Ten or 15 years ago the most a company had to worry about when it came to vulnerabilities to its information systems were such things as Internet worms, e-mail spam and opportunistic hacks. All these companies needed back then for protection were a good firewall, antivirus software and spam filtering. However, the times have drastically changed.
These days, attacks against your organization’s information systems are most likely targeted, stealthy and slow moving. Attackers begin by initiating a compromise through targeted e-mail or Web attacks. These highly sophisticated attackers move laterally and quietly within your organization, exploiting your employees’ access permissions, your misconfigured servers and your weakly protected assets to obtain your sensitive data, customer information, financial records and intellectual property.
In order to be more security-conscious, companies must evolve as the sophistication of vulnerabilities, attacks and attackers have evolved. Your organization must have more than the good firewall, antivirus software and spam filtering of old to stave off today’s attackers.
For successful security, your organization must be able to correlate many pieces of intelligence, often over days or even weeks, to spot a successful breach, or the signs of a mounting attack. Just look at recent events to see how attackers have been in government and company information systems for many months. To be most effective, organizations must use a combination of intrusion prevention systems, endpoint and network-based data leak protection, Web filtering as well as log management and security incident management tools to analyze security incidents.
Organizations must invest in layered security systems. They have to employ IT staff or paid consultants who can install, update and manage your security products; experts to fine tune configurations and still others to monitor and make sense of your product’s often voluminous output. However, they need to find a way to obtain a single vision of security infrastructure that cuts through the noise and helps their IT staff to understand what’s happening, why and what actions to take. The bottom line is that your security and IT staff need to figure out how they can obtain value from your security investments you have already made, and will make in the future.
Derek A. Smith, Founder, National Cybersecurity Education Center
Derek A. Smith is an expert at cybersecurity, cyber forensics, healthcare IT, SCADA security, physical security, investigations, organizational leadership and training. He is currently an IT Supervisor at the Internal Revenue Service. He is also owner of The Intercessors Investigative and Training Group (www.theintercessorgroup.com). Formerly, Derek worked for several IT companies including Computer Sciences Corporation and Booz Allen Hamilton. Derek spent 18 years as a special agent for various government agencies and the military. He is also a cyber security professor at the University of Maryland, University College and Virginia University of Science and Technology and has taught for over 25 years. Derek is retired from the US Army and also served in the US Navy, and Air Force for a total of 24 years. He is completing his Doctorate Degree in Organizational Leadership and has completed an MBA, MS in IT Information Assurance, Masters in IT Project Management, and a BS in Education. Derek has written several books including Cybersense: The Leaders Guide to Protecting Critical Information, and its companion workbook, and he has contributed to several other books as an author and technical adviser.