In 2019 we saw a steady increase in the number and modes of cyberattacks. In fact, more than half of all British companies reported cyberattacks in the last year alone. To prepare for 2020, Tanium looked into the biggest concerns for IT decision makers within organisations in the UK. This revealed that not having enough visibility over the increasing number of endpoints, such as laptops, servers, virtual machines, containers, or cloud infrastructure, leaving them unaware and unable to protect all systems, was the biggest concern for the coming year (25%). The next biggest area of concern for respondents is the sophistication of attackers rising (23%) followed by employees clicking malicious links (18%), and the complexity of managing physical, virtual, cloud and container infrastructure (15%).
What this all serves to underline is the fact that successful cyber attacks usually occur when businesses don’t get the foundational security concepts right. When an organisation doesn’t have visibility and, by extension, control of the potential entry points across its IT environment, they are inherently vulnerable to attack. To best equip organisations for the threats to come this year, organisations must ensure that they are taking several important steps to build a comprehensive IT security strategy so that they can protect critical assets, monitor impact, and recover from any unexpected attacks or disruption. This includes:
- Assessing organisational obstacles: Are security and IT operations teams working in tandem or in confusion about which department is responsible for ensuring resilience against disruption and cyber threats? According to our latest research (67 percent) of businesses say that driving collaboration between security and IT ops teams is a major challenge. The IT operations and security teams should be working together to protect the IT environment, company and customer data – without this, they can’t achieve true visibility of their environment and endpoints, which leaves them vulnerable to attack.
- Knowing your environment: Understanding what is in an IT environment is a crucial step. If a CISO stops by the IT team and asks how many unpatched devices are on a network, can this be answered accurately? As organisations look to build a strong security culture, it is essential that IT operations and security teams unite around a common set of actionable data for true visibility and control over all of their computing devices. This will enable them to prevent, adapt and rapidly respond in real-time to any technical disruption or cyber threat.
- Decluttering the infrastructure: One of the most cited issues throughout WannaCry and other major security incidents is the challenge of updating operating systems in an environment laden with legacy apps. If a business is running a critical application that requires keeping an outdated operating system on life support, it’s time to rethink its value. Generating awareness of risks around old infrastructure can also help employees better understand vulnerabilities themselves, including how easy it is for opportunistic attackers to exploit outdated tools.
- Eliminating fragmentation: Most IT security and operations teams operate using a messy combination of point products—cumbersome to manage, impossible to fully integrateIt is crucial for teams to have clear visibility of what is across their environment, and this means eradicating silos and siloed ways of working and investing in a unified endpoint management and security platform instead of collections of point tools.
- Educating your employees: By various estimates, up to 83 per cent of ransomware attacks originate when an employee clicks on a malicious link, opens an infected attachment, or visits a compromised website. Investing in ongoing training for employees to protect against phishing attacks should be a key part of your IT security strategy.
In order to have an effective IT security strategy in place, an organisation must have two lines of defence; employee advocacy and comprehensive IT security structure. Crucial to combatting any type of threat – whether a sophisticated attack, employee clicking on a malicious link or one that exploits an out-of-date piece of software – is clear visibility of all of the endpoints across the network and the ability to stop disruption almost instantly.
CISO
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.