environment, IT pros can leverage an easy-to-use interface to confirm that vulnerabilities are being tackled.
Such software proactively monitors for these vulnerabilities and any configuration problems and issues alerts, ensuring that IT pros can stay on top of any problem that may arise.
- Create a security team. Even if your organisation doesn't have the resources to establish a complete team of security experts, a basic-level security team should still be a priority. This team should work together to create a security framework which is then regularly evaluated and updated.
As the threat landscape constantly changes and evolves, it's vitally important that whatever plan put in place by the security team is regularly reassessed to match the current threat climate.
Once in place, the team should then leverage a comprehensive monitoring solution to provide a baseline of performance across various aspects of the IT infrastructure. Special attention should be paid to those susceptible to attack, like databases.
These measures will help the team identify when a problem arises, and execute the already-established response plan in order to quickly and effectively tackle any breach.
- Educate end-users. While most organisations are concerned about the threats from outside of an organisation, a huge number of attacks stem from within.
This isn't necessarily a malicious plot by a devious employee, but is usually an innocent mistake or accident stemming from a lack of understanding of how security threats occur. Research from SolarWinds found that 27 percent of respondents believe that inadequate end-user security training was one of the main causes of increased vulnerability to IT security threats.
This is only being made worse by blossoming trends like bring your own device and the Internet of Things, with all of these unfamiliar end-user devices connected to the network representing a potential entry point for attackers. This is no fault of the end-user, and it is the responsibility of the IT department to ensure that all members of an organisation are aware of which activities could expose security vulnerabilities.
By ensuring that all employees are as informed as possible about the causes of security breaches, and the damage they can create, you reduce the chance of falling victim to an insider threat.
While these best practices won't make your organisation bulletproof, they're a great first step to help your company better prepare itself for security threats to come. With 2017 set to be a profitable year for attackers, make sure you're not the one lining their pockets.
Contributed by Patrick Hubbard, head geek, SolarWinds
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.