Many of us usher in the New Year with a set of aims or ambitions. If you've made a vow to get a better grip of IT security in 2015, what can you do to quickly and easily improve your security posture in the year ahead? Here we take a look at the top 5 quick wins.
1. Don't over rely on antivirus
It's easy for many organizations to take antivirus technology at face value, hoping it lives up to its name and keeps the bad stuff at bay. Yet 2014 was a significant year for antivirus, which for some, marked its demise. In May, Bryan Dye from Symantec highlighted that antivirus now only captures 45% of malware attacks and as such proclaimed the technology "dead" as a means of protecting an organization. Similarly, Forrester analyst Chris Sherman released a paper on five alternatives to antivirus, claiming that antivirus technologies have "steadily become less effective at stopping advanced threats to employee endpoints and servers"
2. Defend in Depth
Circumvent the unpredictability of antivirus by employing a Defense in Depth (DiD) approach to IT security as recommended by leading authorities such as SANS and Aus DoD. Layering proactive technologies like Privilege Management, Application Control, and Sandboxing can help predict, detect and prevent malicious intrusion onto your network.
3. Take control of your data
2014 saw wide spread and high profile data loss costing organizations millions of dollars trying to repair the damage. 2015 should be the year you look to take control of who has access to your data. Regularly review user roles and access requirements to establish who has access to what and when. Employ Privilege Management technology, which combined with other proactive defenses, can mitigate the risk of compromised data.
4. Prioritize the big wins
Building security from the ground-up rather than relying on reactive "detective" measures will greatly improve your security posture. CIOs and CISOs know there is no such thing as 100% when it comes to security, so will be looking to prioritize those solutions which provide the biggest wins. Leading industry bodies such as SANS and the Australian Department of Defense all provide suggestions of easy security wins, centered on a multi-layered approach.
5. Strike the balance between security and freedom
It's easy to respond to a cyber attack by locking down users. For many it seems like a natural step in order to regain control of the network. One of the disadvantages of this approach is the impact it has on workplace productivity and inevitably its profitability. If users can't do their jobs then the business quickly feels the impact. A Defense in Depth approach, following the steps above can help you secure the enterprise and keep your employees free to be creative, productive and profitable in 2015.
Find out more about how to strike this balance by watching Andrew Avanessian, EVP of Consultancy and Technology Services at Avecto talking to Alastair Greener from Business Reporter at the Daily Telegraph studios.
James Maude, Lead Cyber Security Researcher
James Maude is the Lead Cyber Security Researcher at BeyondTrust’s Manchester, U.K., office. James has broad experience in security research, conducting in-depth analysis of malware and cyber threats to identify attack vectors and trends in the evolving security landscape. His background in forensic computing and active involvement in the security research community makes him an expert voice on cybersecurity. He regularly presents at international events and hosts webinars to discuss threats and defense strategies.