Nearly 83 percent of IT security professionals feel confident in their perimeter security tools and rely on them to defend against sophisticated cyberattacks, according to a Lieberman Software Corporation survey conducted in 2015. But should they feel that comfortable in perimeter security protecting important or critical data?
With more than 3.9 billion data records worldwide reported lost and/or stolen, this faith in perimeter security needs to be reassessed by organizations relying on it. Perimeter security tools are often inefficient against advanced zero-day threats, or even targeted phishing and whaling attacks.
Yet, according to the 2016 Data Security Confidence Index study, most IT decision-makers are still willing to believe in their company’s perimeter cybersecurity. Sixty-one percent believe their perimeter security is effective at keeping unauthorized users from accessing their networks, and 86 percent of the companies surveyed have invested more in perimeter security in the last five years.
Those responses are somewhat contradictory to the following: 66 percent of respondents say that unauthorized users can access at least part their network; in fact 16 percent admitted they could access the entire network.
One reason for this increased security risk is the sheer number of mobile endpoints that connect in corporate environments. Data protection gets harder as more and more devices, such as mobiles, laptops, tablets, are connected to each other via one network or another. Not just that, with more and more people taking their work home and even being allowed to connect to workplace networks from home, the cybersecurity game has changed entirely.
Multi-Layered Security May Be the Answer
A multi-layered defense strategy can help companies address most of the common causes of breaches.
The first step should be establishing a proper access control system. Before anyone is granted access rights to a system, their device identities and user identities need to be confirmed. There should be role requirements they have to meet. For instance, networks should only grant access to employees in managerial positions, using approved devices and using secure network connections.
To keep attackers at bay, systems should be regularly rebooted, and companies must stop using domain administrator accounts. Administrative-level accounts that install new software can compromise the whole system if one employee downloads malware onto their device.
Credentials, such as passwords, SSH keys, and certificates, should be revoked and re-authenticated regularly. Require employees to set strong passwords and that they reset passwords often.
Following the principle of least privilege, access rights of different employees should be regularly reviewed, removing access rights to irrelevant data. For higher level functions, more than one person should be required to authorize important changes, and install data protection services to provide backup services in case something important gets changed when it shouldn’t have.
Teach Your Employees to Be Vigilant
Instead of investing more into perimeter security, consider investing some money into educating your employees on cybersecurity best practices. Teach them how to recognize attacks, especially phishing, and what they should and shouldn’t do. Encourage employees to install patches and updates when prompted to, and to regularly back up data (or set up their machines to do it automatically).
Employees at all levels should be following the same set of rules. Often, management may ask IT to bend the rules for them, and this can result in disaster as they are most likely to be targeted with the uptick in whaling attacks.
When new cyberattacks happen, disperse the information to your employees so they can be vigilant for similar attacks on your network. For example, it may be wise to hold training on what whaling attacks look like, and to train employees to look at emails with a suspicious eye.
In case of an attack, your employees must know how to properly turn off their device and disconnect it from the network. They should have the information regarding the first person they need to inform, and be able to get in touch any hour of the day.
If an attacker does penetrate the system, network and security components must be able to communicate and respond quickly to take preventative measures. There should be a process to de-provision devices using a centrally managed VPN, or be able to remotely revoke access rights.
Companies have often seen perimeter security as being the best option, but with more and more data breaches occurring, it may be time to invest time and money into developing a more layered approach to security.