MANILA, Philippines – Another day, another unwelcome cybersecurity report. And this year’s security headlines have not made for easy reading for chief information officers and chief security officers.
In September, Yahoo revealed that hackers stole user data from at least 500 million of its accounts in late 2014. It was reportedly the second largest user account heist on record.
Newkirk Products, a US service provider of healthcare ID cards, reported that a data breach in August may have affected up to 3.3 million people. Hackers made off with sensitive information, like health insurance plan details, that were stored in one of its servers.
In July, a computer network used by Hillary Clinton’s presidential election campaign was reported to have been hacked as part of a cyberattack on the US Democratic Party’s political organization.
Even for a Web-savvy crowd used to regularly hearing about massive data breaches, this year has been an attention-grabbing one.
CIOs have to constantly look for new ways to thwart hackers and protect their organization’s data. But the task is getting harder as networks grow and become more complex.
So how can CIOs maintain the integrity and effectiveness of their security framework when they, say, hook up to a new cloud service, roll out new Web applications to employees, or deploy a new Internet of Things (IoT) project?
Here are four tips to consider.
1. Don’t just throw boxes at a growing network
It seems reasonable to just add more security devices - such as firewalls or the latest cloud security gadget - to the mix as the network grows. But there are two reasons why this can be counterproductive.
First, while that shiny new security appliance may reduce threat detection times, attacks are also getting faster, and they are likely to outrun your new capabilities in a short time.
Second, adding hordes of point security products that are scattered across a network can actually make security management murkier, due to the increased complexity and isolated control consoles.
The second reason is especially a bane for CIOs tasked with balancing security enforcement with network growth, especially if the task encompasses new digital technologies like IoT, cloud services, and virtualization.
So don’t just throw boxes at a growing network.
Instead, focus on creating a security environment in which your security hardware and software - both old and new - can work in tandem to reduce management complexity, improve network visibility, correlate intelligence about attacks in progress, and automatically synchronize a coordinated response.
2. Divide and conquer
As your network becomes more complex, the practice of segmenting it into logical security zones will become even more important. Network segmentation reduces access to sensitive data by unauthorized applications, servers, and people - as well as attackers. It also helps thwart the spread of malware.
For instance, this practice is stipulated in industry standards such as the Payment Card Industry Data Security Standard (PCI-DSS), which outlines how adopters should separate data within the network, such as isolating cardholder data from the rest of the network.
As CIOs plan for network growth, a key consideration is how they can enforce end-to-end segmentation that encompasses different network resources, such as one that can span from a cloud resource to an Internet of Things (IoT) deployment.
3. Shore up the cloud
The compelling return of investment (ROI) and total cost of ownership (TCO) maths of cloud computing makes it an inescapable consideration for organizations. So even if your organization is not tapping on the cloud yet, it helps to start thinking about how you can shore up your eventual cloud defenses.
Effective cloud security starts with having a mindset of enforcing a common set of security services and policies, from the enterprise network to the cloud. If you are using an external cloud vendor, scrutinize its shared security models. Make sure to understand the extent of your vendor’s responsibilities.
Data encryption is a must in the cloud. While it may not prevent attacks or data theft, it can protect your business from hefty regulatory fines when a dreaded event happens.
Also think about beefing up access protection for new cloud applications. For instance, you can implement two-factor authentication, or tie access privileges to roles, company positions, and projects.
Cloud computing and virtualization go hand in hand. But the latter can present a problem for many physical security appliances. This is where virtual security appliances come in, to secure traffic as it flows from virtual machine to virtual machine.
4. Think like a hacker
Cybersecurity attacks these days come in different forms, but most follow a similar pattern.
It starts with the attacker making an extended assessment of your network. This is followed by exploiting a discovered vulnerability that allows them to infiltrate. The attackers then move in, but hide their tracks by using an obfuscation tool, such as a rootkit. Then, when the time is ripe, they trigger the attack within your network, looking for resources to steal or further exploit. Think of it as the four phases - prepare, penetrate, persist and propagate - of a threat lifecycle.
In order to mount an effective response to an attack, your security deployment needs to be able to map its capabilities to those being used by attackers. And it starts with having the means to be able to see and keep tabs on the traffic behaviour across all the different elements of your distributed network environment, even its most remote corners.
Castillo is the country manager of Fortinet Philippines