| Basic risks | |
| “Just like 5, 10 or 15 years ago weak passwords still persist, there is often a lack of security awareness training at the end user level and poor controls on systems or user privileges are where the real world damage occurs” |  Ward Solutions : Noel O’Grady, sales director |
| Every day we talk about the latest trends in security such as cyberthreat playbooks and advanced persistent threats. However, the reality is that many organisations are still dealing with very basic risks from within their organisations. Many of the security breaches we see still come from an internal source and many are accidental rather than malicious.Weak policies, procedures or a deficit of staff training result in many data breaches every year for Irish organisations. Just like 5, 10 or 15 years ago weak passwords still persist, there is often a lack of security awareness training at the end user level and poor controls on systems or user privileges are where the real world damage occurs. More data protection directives are coming down the line and there are ever more severe penalties for suffering a breach. Boards of directors now see data protection bubbling to the top of risk registers as fines and brand damage significantly affect the bottom line. That being said, good information security practices can become a competitive advantage in the marketplace as customers, partners, consumers or citizens become more selective about whom they share personal data with.
|
|
| Normalcy and understanding | |
| “An understanding of what is ‘normal’ activity within an organisation is key to understanding what is appropriate for their specific needs” |  Asystec : Brendan McPhillips |
| Historically investment in security meant securing the single egress/ingress points into an organisation, however with organisations now more porous than ever, due to extended connectivity to support outsourcing, EDI, BYOD, Apps, etc. this is becoming more difficult.Many organisations are presuming they have sufficient controls in place. But what is also coming to the fore is a realisation that they don’t have enough visibility around what is going on in their environment to be able to answer that with confidence. An understanding of what is ‘normal’ activity within an organisation is key to understanding what is appropriate for their specific needs.
So first of all, a customer needs to understand their IT environment, everything from ensuring their permission structure is a least-permissive model, understanding where sensitive data resides across the organisations data sets, be they in-house or not, having an audit trail of activity, not only on the data but across the whole environment, to remediate known deficiencies but also having access to analytics around what is ‘normal’ activity to identify quickly and automate the response to a breach. Organisations need to move from a prevention-based approach to a focus on people, the flow of data and on transactions. Once we have an understanding of these within the context of our own organisations then we can move to a monitor — and respond — based approach, which will significantly reduce risk and our responses to a breach. As organisations move to third generation platforms, i.e. the connecting of many more users with significantly more apps, the automation based on policies, the filtering and highlighting of significant issues ahead of less significant, and the need to do secure significantly more information with the same or less staff will be the significant challenges that Irish organisations will need to address.
|
|
| Education, encryption, consolidation! | |
| “So many recent high profile data loss incidents could easily have been avoided if the data had been encrypted” |  Sophos: Dermot Hayden |
| Education – I still don’t think Irish businesses are doing enough to educate their employees on the changing threat landscape and best practice behaviours to protect their own and the company’s sensitive data. This is especially true in the sub 100 employee space where a serious compromise can be catastrophic for the ongoing operation of the company. There’s really no excuse, as we provide lots of free tools and best practice advice on our web site so that all businesses, regardless of size, can quickly and easily get the key messages out to their employees.Encryption – In years past many businesses bought encryption solutions as a ‘tick the box’ exercise with many never even deploying the technology as it was often felt it would adversely impact on the employees and their computers’ performance! However, with the increasing number of data loss incidents, businesses need to take a new and wider look at how encryption can help them secure their data! Persistent encryption is a key tool Irish businesses need to embrace, where through a single central solution their data can be encrypted and easily managed across laptops, servers, smart phones, tablets and the cloud – essentially anywhere it resides or is in transit to or from! So many recent high profile data loss incidents could easily have been avoided if the data had been encrypted!
Consolidation – Where possible, companies should be looking to consolidate the multiple stand-alone security solutions that are still commonplace in many businesses today. Apart from the reduced cost and management overhead, there are huge protection advantages to having network security (firewall, network, web, web application, email, wireless) and endpoint and mobile security components that communicate intelligently with each other to strengthen protection beyond anything point solutions can offer. It is a simple fact that the more complex and targeted nature of the threats we are now seeing requires network and endpoint security to be tightly integrated, as is the case in our Unified Threat Management solutions.
|
|
Subscribers 0
Fans 0
Followers 0
Followers