This article is meant as a rallying cry for anyone who has a vested interest in their organisations security.
My aim is to spearhead a new era where all companies take a proactive approach to security. No longer will historic methods of blocking and protection be the only tenets of a security strategy, focus will also be on next-generation technologies as well as detection and response.
Of course, Im not nave enough to think this piece alone will lead to a complete culture change. But the evidence for a proactive approach is so strong that I am amazed that the message hasnt got through to every IT department and board in the country.
This message became crystal clear during Neil MacDonalds presentation at the Gartner Security & Risk Management Summit in June, which Avecto was lucky enough to attend. MacDonald is a VP and distinguished analyst in Gartner Research. His presentation analysed new approaches to combatting advanced and insider threats, and made a number of compelling arguments.
Attacks are bypassing our historic defenses the anti-virus, the firewalls, the intrusion detection systems. Once in, a piece of malware typically stays on the systems for almost a year on average, undetected. Were blind too 67 per cent of attacks are discovered externally. It might be from a third party spotting records for sale on a website and letting the company know. But either way, our detection of breaches isnt up to scratch.
Read more about the security debate:
- Government to unite 50 young British cyber security experts from 13 UK universities
- Cyber security: What employers need to know
- Wearable technology threatens security of UK businesses
But what can we do Lets run through it in Gartners four stages as MacDonald did at the summit block, prevent, detect, respond.
Firstly, lets block out what we can of the “bad stuff”. Whitelisting is an easy way to start. On an application level this means that known apps are good, unknown apps are bad. The Council on Cyber Security lists application control as the most essential strategy for mitigating threats, based on real-world data.
Secondly, lets prevent the “bad stuff” from executing. This one is simple take away admin rights and run all users as standard. It might sound like an IT help desk nightmare, but call upon software which can assign privileges to applications not users and youll provide huge protection for the operating system. Its worth remembering that the removal of admin rights would have mitigated 97 per cent of known Microsoft vulnerabilities in 2014.
Many IT managers and CIOs are defeatist when it comes to blocking and believe that prevention is no possible. Theyve been let down too many time by poor anti-virus and firewalls. But the likes of application control and privilege management can genuinely eliminate the vast majority of threats. Leave the old, tired technologies behind and embrace more effective, modern and innovative blocking and prevention strategies.
Thirdly, detect. The key with detection is that any threats are contained and isolated immediately. Sandboxing is the technology needed in this instance. MacDonald sees this as one of the spaces in security that is breeding innovation and was kind enough to mention Avectos technology in his presentation as a stand-out performer.
Finally, respond. By this we are talking about remediating and making changes after the attack. Strategy, policy rules and tactics need to continually evolve. Attacks arent static and defence can’t be either.
Any culture changes will take a long time to really take effect. But a shift to a proactive security posture is such an obvious and positive one. My hope is that more influencers like MacDonald really get behind it and convince organisations that this is the only way to approach security. I believe it’s an achievable goal and more importantly, that prevention is possible.