Story image

Time for new security resolutions

27 Feb 2015

There's no time like the present for customers to take a good look at their security says Mark Shaw, Symantec Pacific region technology strategist – security.  

With the new year in full swing, it’s a good time for organisations to cast a critical eye over their security processes, practices  and technologies. 

Channel partners have an ideal opportunity to work with organisations to identify gaps and assess how to better protect the organisation and avoid them being the victim of a headline-making data breach.

To help partners provide the best recommendations to their customers, here are a few suggestions on habits to leave behind, and new habits to adopt.

Know where your data lives It’s 8pm on Thursday… do you know where your data is? Who can access it? Take the time to understand where sensitive data resides, who has access to it and where it is flowing to help identify the best policies and procedures to protect it. 

Remember, protection should focus first on the information – rather than the device or the data centre.

Think like an attacker As attackers plot their attacks, they typically look for the path of least resistance. Look at IT infrastructure from the attacker’s vantage point. Where is the most valuable data stored and backed up? What vulnerabilities could I exploit? What is the most economical way for me to perpetrate and profit from an attack?

Compromise is inevitable. Have a strong relationship with an incident response partner or better yet, have them on a retainer so they’re ready to go to help prevent your compromise from becoming a breach. 

Also, be prepared yourself. More and more companies are taking the added step of running end-to-end incident response drills to test how well the organisation can manage an incident. Remember that an incident response process will likely span multiple business units. It is no longer the sole domain of the IT security team or even the wider information technology group.

Add more layers of protection Protecting the endpoint using only the antivirus component of an endpoint protection technology has been insufficient for years. Using the entire feature set of these technologies is a critical component of a broader arsenal of advanced protection technologies to keep information safe. You can strengthen security infrastructure with data loss prevention, network security, endpoint security, encryption, strong authentication and defensive measures, including reputation-based technologies. 

Educate employees Large-scale data breaches in recent years have continued to highlight that the weakest link in security is often human error. It’s critical employees understand what attacks look like and how to defend against them. Educate users about security threats and the damage they can cause – from password strength to phishing emails, to lost and stolen mobile devices.

Patch your environment on a regular basis Consider your patching frequency and whether this can be automated further. Also bear in mind that two-thirds of vulnerabilities identified are in third-party applications, so increase your patching scope beyond simply the OS. Software updates can include fixes to new vulnerabilities and exploited security gaps. 

Patch back end infrastructures, because it’s not just desktop software that can provide an opening, as last year’s Heartbleed vulnerability demonstrated.

Go beyond the device Tablets and smartphones have increased employee productivity and flexibility, but also introduce new and evolving vulnerabilities into the workplace. Many companies think device-level security is enough to prevent data leakage and breaches, but today’s mobile threats call for deeper protections that also safeguard apps and data. Rethink your BYOD policies to protect at the content, data and app level.  

Developing APAC countries most vulnerable to malware - Microsoft
“As cyberattacks continue to increase in frequency and sophistication, understanding prevalent cyberthreats and how to limit their impact has become an imperative.”
Dropbox invests in hosting data inside Australia
Global collaboration platform Dropbox has announced it will now host Australian customer files onshore to support its growing base in the country.
Opinion: Meeting the edge computing challenge
Scale Computing's Alan Conboy discusses the importance of edge computing and the imminent challenges that lie ahead.
Alibaba Cloud discusses past and unveils ‘strategic upgrade’
Alibaba Group's Jeff Zhang spoke about the company’s aim to develop into a more technologically inclusive platform.
Protecting data centres from fire – your options
Chubb's Pierre Thorne discusses the countless potential implications of a data centre outage, and how to avoid them.
Opinion: How SD-WAN changes the game for 5G networks
5G/SD-WAN mobile edge computing and network slicing will enable and drive innovative NFV services, according to Kelly Ahuja, CEO, Versa Networks
TYAN unveils new inference-optimised GPU platforms with NVIDIA T4 accelerators
“TYAN servers with NVIDIA T4 GPUs are designed to excel at all accelerated workloads, including machine learning, deep learning, and virtual desktops.”
AMD delivers data center grunt for Google's new game streaming platform
'By combining our gaming DNA and data center technology leadership with a long-standing commitment to open platforms, AMD provides unique technologies and expertise to enable world-class cloud gaming experiences."