iscover
Anthony DanielShare this article on:
Powered by
MOMENTUM
MEDIA
While it’s important for IT security professionals to be confident they’re effectively protecting their organisation from cyber attacks, it’s important that this doesn’t turn into overconfidence, Anthony Daniel of WatchGuard Technologies, writes.
Being overconfident that all the required protective measures are in place can lead to complacency – and that becomes a big problem. A complacent security team can misjudge the level of potential threats and leave critical systems open to attack.
Overconfidence and complacency can occur for a variety of reasons. One is when an organisation doesn’t consider that it is a likely target for attack. This could be because it’s relatively small in size or is not storing large volumes of sensitive data.
Sadly, all organisations are potential targets. Disruptions by an event, such as a ransomware attack, can have dire consequences for even the smallest of firms.
Another factor that can lead to security complacency is lack of training for security teams and other staff. Being unaware of the nature and number of threats that exist, and the impact they could have can result in an “it can’t happen to us” mentality.
Firewalls and AV tools
In some firms, overconfidence can occur because the IT team believes having a firewall in place and anti-virus tools installed are all the protection that are required. This, unfortunately, is not the case.
Even when a firewall is protecting internal resources, there is still email and web traffic coming into systems. All it takes is for a staff member to click on a web link or open an attachment containing malicious code and an attack can be triggered.
Rather than relying on a small number of point security tools, organisations should have a layered defence strategy in place. This strategy should include additional security services that automatically scan all web and email traffic.
It should also be remembered that signature-based AV tools can only protect against known malware. This is no match for modern malware that can be repackaged in real-time to avoid detection.
Organisations also need much more proactive endpoint security controls. These include items such as behavioural-based detection and endpoint detection and response (EDR) tools that constantly monitor for malicious software that may already be running within the IT infrastructure.
The importance of network segmentation
Another area where some security teams may have become complacent is within their organisation’s own internal network. This is a concern because if an attacker gains access, they are likely to scan across multiple systems to steal data or cause disruption.
If the internal network is “flat” and has no segmentation, an attacker can move through it with ease. To avoid this, an organisation should deploy unified threat management appliances that can help create virtual local area networks (VLANS) that segment the network based on trust models.
For example, the IT security team could create a structure where each department within the organisation has its own virtual network. Sensitive servers and databases could also be connected to a different network from those used by most staff.
Taking a unified approach
Within many organisations, IT security measures have been built gradually over an extended period. As a result, there tends to be a range of point solutions from different vendors deployed at different times.
This approach might appear to offer solid protection, however in reality, it could be resulting in gaps that can increase the chance of a cyber attack.
A better strategy is to undertake a unified approach to IT security. This will help to close gaps and ensure a consistent level of protection exists across the entire organisation. When security in unified, it’s also possible to aggregate logs and identify threats that previously may have gone unnoticed.
Complacency and overconfidence are things all IT teams need to guard against. By taking these additional measures, security can be enhanced, and potentially destructive cyber attacks avoided.
Anthony Daniel is the regional director of Australia, New Zealand and Pacific Islands at WatchGuard Technologies.
Be the first to hear the latest developments in the cyber industry.
