Cyber security Part 2: Security industry perspectives

By  Maureen Aylward

From Sony to Lockheed Martin to PBS, cyber attacks are on the rise and increasing in sophistication. Even the US government announced that a cyber attack by a foreign government constitutes an act of war. How can companies, governments, and institutions protect themselves? How will cyber security change to meet the rising threats? Our Zintro experts weighed in with such fantastic responses that we are doing a three part series to address this from the perspectives of organization and governments. This is Part 2 in the Zintro Series on Cyber Security.

Brad Roldan, an executive telecom consultant, says that the challenge for the security industry, security executives, and professionals is not how to better secure physical infrastructure (servers, routers, PCs), but rather how to engrain cyber security as a fundamental part of doing business on the Internet –  an environment that is inherently open. “Possibly the biggest challenge that the security industry faces is how to address security policy to encompass cloud services in a consistent manner,” says Roldan. “This is especially challenging when using public cloud resources and SaaS where security mechanisms are often limited in scope.”

Roldan says the security industry is moving towards simplifying the selection and implementation of key technologies that protect an organization’s internal resources and extend the same security to cloud services. He points out two trends worth noting: the move by the largest SaaS providers to Security Assertion Markup Language (SAML) and the growing availability of cloud-based Unified Threat Management (UTM) services. For the small and mid-sized enterprise, this is significant.

“By using SAML, organizations can enable single sign-on services that are bound to the organization’s internal active directory and AAA (Authentication, Authorization, and Accounting) infrastructure,” says Roldan. “A cloud-based UTM enables an organization to secure its resources with an intrusion detection and prevention system, firewall, anti-virus, anti-spam, and data loss prevention. Using a cloud-based solution, the organization does not need to maintain expensive security hardware or worry about falling behind on crucial cyber security updates.”

Roldan says that organizations that elect to couple single sign-on and cloud-based UTM services put themselves at a significant advantage in ensuring their risk-profile for cyber-attacks. “These technologies protect network resources, which is a first line of defense. An organization must still implement sound data security policies that include data encryption at rest and in motion, storage of encrypted passwords using one-way hashes, and awareness of data sovereignty,” says Roldan.

Craig Goodwin, a director of security services, says that every organization, whether large or small, can be a target of a cyber attacks. “The threats are so diverse and wide ranging that no one is truly free from risk,” he says. “The nature of modern communications and information systems means that the threat landscape is huge, ranging from targeted and premeditated attacks, like the one against the Sony Play station network, to self-multiplying viruses that can infect anyone anywhere regardless of how low the perceived risk is.”

Security companies need to think push holistic security, an approach that ensures all areas are addressed, including people, technology and processes. “Technical controls can minimize some risks but not all. Organizations that ignore the rest of the security spectrum, such as physical security or personnel security, can leave gaping holes in defense.”

ITSE, an IT security solutions expert, seconds the holistic security approach and offers these key areas to focus on:

  • Patch management
    Everything needs to be patched and up to date. “The RSA Security hacking incident worked because the company had not updated an application, and the phishing attack exploited that vulnerability and compromised the host,” says ITSE.
  • User and staff education
    Educate users about being secure and not opening attachments from unknown senders and how to secure passwords.
  • Reduce the Google footprint
    Google indexes everything. Remove old links and sub domains and configure robots.txt files to tell Google what needs to remain hidden.
  • Turn off Ping
    Ensure that if the network is pinged, that it does not pong. The router should not respond to a ping from the Internet.
  • Use good anti-virus software
    Ensure that the solution provides Buffer Overflow Protection, which is a common source of exploits.
  • Deactivate old accounts
    When someone leaves the organization, ensure that HR communicates with IT to have the old accounts disabled.
  • Filter web content
    This is a common source of infection so it necessitates the use of a web filter. Even if a company does not block sites like Facebook, web traffic needs to be cleaned of malware.
  • Keep passwords secure and complex
    If users complain, look at 2 Factor Authentication or smart cards.
  • Filter email
    Another key area for malware delivery is email; scan it to remove executables and known malware.

Dhwcom, information security and network consultant, says that information security professionals must keep up with the changing threats in order to protect data and information assets. He suggests addressing three critical areas:

  • Create a Security Information and Event Management program.
    This program will determine what is going on in the network and where it is happening.
  • Build an Incident Response Team from key individuals across the organization.
    This team will identify organizational security goals document key metrics for identifying events, classifying incidents, and choosing appropriate response mechanisms. The Incident Response Team will also set the policy and procedure on the range of potential responses. These responses may be technical, human resource related, or legal in nature.
  • Develop an overreaching Organizational Security Policy.
    This policy will provide the framework for defining what assets are important, how they are protected, how to respond to cyber-attacks, and the repercussions for breaking corporate security policy.

By Maureen Aylward

What do you think?

If you have a question or comment about the cyber security industry, we would like to hear it. Click here. Would you be interested in signing up to be a Zintro expert and generate free leads for your business? Click here.