Cybersecurity

Changing landscape, amorphous threats

Pro
Image: Stockfresh

15 December 2014

Cyber vulnerability management
“34% of vulnerabilities discovered could have been mitigated by either patching or some minor configuration changes — easily done assuming you are aware of the issues in the first place” Eoin Keary, Founder and CTO_BCC Risk Advisory BCC Risk Advisory (Ireland): Eoin Keary, Founder and CTO
In 2014 with a spate of global security issues, “Cyberdemics”, such as heartbleed, shellshock and poodle it’s important to maintain a secure posture from a web site, hosting server and email/VoIP standpoint.We see thousands of vulnerabilities every month via our www.edgescan.com solution and some are very serious and frightening to be honest. The “rub” is that SME’s don’t have full-time security administrators; SME’s either don’t have the time, awareness or skills to address these security issues which are by no fault of their own.

Our 2014 Vulnerability Statistics Report states that “34% of vulnerabilities discovered by edgescan could have been mitigated by either patching or some minor configuration changes” — easily done assuming you are aware of the issues in the first place!
We also see attacks on SME’s in the legal and accountancy industries as they hold a wealth of information regarding larger clients. In other words, cyber criminals are attacking large global organisations by-proxy via the weakest link which are smaller legal and accounting firms. Again such firms do not necessarily have the cybersecurity awareness required to maintain a robust posture and keep the hackers at bay.

Our www.edgescan.com cloud-based solution continuously assesses such internet facing systems for cybersecurity issues. It removes the need for expensive consultants and reduces the security knowledge deficit. Our continuous approach to vulnerability detection levels the cyber security playing field for both large and SME’s alike.

 
Multi-dimension security systems
“The levels and layers of protect necessary are those which ensure that the threat is minimised, and in the event that a breach occurs, that the protections in place minimise the risk of loss of data or breach of security of systems” Renaissance_Michael Conway_web Renaissance Contingency Services Ltd (Ireland): Michael Conway
IT security has evolved over recent times and the key area which organisations need to protect themselves against are the remerging and developing threats. Organisations need to put in place comprehensive security systems to protect themselves from advanced persistent threats (APT) and also targeted threats.IT security threats are about money typically and the organised criminal element of these are sophisticated aggressors and they need dynamic well developed and well-resourced multi-disciplinary solutions to offer levels and layers of protection. The levels and layers of protect necessary are those which ensure that the threat is minimised, and, in the event that a breach occurs, that the protections in place minimise the risk of loss of data or breach of security of systems.

These multi-dimension security systems must be well resourced and focussed so that in the event of any breach at any layer then the additional element in the multi- disciplinary security system ensure that they step in and deliver the protection required.
The organisation in 2015 and beyond that wants to stay safe needs to invest in technologies and partners who invest and deliver next generation solutions. Those with older (legacy) solutions will eventually fail as their architecture will ultimately fail.

 
Dark data risk
“The first and most important thing we do when addressing the security needs of our customer is to peel back the curtain on risk and identify the non-visible risks” jimmy_sheahan_network_services_pre-sales_manager_ergo_web
Ergo : Jimmy Sheahan, technical director
When it comes to IT security, the biggest error that Irish organisations make is the sole consideration of visible security risks such as virus threats and firewall attack surface. However, the biggest risk is posed by unknown threats, exposures that are occurring daily that nobody has shed a light on.A good example of such a risk is the “dark” data that an employee may have on a device that may not be managed by the IT department. For example, sensitive financial data that senior management assumes is carefully stowed away on a file beyond corporate firewalls, but Dave from finance brought it home on his own personal device to work on. Then Dave happens to leave that device behind him in a coffee shop, and to his horror, it cannot be located. He does not report it because he is embarrassed. Essentially, nobody other than Dave knows that this has even happened.

In Ergo, the first and most important thing we do when addressing the security needs of our customer is to peel back the curtain on risk and identify the non-visible risks. This approach is prominent when we execute a discovery in a managed service engagement. Irrespective of which IT service is being on-boarded, e.g. messaging, desktop, SharePoint, we execute a security assessment. This allows us to enable solutions to deal with all types of risk exposure, through a proven proprietary Ergo framework.

Ergo have a depth of knowledge across complimentary solutions which allow our customer to address their security risks. Our solutions include data discovery and classification, data loss prevention, information rights management (document level controls), drive encryption, mobile device management and various policy enforcement solutions. We also consult on process design and policy enforcement to ensure that users comply and that appropriate governance is put in place.

 

Pages: 1 2 3 4 5 6 7 8

Read More:


Back to Top ↑

TechCentral.ie