Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Defending company assets against the latest onslaught of cyber attacks

HCL Technologies : 18 February, 2015  (Special Report)
Kalyan Kumar of HCL Technologies looks at the best defence strategies that organisations can use to protect themselves from increasingly sophisticated and effective cyber threats
Defending company assets against the latest onslaught of cyber attacks

The cyber-threat landscape is becoming an increasingly complex one, with a greater diversity, frequency and sophistication of attack being deployed to breach organisational defences. Unfortunately, as the forces besieging them mount up; there are more severe consequences if attackers are successful.

Cyber threats are no longer just an IT problem; they are a business-level issue that can adversely affect critical functions and systems. As a consequence, organisations stand to lose business, reputation, customer and user confidence, as well as the valuable information their assailants are after. The recent string of high-profile breaches at US retailers are a pertinent reminder that those who don’t do enough to keep the bandits at bay face severe penalties. So where are organisations going wrong, and what can they do to put themselves in a better defensive position?

Medieval warfare in the modern age

Things may have changed significantly over the years, but the tactics deployed by medieval kings to defend their castles are just as pertinent today as they were 800 years ago. Whether you’re trying to hold off an onslaught of attackers wielding DDoS attacks and advanced malware or battering rams and catapults; investing in the latest defensive tools and measures will not ensure security by itself. Although it can help mitigate some information security challenges, even the best technology cannot work successfully unless people within organisations do the right thing. As such, having established processes and educated users who follow them are equally important to the prevention and detection of cyber-attacks.

Traditionally, large organisations tackled these demands with reactive processes. However, as threats continue to evolve on an almost daily basis, they often don’t generate detectible and recognisable patterns, making it easier for them to evade the legacy defensive measures taken by most organisations. This means a more proactive approach to information security is essential; with processes linked to actions employees perform to complete routine business functions. Organisations need to move away from focusing simply on creating awareness of the problems to look at how they can create solutions and embed processes and behaviours that address the risks directly.

Awareness is the best line of defence

Users are the biggest firewall an organisation can have and need to be made aware of the security risks of their actions. As such, security leaders need to educate and train users to have a better insight of what is happening. To be effective against today’s threats, awareness programmes can’t be defined around assumptions about what employees know and how they think and feel. They must be based on the understanding that people are unique, with different learning styles; they absorb information in different ways.

This means a variety of educational techniques are needed. One effective method is to expose employees to simulations of recent attacks in the industry. Regular webcasts, celebrating information security weeks, displaying posters and running quizzes are some of the other more cost-efficient ways to educate employees on the latest threats facing their organisations. However, in order to be truly effective, organisations must help employees to really understand the value of IT security and ensure awareness programmes aren’t just a box-ticking exercise. The programme must embed positive behaviour and encourage employees to form habits that contribute towards IT security. This will help reduce the risk of hackers succeeding with popular social engineering tactics such as phishing scams.

Leading from the frontlines

All this can best be delivered by a Chief Information Security Officer (CISO), who is responsible for creating a security policy supporting the organisation’s business drivers. The CISO is also tasked with maintaining compliance with the growing list of regulations and legislation, customer expectations and contractual obligations that dictate how their organisation operates. As such, their role is central to business operations and so the CISO should be involved in board-level decisions.

To be effective, the CISO also needs the support of an equally smart and specialised security team. Some of the newer technologies are so advanced that organisations need people who have the skills to understand them and build a sturdy defence. For example, traditional firewall operators need to be trained to understand malware symptoms, phishing attacks and NetFlow analysis to enable them to identify malicious activity and react in time.

There is a long journey ahead with many bumps in the road for those tasked with keeping the cybercriminals out of their organisation’s inner keep. Those that are able to align their people, processes and technology in these ways will have a much stronger footing from which to fight back.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo