We live in the digital age and it is imperative organisations consider the importance of cyber security. Technology is constantly changing and evolving which is always shifting the lines of attack; which in turn, potential attackers are looking at ways to adapt to these changes and this escalates the threat to your business.
2020, in terms of cyber security, is an important year to highlight and learn from. It was a year where we found almost all of our workforce logging in from home and working remotely – just in this year alone, cybercrime ran rampant with the global costs of cybercrime reaching highs of one trillion dollars according to CSIS research. Organisations should take time to learn from 2020 and use this opportunity to implement digital transformation; strengthening their security to align with business goals, redesign the infrastructure and ensure the network edge or perimeter is secure.
There will be a time your business will face a cybersecurity risk and malicious activity from those outside of your organisation OR from inside – these insiders are people that you employ, and therefore trust. Within the data security industry there is ongoing debate on what holds the greatest risk: Outsider or Insider cyber security threats.
According to the 2016 Cyber Security Intelligence Index, IBM found 60% of all cyber attacks were carried out by insiders. And scarily enough three-quarters of these attacks were of malicious intent! The remaining one-quarter were accidental, however these incidents still cause major cyber security threats. IBM Security research also uncovered those industries that store personal data, have intellectual property or hold physical inventory with large financial assets are the top industries under constant attack, being; health care, manufacturing and financial services.
Let’s take a look at what makes up the 60% of insider cyber attacks:
- Human error is a major factor; all it can take is a misaddressed email, stolen or lost devices, or even confidential information being emailed to an insecure home email address.
- The sinister intent of a malicious employee who holds a vendetta and steals competitive information, even selling data or intel.
- The poor unwitting employee who has been phished and credentials have been stolen.
Insider security threats are the most dangerous, as the malicious activity has come from trusted employees and this activity can fly under the radar of many detection technologies.
The threat of outsider cyber attacks are still very real and security breaches can cost organisations hundreds of thousands of dollars (up to millions!)
As a business you need to question “How can we detect suspicious network activity quickly and respond accordingly to avoid network downtime and potential damage?” It is most important that a business understands the gaps in security and takes control of any gaps to avoid risk to your business.
So what can you do about it?
It is a good idea to start with a Cyber Security Assessment. Simply put; a certified security advisor will audit your network over a specified period to identify the security gaps within your network and assess your security controls and environment to determine if they have been implemented correctly and operate as they should be.
Once the Cyber Security Assessment has been completed and any gaps identified you can start to analyse the Cyber Security tools that are already in place and perhaps look at implementing updated network security tools.
Network Security Tools:
There are a variety of tools available, like SIEM and IPS to name a few, to assist in detecting suspicious network activity as soon as possible, so your organisation can respond in a timely manner to avoid or reduce the potential for damage.
SIEM (Security Incident and Event Management)
A SIEM tool is designed to assist organisations manage the large volume of data and alerts and correlates threat activity into a central view. Essentially SIEM’s promise is to monitor, record and analyse all network activity and identify potential threats, security incidents in real time. Alerts are sent to the relevant IT teams so action can be taken appropriately.
IPS (Intrusion Prevention System)
The purpose of IPS is to monitor a network or system for malicious activity or even policy violations. IPS will continuously monitor your network traffic flow alerting IT teams on any infringements to prevent any attack.
Whatever network security tools you decide to work with, you need to manage the effectiveness of these tools by ensuring that they are configured effectively, whether you have the right expertise and resources available to your organisation to action or respond to network threats. Given the high volume of traffic in a rapidly changing and dynamic environment it is crucial to have skilled, certified security professionals capable of monitoring, understanding the output and determining which alerts require action.