Real-time network health management: Closing the gap between known and unknown threats
2016 was yet another record year for cyber security threats. As of July 2016, there were 522 reported breaches, exposing more than 13 million records, according to the Identity Theft Resource Center. These cyber-attacks reach across multiple industry verticals impacting business from Fortune 500 to SMBs. In October 2016, network infrastructure firm DYN was targeted as a means to disrupt services for companies such as Twitter, Spotify and Paypal, according to Reuters.
In the healthcare sphere, the Phoenix-based Banner Health Care breach made headlines by impacting over 2.7 million patient records, according to Modern Healthcare. More broadly, the industry suffered a record 92 privacy breaches attributed to hacking in the first 11 months of 2016, up 64 percent from 2015.
Proactive approach
The organizational charge for every organization should be to snuff out cyberattacks on businesses before, not after the fact. This proactive approach to cybersecurity is especially true for the SMB, where threats are expanding at a rapid pace. According to its data, in 2015, SMBs represented more than 60 percent of all cyberattacks in the US, a significant increase from just 18 percent in 2011.
The SANS Institute identifies that:
- 60 percent of attack methods exploit known vulnerabilities or deliver known malware.
- Only 38 percent of firms implemented prevention against never-before-seen exploits on the endpoint, while 65 percent consider this to be needed.
- Only 40 percent of firms are using ongoing testing, evaluation and reporting, while 60 percent identify it as a must.”
Addressing these dynamics requires a thoughtful, consistent and dedicated approach to examining an organization’s IT infrastructure and network architecture.
Develop actionable intelligence
For any IT environment the inspection to identify its risk profile begins with a network risk assessment to develop actionable intelligence surrounding endogenous and exogenous threats including:
- Network segmentation connections
- Identified rogue connections
- Data leak detection
- Bad actor site connections
- High risk open ports.
After distinguishing the enterprise-wide threat situation, real-time continuous monitoring is of paramount importance to develop and align an organization’s security posture, network, endpoints, cloud devices and applications. The final step in ensuring proper network hygiene is to close the gaps of vulnerabilities with remediation.
These elements are a necessity to ensuring that the gap between “known” and “unknown” threats does not grow. In many cases a 20 percent gap in network situational awareness can develop. Utilizing gap analysis technology, a firm can assess network changes to narrow this gap with the ultimate goal to identify and monitor 100 percent of network connections and devices.
Best practices
To effectively create network situational awareness with complete visibility of an organization’s IT assets, there is a need for integrative capacity, scalability and real-time assessment capabilities. With the increasing incidence of cyberattacks, companies will need to designate a higher level of IT spending to mitigate the compounding risks. According to Gartner, cybersecurity spending could exceed $1 trillion from 2017 to 2021. Executives must leverage their financial resources to best position their organizations to defend against cyber threats.
Understanding best practices in developing effective cyber security measures is a strategic approach to delivering on this agenda. The following four factors must be taken into account:
- Comprehend the threats facing an organization
- Identify the company’s critical assets and proprietary knowledge
- Understand the strengths and weaknesses of current cybersecurity arrangements
- Develop a cybersecurity roadmap.
On the last point relative to developing a cybersecurity plan, executives in coordination with their IT departments and vendor partners, should focus on several important actions including:
- Ensuring that all company technology have the latest security software, web browser and OS
- Creating a mobile device action plan
- Protecting company internet connections by using a firewall and encrypting information
- Controlling physical access to computers and network components
- Ensuring service and SaaS providers are using the most trusted and certified/validated tools that include protection for anti-fraud/anti-malware on their systems.
With the range of cyber threats constantly changing, companies need to be even more vigilant in their approach to mitigating cyber risks and strengthening their security profile. Executives and business owners can benefit from the insight and expertise of a trusted IT solution team to assist them in navigating the complexities of the cyber security world.