The dawn of each new day brings with it a litany of new security threats designed to pilfer data and cripple enterprises financially. Now more than ever, it is vital to have proper security measures in place and a disaster recovery plan, should a breach result in significant data loss.
These and various other security-related topics were on the agenda at the 2014 edition of SecTor, held at the Metro Toronto Convention Centre. Among the many guest speakers in attendance was Lucas Zaichkowsky, enterprise defense architect for AccessData. A leading expert in the defence against security threats, Zaichkowsky believes that there are two major threats affecting businesses today.
“The two biggest security threats are organized financial criminals that are highly sophisticated in getting past preventative measures. They can maneuver through multiple layers of defences and pivot through hotpoints that are used by administrators that are believed to be secure because they have these great mechanisms in place,” said Zaichkowski. “The second largest threat would be espionage threat actors. These individuals take what is published in the research community and the next day, they’re using it.”
As the shift towards cloud implementation and the addition of mobile devices continues to take shape in the workplace, it becomes increasingly important for IT managers to ensure that these elements are as secure as possible. If unprotected, hacking them could be just as easy as gaining access to an unsecured network.
“When it comes to cloud computing, there are two things that can be done,” said Zaichkowsky. “One is holding the cloud provider liable for any damage due to their negligence or attacks upon them. The second is taking a look at how you’re using that cloud service provider, what security controls they provide, and if at all possible, using a hybrid approach.”
For companies who use the cloud for data storage, proper encryption of the data can decrease the chances of having it fall into the wrong hands. The data can also be decrypted for use by clients, should the security of the server become compromised.
“You can encrypt things there and decrypt it on the client side so if the server side is broken into, there are no keys to decrypt the data,” said Zaichkowsky. “You have to look at it like any part of an IT system and see where the controls can be put in place for preventative measures, detecting through auditing, reviewing those log files, and having instant response plans in place for when bad things happen.”
Despite the best efforts to protect against them, there are some instances where attacks result in substantial data loss. Zaichkowsky highlights some methods enterprises can use to prepare themselves for these problems and subsequently launch a disaster recovery plan.
“The best practices are to have posturing in place. Everyone talks about incident readiness when it comes to having a plan for communications and who is going to be involved, but what’s often neglected is the technical controls,” he says.
“Are you actually logging successful login attempts? If an attacker has compromised credentials, and they’re moving around using built-in system commands, do you have the capability to query all your systems and say, ‘Who’s been accessed using this user account? What files were created? What network sessions happened?,’ Zaichkowsky continues. “Thinking ahead, would you be able to reconstruct hacker activity, and how long would it take you to do that? Is your retention high enough? Have you examined the DNS and DHCP logs?”
Going forward, security methods and software will continue to evolve, as will the abilities of bad actors to get around them. As a result of the changes made to these components, Zaichkowski believes that there will be a gradual shift towards rapid detection and identification of malicious activity, and the subsequent response to it.
“The future is moving towards the fact that prevention does and will fail,” he says. “When we say protection, it’s a very fuzzy word. What most people think is blocking victim zero. We need to accept that there is always going to be a victim zero, and it’s identifying the attacked once it’s making an entry into your environment and moving toward their ultimate goal. There’s a huge shift towards rapid detection and response, and all the analysts firms are talking about the major budget increases that are going into that bucket.”
SAMSUNG GALAXY S8 PLUS
The Samsung Galaxy S8 Plus is a beautifully crafted smartphone with nearly no bezel, curvaceous in design and reflects a…
How to: Connect to Exchange Online Using Multi-Factor Authentication
Using PowerShell to manage your Microsoft cloud services like Exchange Online and using multi-factor authentication (MFA) separately is awesome. Using…