Taking a conventional approach to security is typically about “keeping the bad stuff out” of your network, whether it be spam, viruses, malware, DDoS attacks, or any number of other common threats. But in today’s constantly evolving threat landscape, conventional is not enough.
Proactively assessing your security posture and focusing on mitigating risk on a constant basis is crucial. Not only will this reduce the probability of an attack actually happening, but it will also enable the ability to remediate and recover your business quickly in the event of exposure.
So, how do you take this approach?
1. Mitigate the risk posed by targeted email attacks
Spear phishing and business email compromise (BEC) attacks are highly targeted and researched attacks where criminals typically attempt to defraud individuals and lead them to transfer money or share credentials. Criminals engage in casual conversation with victims through email in an attempt to gain their trust before actually doing anything malicious. In many cases, criminals gather background information on victims through social media, which helps make their efforts more convincing.
The success criminals are experiencing makes targeted threats one of the highest risk vectors for organisations. The FBI estimates that more than US$5 billion has been lost to BEC in recent years. The real challenge for security is that traditional solutions, such as email security gateways and anti-virus solutions, fail to detect these attempts because the messages don’t contain malicious links or attachments. To mitigate the risk of targeted email attacks, an entirely new approach needs to be taken leveraging less traditional methods.
Artificial intelligence (AI) is increasingly been used to provide messaging intelligence to determine whether an email is part of a spear phishing attack with a high degree of accuracy. Domain fraud protection using DMARC (Domain-based Message Authentication, Reporting & Conformance) authentication is also been used to monitor data on domains and get actionable insight on legitimate and fraudulent usage of a domain. Another approach is to use fraud simulation training for high risk individuals to periodically and automatically train and test security awareness with simulated attacks.
2. Mitigate the risk posed by careless or untrained users
Your users sit on the front lines of ever increasing email-based threats like phishing, ransomware, and malware. As hackers become more sophisticated and prevalent, users need to be aware of the threats and able to easily recognise malicious emails. Email security is not just the responsibility of IT – it’s the responsibility of every employee in your organisation.
Part of mitigating the risk means having the ability to provide regular security training to test employees and increase security awareness of various targeted attacks. Simulated targeted attack training is the most effective form of training. Focus on training high-risk individuals, not just senior executives. Turn your users from part of the attack surface to part of the solution.
3. Mitigate the risk posed by rapid application development
Identifying and remediating application vulnerabilities while maintaining development agility is sometimes challenging. This is particularly true when adopting cloud platforms like AWS and Azure that enable rapid application deployments.
Unfortunately, your applications can act as a significant vector for today’s advanced threats. A single unpatched vulnerability can let an attacker penetrate your network, steal or compromise your (and your customers’) data, and profoundly disrupt your operations. Vulnerabilities in your websites and other public-facing applications can lead to costly data breaches and infiltration. Proactively check for vulnerabilities regularly in your sites and applications.
4. Mitigate the risk of data loss
Sometimes you can do everything right in your approach to security and still have something ugly happen — like have your data lost or held for ransom. That’s why there’s one important step you should take to mitigate the risk of data loss. Protect it. Implement a data protection strategy that not only includes a backup plan, but one that allows for easy recovery as well.
If criminals encrypt your files with ransomware, you’ll be able to eliminate the malware, then delete the encrypted files and restore them from a recent clean backup. The whole process can take as little as one hour, allowing you to get right back to business, and leaving the criminals empty-handed.
By taking these proactive steps to mitigate the security risks in your organisation, you’ll greatly reduce the attack probability, and have the ability to remediate and quickly recover in the event of exposure. Being truly secure requires a lot more than just focusing on keeping the bad stuff out. Instead learn how to mitigate the potential risks before they ever come your way.
Mark Lukie is a senior sales engineer for Australia and New Zealand at Barracuda Networks. He has over 16 years’ experience in networking, security, backup/disaster recovery, public cloud platforms, as well as systems integration.