This article was originally published by Business Post on 28th November 2021.
Protecting a business – and its customers – from marauding bad actors is a significant technical challenge, to be sure, but the key to doing so is to step back from the technology itself in order to take a wide angle view.
“One of the biggest problems is the traditional technology stack approach. That can result in never-ending spending on different tool sets and solutions without ever being able to answer the question ‘am I secure?’,” said Fergal Ward, security architect at Presidio.
In this regard the pandemic effect is impossible to ignore, given both the increasing prevalence of malware and widespread remote working.
“Even we, as a company, have changed over the last 18 months,” Ward said. When it comes to its clients, Ward said Presidio tries to guide people away from simply throwing money or iron at problems.
“We want to do a security assessment, we want to guide the conversation. When we talk we hear about firewalls and so on, but the reality is that the number one priority is asset management,” he said.
Indeed, Ward said both words comprising the term ‘information technology’ should be considered. “It's called IT – information technology – the information has to inform the technology,” he said. In practice, this starts with understanding the information a business collects, processes and stores, and working outwards from that.
“The vendors have fantastic tech, but have you got the basics right? You need to ask ‘what data do we have?’, ‘what software?’, ‘where is it located?’, and ‘who has access?’.”
Presidio helps clients better manage security risks, including but not limited to, cloud, data breaches, distributed denial of service (DDoS), endpoint, malware and ransomware.
There are other benefits to working with a partner. For a start, the ability to sidestep the hiring crisis resulting from a shortage of security professionals, as well as lessening the pressure on perennially overstretched IT teams. But there is also the fact that cybersecurity today requires a holistic or ‘global’ approach.
“It’s better to outsource your entire security so it can be done as a whole, rather than doing it piecemeal,” Ward said.
The human dimension
Understanding that security starts at the governance layer is key and from there it is important to introduce techniques such as ‘zero trust’ policies, meaning no device on the network is given carte blanche. “The human dimension has to come to the fore,” he said. This is especially the case today, he said.
“Covid has truly dissolved the firewall. There’s also the [loss of an] office mentality: employees are more likely to click on things that they shouldn’t when they are at home,” he said.
If procedures are not put in place, new vectors for attack will appear as staff work to overcome restrictions, principally through using unauthorised applications and services, a practice known as ‘shadow IT’.
“Users will always find a way to operate. The biggest thing for many people was forcing people through the VPN. What matters is understanding the business policy: your employees can be the greatest weakness of greatest strength,” he said.
“End-user awareness training can't be just a tick-box operation at the end of the year.”
Today, ransomware is the number one threat that keeps popping up, but you have to acknowledge the wider world of malware. In addition, a plan needs to be in place to deal with breaches when they do occur, and this means back-ups. Not all back-ups are the same, though? The key word is ‘immutable’, said Ward, meaning the back-ups themselves must be shielded from tampering.
“What makes it immutable is that your back-up cannot be accessed through the system,” he said.
For Ward, the message for boards and business owners is that they can certainly get the right tech, but combating malware begins with people and processes. “It all comes back to understanding the business,” he said.