Turn on the television news, listen to the radio or open the newspaper and there's a high probability you'll see, listen to or read a Cyber Security story. Here are 10 suggestions to help ensure your organization is not hacked.
PASSWORD LENGTH: OK, so how many times have you been told to change them or think about how secure they are? The Telegraph newspaper recently reported that the most popular password in 2014 was 123456! The fact is, for every additional digit used, the ability to crack a password becomes exponentially harder. Its a bit like juggling; some of us can do it with three balls, but 4 is very hard, 5 exceptionally hard, 6 - you get the idea. If you make a password 15 digits in length you've just made a hackers job extremely difficult. Make sure you mix numbers with upper and lower case digits too.
BE SUPER CAUTIOUS WITH EMAIL: Spear phishing is a massive problem and one which the best email filters struggle to catch. Really think about every mail you receive and do not click on a link in a mail unless you are certain of where it will take you. Also, if you notice anything unusual on your PC, tablet, etc, disconnect it from the Internet immediately and report the problem.
UPGRADE YOUR FIREWALLS: Firewalls have become much more sophisticated in the last few years. If you have not enabled Next Generation Firewall features such as intrusion prevention, application visibility you should do so. If the Firewalls you use do not have these features its time to upgrade. Junipers SRX range takes firewall protection even further with adaptive feeds of compromised URLS and IP addresses. This is the future of firewalling and other vendors are starting to look at similar approaches.
INVEST IN AN ADVANCED PERSISTANT THREAT PRODUCT: There are many companies who now provide systems to trap new threats as they enter a companies network. A firewall alone cannot stop all threats. The most well known vendor in this space (and the most effective in many tests) is Fireeye. There are however, many other vendors in this space and it is well worth researching the market and the effectiveness of products.
MAKE SURE YOU MONITOR YOUR NETWORK: Depending on the size of your organization a Security Operations Center (SOC) may be a very sensible investment. Tracking exactly how packets traverse your network and taking feeds from your security devices makes absolute sense. Via an open API, Juniper can take feeds from a SOC into SRX firewalls as part of the latest adaptive intelligence offering. There are SOC services available in the cloud that can monitor your networks remotely if you don’t want to do this in-house.
ENCRYPTION OF DATA REALLY HELPS: Whilst encryption products have been available for some years for various IT programs there are still many applications and associated data that would benefit from encryption. It’s like the password issue - just make it harder for the attacker.
The Romans were encrypting some of their sensitive data so its not a new idea!
ENSURE YOU HAVE DENIAL OF SERVICE PROTECTION: Denial of Service (DOS or DDOS) attacks just get bigger and more common according to Verisign. There are documented cases of companies going under due to a DDOS attack. Companies such as Verisign offer superb scalable cloud based DDOS mitigation.
KEEP YOUR DATA SAFE: Cyber Criminals are not just after money, but intellectual property. There are documented cases of the Chinese stealing Western intellectual property in order to produce counterfeit goods. According to a recent report on CNN, the US is accusing the Chinese of stealing designs for its latest fighter jet. Ensure you have Data Leakage Protection (DLP) software in place. Your key data must be monitored and kept secure. Can you honestly say you know sensitive data is not leaving your organization electronically?
KEEP UP TO DATE: The security products being released get better and better. The latest threats deserve the latest protection. By ensuring you implement the latest technology (and patches to your existing products) you will be better protected. IT Security really is an area where you need to be up to date.
SPEND AND DEFEND: I think you'll find the organizations who spend the most on a multi layered IT security defense are the least likely to get hit by Cyber Criminals. IT security has traditionally been the poor relation in overall IT spend and this has to change if you want to evade Cyber Crime. According to Gartner, IT security spend increased by nearly 8% in 2014 from 2013 so the message is getting through – spend and defend!
Make no mistake, Cyber Criminals are very clever - Ignore them at your peril. Look at every area of your network, be it datacenter, cloud or office and ask yourself, 'am I as well protected as I possibly could be'? After all, would you want your organisation to be the subject of a mainstream news story?