The IT manager then walked hundreds of miles to the Cybersecurity District where he met two experts in the same day! Firstly, he spoke with Stephen Moore, chief security strategist at Exabeam, whose golden rule tackled the insider threat:
“There are some hard truths to accept when defending your IT Kingdom. One truth is that you can’t always trust your citizens the employees, third parties and machines operating inside your network. Network defences are commonly toppled from the inside, and this kind of threat can be much harder to detect.
“On the one hand, an external adversary could gain access to your system using stolen credentials from one of your trusted insiders. The compromised individual is unaware their credentials are being used. On the other hand, you may have ‘malicious insiders’ in your network employees working for their own benefit. Malicious insiders may be selling your secrets to competitors or may have other reasons to cripple operations.
“For this same reason, it’s important to monitor the accounts of those who have recently left the company. You also need to understand the normal behaviours of everyone that accesses your network. When you know the typical behaviour of your network citizens, you can more easily spot anomalies. To do this, you need a means to track each and every activity and pull this together into a single storyline.”
The IT manager then spoke to Jan Van Vliet, VP and GM EMEA at Digital Guardian. He suggested people stop focusing on protecting the network, and instead focus on protecting data: A common mistake is to think data is safe because it resides within the company fortress. Thanks to flexible working, data travels to distant shores and beyond! This means IT teams have to protect data that they cannot touch or see.
“No fortress is completely unassailable and IT teams must prepare for the inevitable breach. Using data-centric security technologies can prevent theft of sensitive data. It will also ensure that even if someone has access to the data, they are prevented from copying, moving or deleting it without approvals. This technology limits the threat from human error or insider threats, as people quickly become aware of the impact of their actions – whether deliberate or a genuine mistake.”
Spurred on by finding such helpful experts, the IT manager travelled to the River of the MSPs, where he found Dave Ricketts, head of marketing at Six Degrees. He suggested outsourcing when necessary: “Keep evil hackers at bay by enlisting a team of technology experts who can provide the security and management your kingdom’s data needs to stay safe and compliant.
“With increasing incidences of breaches and legislation, strengthening your armour by investing in external assistance can be just the support and assurance you need. Many experts or multi-service providers (MSPs) have data centres that are correctly accredited and certified, adding an extra layer of assurance that your data is secure and compliant.
“Combining the increased security of a separate IT environment with the improved operational performance and economics of using a data centre would be the double protection equivalent of a moat and a secure drawbridge around your data.”
Finally, the IT manager climbed the Hyve Hill to find Jon Lucas, director at Hyve Managed Hosting, whose golden rule was to understand that fairy tales can teach essential lessons: ?Whether it’s the misplaced trust and deceit in Little Red Riding Hood or the costly shortcuts taken by the Three Little Pigs, fairy tales remind us of the grim impact of making poor choices.
“But all these issues and more – trust, deceit, good vs. evil, danger and disaster are part of today’s IT security narrative. And the most common thread for most security problems is that we don’t learn from the past. The same mistakes are made. We need new priorities and perspective. Individuals need to take greater responsibility, and companies need to do what’s right.
With these golden rules, the IT manager travelled back to his enterprise more knowledgeable and confident than ever before. By implementing the experts” changes, the IT team lived happily ever after, and their company data stayed safe forevermore.