The high tech lives we live today don’t come without a cost: we have to be eternally vigilant about security. Cybercrime and its associated risks simply cannot be ignored because so many of the devices we use on a daily basis are vulnerable; just ask anyone who has had their identity stolen, or who was affected by the mid-May 2017 ransomware attack that crippled organisations across the globe by targeting unpatched, out-of-date systems – being exploited by cyber criminals is not fun.
And as the financial incentive is clearly there for cybercriminals to steal your data, hold your files to ransom and mis-use your identity for their own ends, their efforts are only going to intensify. That means for the good guys to stay ahead of these miscreants, IT security measures need to be stepped up to a level beyond the bad guys’ ken.
Ideally, anyway. The sad reality is that the IT security inside a lot of organisations – even the biggest ones – is full of holes. Research firm Gartner acknowledged in December 2016 that “Intrusion is inevitable” in a report titled “Prepare for the Inevitable Security Incident”, and owing to the changing nature of online threats, businesses have realised that “…traditional approaches of protecting the perimeter and investing in prevention capabilities are inadequate, in light of today’s persistent and advanced attacks”.
Nico Goodall, head of product management at Tarsus on Demand, concurs. “Effective IT security is no longer a matter of just doing the basics right. Taking cybercriminals on in 2017 – and winning – requires a multi-pronged security strategy that makes good use of all available resources, from cutting-edge network appliances to strict adherence to IT security best practices and more.”
Gartner has also predicted that “…by 2020, 60% of enterprises’ information security budgets will be allocated for rapid detection and response approaches, up from less than 10% in 2012”. And with over 390 000 new malware variants being detected every day, it’s no wonder that businesses are being forced to adapt their IT security approaches.
So what does making “…good use of all available resources” in a multi-pronged security strategy mean, exactly?
Goodall says for an anti-malware strategy to be effective, IT needs to be able to defend against both known and unknown attacks, which requires a mix of signature-based and behaviour-based detection technologies.
Signature-based detection is how anti-virus and anti-malware software has worked since the earliest days of security software. In a nutshell, it compares the files it scans against a database of known virus “signatures” – tell-tale signs of malware’s presence – and when it detects something is amiss, it puts up an alert or neutralises the threat by applying the fix developed by security researchers and pushed down to the software as “definition updates”.
While this was effective back in the day, the process of analysing malware and learning its tells to develop a fix and upload it to security software clients is a time-consuming process. And time is not on our side, thanks to the almost 400k new malware variants that are detected on a daily basis that need to be dealt with.
Malware behaving badly
Behavioural analysis has emerged as a way of combatting these brand-new daily threats, as instead of relying on a signature to know what software is malicious and what isn’t, it analyses what that software does to decide whether it’s a threat or not. It’s the difference between having a “Wanted” poster for a known criminal and keeping an eye out for his face, and watching everyone in a crowd closely to see if what they do indicates criminality.
Modern IT security does this by using smart network appliances to monitor network traffic to establish a baseline of what’s considered normal activity, and then flags any actions it picks up as being unusual. By combining behavioural analysis with more traditional signature-based malware detection, organisations have a better chance of catching malware before it compromises their systems.
Since even Gartner is convinced that being affected by some form of malware is inevitable, it makes sense then that forensics are almost as important as security appliances, software and policies. “Businesses should always go for solutions that have some form of forensic capabilities built in, as forensics help investigators to uncover what happened and how. That helps companies develop counters for successful attacks and strengthens the software’s value proposition,” he says.
Of course, even with the network itself locked down and top-notch security software (either agent-based or agent-less) running client-side, you’re still not done. The third “prong” in the multi-pronged approach required for true peace of mind is ensuring all clients are running the latest operating system and software patches. It sounds both simple and obvious – and it is – but you’d be surprised at just how common it is for organisations of all sizes not to have a perfect score in this regard.
This past May’s ransomware attacks, for instance, happened because of un-patched OSes and critical functions being run on computers with legacy operating systems like Windows XP. The threat was so severe that Microsoft issued a patch for Windows XP – despite official support ending in April 2014 – to mitigate the danger.
But of course for any fix to actually work, it must be installed… and Goodall says if IT departments don’t implement policies or run centralised patch management solutions that ensure such things are done, what happened in May will happen again and again, ad infinitum. And that’s the next prong that’s needed: IT staff that are constantly being up-skilled to ensure their skills can keep up with the demands of an ever-changing IT security environment.
Well-trained IT staff should also be complemented by strong user education. Goodall is a firm believer in everyone playing their part, and that includes end-users knowing at least a little bit about IT security and what’s expected of them. And that’s why regular refresher courses and the communication of security best practices are so important.
Back up a bit
Lastly, backups. Goodall says that having an effective backup policy in place is the one part of an overall security strategy that simply cannot be allowed to fail. Should the very worst happen, businesses should at least have the option to roll back their operation to a working state using backups. Off-site backup, he says, is by far the safest method, as it ensures the physical separation of live (and potentially compromised) operations, and the data stored in backup media.
Goodall ends off with the following: “Creating a multi-pronged IT security strategy is vital in today’s connected world, where online threats are legion and the slightest vulnerability in your security policies is more than enough to let the bad guys in.
“By protecting yourself with this approach, you’re lowering your risk of attack significantly. Even if malware manages to get in, with the correct policies in place, you can at least mitigate the damage done and avoid the down time that is so catastrophic for any business these days.”