There are a growing number of attacks and almost all of the successful ones have come from an insider being compromised through deception, negligence or a lack of awareness. J2 Software CEO John McLoughin says companies need to attack or face being attacked themselves and stand to lose everything.
The common response to a cyberattack is to quickly identify the culprit, blame them and try to cover up the damage. It is time that business leaders realise that they are simply not doing enough to protect their organisations.
Having dealt with many intelligent and highly qualified people in recent months, it is clear that they are simply missing the (end) point. The conversations are very similar when discussing the various risk vectors, how they are being addressed and what collection of solutions and processes are being used.
Some have large budgets, some are small and several haven’t even thought of information security or risk mitigation to prevent and reduce the impact of breaches as an item to budget for.
Business leaders often feel that these topics are too complicated to discuss, and it means that they generally have no idea where to start. The worst possible response is that it is not the right time to worry about cyber risks right now. Do they really think there are more pressing issues than company security?
When is the right time? When your company is headline news as the next big public data breach or when your competitor takes out your top three customers from under your nose.
They also need to realise that anti-virus and gateway security are not the solution, they are a small part of the solution. If companies don’t have total visibility on what is happening at the end point, they will simply continue to run in circles and will never be able to claim compliance.
Without absolute visibility on the end point, one also cannot tell what risks employees are bringing into the company or what data is being taken out.
Network log analytics and SIEM is very good at aggregating vast amounts of data from many different systems and this gives out a whole lot of data. Network and firewall logs are informative, data from the end point around user activity, email activity and device changes brings real value.
One must correlate the actual user activity against known risky behaviour to identify anomalies. Lateral movement doesn’t only happen from outside parties, internal users take advantage of their knowledge and use things like system or admin accounts to make changes, move around the environment and steal data, load malware and cause damage.
The rise of global breaches brings account compromise into play as well. The dark web is teaming with stolen credentials, without adequate monitoring and active enforcement one will never know that you have been breached in the first place.
One needs to begin at the endpoint because with complete visibility, business leaders will be able to understand what is normal. When you know what is normal, abnormal is easily identified and you have the capability to respond before damage is done.
Your team needs eyes everywhere and most importantly this needs to be at the endpoint with the user or systems that are actually doing the work. When you increase your field of vision, you improve your security and reduce risks.
Have a look around your entire environment and ask yourself whether you really know what is going on at the endpoint. Do you know which users log on to specific machines, what they have done there and the data they are moving around? If not, you have a problem and you need to consider your options.
It is time to take security more seriously. You know that the biggest problem is already staring at you in the face, if you do not have visibility and provide adequate additional protection and awareness to your users, you will miss far more than you are able to protect.
Relying purely on network monitoring works in a perfect world, but we work in an imperfect world. Users make mistakes, click on links, download software they shouldn’t and are given far more access than they require – simply because there are inadequate controls and no monitoring.
Companies need to make real progress in terms of security, not simply tick a box on an audit requirement. This is only possible by obtaining valuable input into the security operations of your business by increasing visibility and increasing your capability to identify and respond, before you are in the news.