The enemies of today are well equipped with the latest tools and techniques, knowledge on vulnerabilities and zero day attacks.
On the flip side, most companies and individuals are not.
Reasons for Lapse in Security
- Most organizations don’t take security seriously until they get affected.
- They do not see tangible results
- It is not their primary business
- They do not budget for security
- They do not invest in their employees getting security trainings or certifications
Some of common mistakes companies make when applying security measures include:
- Using Outdated Software
- Using Old Tools to detect new threats
- Using human intelligence alone
- Using Simple Rules
- Thinking that an antivirus is enough
- Thinking the “IT” guy is sufficient to understand Security, Networks, Databases, Software, Servers, Helpdesk, Tools, troubleshooting, the list goes on.
Automation and Artificial Intelligence is leading the way in detecting anomalies. Even encrypted malware can now be detected in some cases based on it’s behavior and pattern.
- Training and Awareness is key. If you don’t know what’s out there, how can you protect yourself?
- Find your weaknesses before your enemies do. Vulnerability Assessments help in that, but Solution Architects are key as well.
- Testing. How do you know you’re secure, have you tested it? This is where penetration testing comes in.
- Evaluate the “right” tools for the job. With the plethora of security tools out there, know what’s out there and where it’s used best.
- Keep Logs. Without an audit trail, hackers will walk all over your network without ever tripping an alarm or you ever finding out.
- NAC (Network Access Control) is old but ever evolving. It will bring intelligence in the network by enforcing dynamic policies based on location, time, user and privilege levels.
- UEBA (User & Entity Behavior Analytics) is a new buzz word. These are tools in the form of appliances or software that will pick out certain behaviors that otherwise simple Access Controls wouldn’t. e.g., This user typically does not upload so much data in a day. His account is possibly compromised and someone is exfiltrating data. Or he/she changed location too quickly, let’s ask him for 2-factor authentication.
- Follow a proven standard that security experts have vetted and update regularly. (Hint: CIS20, NIST CSF, ISO 27001)
- 2-Factor Authentication makes much more difficult for a hacker to get it.
The security landscape is constantly changing. Security is more of a collaborative effort. No one vendor, organization or individual knows it all. Companies should hire a security consultant. Having security outsourced is often the best approach.