Ever found yourself slightly confused with security terminology? Often companies rush to secure themselves however there can be some key practices that are missed because of nuances in language. For example network security is often used synonymously with cyber security and information security, however they are not the same thing. Information security involves securing physical and digital data from unauthorized access, use, and modification of any kind. Cyber security is concerned with the same thing, expect it is only for digital data. Network security is a subset of cyber security. The nuance of network security is that it is specifically oriented towards securing transmissions, devices, and IT architecture.
The Growing Threat
According to Verizon’s 2017 Data Breach Investigations Report a surprising 81% of data breaches involved stolen or weak passwords. Additionally, only 25% were intentionally started by insiders. What this demonstrates is that negligent insiders, your employees and partners, are usually the leading cause of data breaches. Let’s also take into account that in 2016 up to 93% of all phishing emails contained encryption ransomware. In 2017 when NotPetya broke out it was due to what has been termed a watering hole attack. This is where the initial data breach victim is used as a vector to spread the ransomware. In the NotPetya case the Ransomware was transferred via MeDoc’s software updater. Ransomware spreads in several forms, but almost all of them involve an insider data breach.
While mitigation of insider threats and ransomware exposure needs to involve management, today we will focus on the network security aspect, which is often the most technical of the three layers of information security. Don’t worry though below you will find a set of best practices for network security that you should prioritize if you haven’t already.
Upgrades & Updates
Always keep your systems up to date! While this may seem obvious the process of actually keeping systems and software up to date is more challenging than meets the eye. Companies often rely on software or an operating system to keep operations going, every minute the systems are down is a huge productivity cost. Some business managers see updates as an operations risk in the short term and delay updating. This way of framing operational risk is not taking into account security of the data flowing through the network. Updates are often vulnerability patches, performance improvements, and security updates. The largest data breach in the United States, Equifax, was only made possible because the company failed to update and patch a vulnerability in their system. No matter how large or small, without updating you’re open to an attack or insider caused data breach.
Adobe who is known for constant updates to Flash, has recommended that automatic updates is always turned on, or if you prefer to set alerts if you wanted to know when an update is being installed.
Cultivate a Security Culture
When it comes to security it ultimately is about people, which is why a security culture needs to be cultivated at your organization. Given that malware/ransomware enters an organization’s network by way of email or malicious websites, it is important to discuss phishing to employees. Some organizations, including the Department of Homeland Security will also conduct fake phishing simulations to determine which employees are likely to fall for the trap. Establishing a security culture is much more than training though, it will require committed leadership that takes security seriously. With a stronger security culture in the organization, negligent credential leaks will reduce, which in turn results in less insider caused incidents.
Developing a security culture requires five things: education, leadership, hands-on training, incentives, and integration. The first three are mentioned in the paragraph above, but incentives and integration are the critical factors that will maintain your security culture. Incentives for good security practice could include small things like gift cards or increased accumulation of time off for good security performance. The last aspect, integration, is about making sure that your security training, education, and incentives are fully integrated into your organization’s processes.
Not all information needs to be accessed by everyone. Someone who is in marketing does not need access to the source code the programmers are writing in order to do their job. Different positions require different permissions for data. Ideally for most roles users should only have access to what is necessary to perform the duties of their job. Some positions such as executives or administrators may require near total access to the organization to do their job effectively. As companies change overtime proper management of permissions can be difficult to keep up with. Despite the constant fluctuations that may happen at an organization, permissions management must always be a priority.
Permissions management also extends into software and applications. With the rise of productivity applications, there is a need to apply special permissions and roles to each application. This adds to the complexity of managing permissions not just on their devices and consoles but now the software within them too. If not handled correctly then insiders will have access to data that they never were supposed to.
Disaster & Continuity Planning
Despite our best efforts all it takes is just one employee to cause a data breach or ransomware seizure. Thanks to the latter many companies now need a continuity plan more than ever before. Continuity plans are plans to continue business after a critical disruption. This can be challenging but it is something that needs to led by IT and management to ensure the business does not come to a grinding halt if a ransomware attack happens.
Continuity plans require that your organization understands each time-critical business function and process. Once those are identified IT and management needs to work together to identify how those processes can be carried out with computing technology down. An example of this is when NotPetya struck FedEx owned TNT, and the courier was left devastated afterwards. Things were so bad for TNT that their operations were mainly being handled manually, meaning packages were being processed and validated by pen and paper alone. What is important though is that they were able to continue business. Network security will need to work with managers closely to minimize how long the organization is impacted for after an attack. The US government has published a helpful guide to assist managers and administrators on how to develop a comprehensive disaster recovery and business continuity plan.
Anomaly Detection Systems
Prevention is always preferred, and now thanks to machine learning you can detect abnormal behavior of the network itself or any individual user connected to the network. This is normally referred to as behavior analytics or anomaly detection. Anomaly Detection is the combination of log management and machine learning algorithms. Anomaly detection analyzes the entire organization’s network and each individual user. While analyzing behavior the technology builds baseline employee profiles across company departments and users groups. With both individual and network profiles established, the software then is able to provide automated security alerts, which help administrators identify high risk users or abnormal activity on the system.
By implementing some of the practices above you will ensure that your network is more secure against both external and insider threats. Network security is your first line of defense against data breaches. It better to be more safe than sorry, you want to the most effective technology and practices possible for your organization. Click below to learn more about Teramind.