Do you remember when your organisation’s IT perimeter was easy to identify? And to secure? It used to be clear exactly where you put your firewalls, and it was also easier to develop policies to protect your information assets. Today, identifying our IT perimeters is much more complex. Technology and the way we consume it means that our perimeters are not only difficult to define, they also change constantly. Mobile, cloud, BYOD and the Internet of Things have expanded wildly, and blurred the IT perimeter, thereby creating IT security gaps.
By “gaps,” we mean that there is a lack of visibility and controls into the activities of every user and device connected to your organisation’s IT infrastructure. The gaps leave the IT infrastructure vulnerable to attack. In a Ponemon Institute survey commissioned by Aruba HPE1, 64% of Australian respondents believe gaps in IT infrastructure makes it easier for attackers to penetrate corporate defences. Only 36% of Australian respondents are confident that attacks inside the IT infrastructure can be detected before they cause a cybersecurity breach resulting in data stolen, modified, or viewed by unauthorised entities.
There are a number of additional factors that exacerbate the gap:
- Not enough security staff
- With not enough necessary skills
- Too many false positives consuming the bandwidth of the few security staff
- Security solutions can’t keep up with exponentially increasing amounts of data
These gaps diminish organisations’ ability to identify, detect, contain, and resolve data breaches and other security incidents. A study by US-based Verizon in 2018 found that 87% of successful data breaches took minutes or less, yet 68% of businesses take months to realise a breach has occurred. And what are the consequences of breaches? Here are 5 of the most sign
- One third of businesses suffering a data breach lose revenue. A non-functioning website might cause potential customers to look at your competitors.
Damage to brand reputation
- Would you like your internal emails leaked? Would existing and potential customers continue to trust your business if there was a very public instance of a data breach?
Loss of intellectual property
- Losing intellectual property – designs, strategies, blueprints, customer lists – can impact your competitiveness.
- Legal fees, cost of managing PR, cost of investigations, insurance premium increases.
- Fines from regulatory agencies, such as the Australian Privacy Act, the Notifiable Data Breaches scheme, even the EU GDPR regulations if your business processes personal data relating to an individual in the European Union.
- Hackers could make changes, both subtle and obvious (and vulgar), that may take time to detect and correct. Meanwhile, potential and existing customers are exposed to the damage.
Closing the gaps
The Ponemon Institute survey identifies solutions to closing the IT security gaps:
It is clear that new technologies such as machine learning are needed to discover and understand threats that are active in the IT infrastructure. In particular, monitoring privileged users, security information and event management (SIEM), and network traffic analysis should be leveraged as machine learning targets.
When we talk about visibility, we’re essentially talking about having a complete picture of your company’s security posture. The most effective threat management will have an integrated, advanced visual dashboard, show how devices are configured, any attack in process or about to happen, noncompliance with policy and any other associated risk. The elements that we need to have visibility of include:
- Application visibility - web applications that can be accessed from anywhere by employees, contractors, partners, and service providers through the firewall create access control challenges.
- Endpoint visibility – including remotely logged-in laptops, tablets, and smartphones, and even printers on the network.
- Server visibility
- Data visibility
- Network traffic visibility
- Cloud visibility
- IoT visibility
AI-based machine learning and behavioural analytics will be essential to detecting inside attacks before they do damage. These technologies lead to more efficient investigations, more effective security teams, and the ability to find stealthy threats that have evaded standard security defences.
Automation will not only reduce investigation time and effort, but also reduce the number of false positives that analysts must investigate. This is critical in the context of regulatory agencies who require that they be notified within as little as 72 hours of a breach (GDPR).
Finally, Network Access Control provides visibility to what and who is on the network. A NAC is very critical to security strategy.
Security has never been so complex, and never have the consequences of security breaches been so potentially disastrous. With even medium-sized businesses presenting many users and hundreds if not thousands of devices as attack vectors, the threats are real and imminent. Area9’s experienced engineers are available to help organisations of all sizes access and manage the risks associated with IT security. They are skilled in all the latest technologies and defences, such as the solutions described above, and encapsulated in tools such as HPE Aruba.
Please feel free to reach out to Area9 to discuss your security needs or any other IT topics. Phone: 1300 360 396
1Closing the IT Security Gap with Automation & AI in the Era of IoT: Australia, Sponsored by Aruba HPE, Independently conducted by Ponemon Institute LLC, Published: September 2018