Advice for CISO’s
The job of the chief information security officer (CISO) has never been a simple one, however technology is changing the face of the role for that of a security services manager to one that has responsibility across the entire enterprise.
CISO’s are in a perpetual battle that sees them fight against external cyber threats, understanding and addressing evolving regulations and gathering the many resources needed to meet ever rising security demands.
The job is on-going and leaders in this field need to stay mindful of their main priorities to stay ahead of today’s complex networks and sprawling infrastructures.
There is no longer such thing as a modest network, with most reaching into the cloud, connecting to multiple control systems and housing a horde of equipment. Certain things can help today’s CISO’s stay on track and at the top of their game, helping to keep their companies and all its assets secure.
We know how busy the role can be and CISO’s won’t have time to sift through multiple points that they already know. So, we have condensed it down to three simple questions you should be able to answer to know you are doing your job to the highest standard the industry will allow.
1. Can we account for each and every device on our company’s network?
It can be very difficult to realise the number of devices on a network. Many organisations can have more than 30% of un-accounted for devices running at any one time. It can be difficult to detect even standard activity on connected devices, and with IoT and BYOD this number keeps rising.
Cyber criminals have taken note of this factor. Over the past years, there has been a significant rise in attacks on mobile devices and IoT connections. Mobiles in particular are often the user's personal device and organisations have little control over security measures taken on the device. This means attacks can use this pathway to gain access onto a network that would usually be locked down.
Without being known to the security team, employee mobile phones can be connected to the office Wi-Fi and easily found by attackers.
The same goes for IoT devices. Even when issued by the company itself, the solution to monitor and secure certain products of the Internet of Things can be very difficult. Many security tools aren't yet advanced enough to monitor certain devices and specific threats.
2. What are we doing to respond to a particular threat that’s making headlines?
The focus to this question is ‘response’. The speed that these advanced threats evolve, an acknowledgment needs to be made on what happens if a cyber-attack does occur. Response and recovery needs to be just as much a focus as detection and prevention.
That said, detection and prevention does still need to be high-up on the list. To have a chance at defending these ever evolving, advanced persistent threats that have hit the likes of Tesco, Talk Talk and Sony, an ever evolving defence mechanism is needed.
Firewall’s are your first line of defence against an attack and when dealing with advanced attacks, one on a globalised system is essential. Firewall’s can now be purchased equipped with sandboxes to quarantine unknown/never before seen threats and leverage them against other sandboxes that have come across these types of file.
SonicWall have Capture Advanced Threat Protection (ATP) which does exactly that. The three-engine sandbox takes potentially dangerous files, known threats, and unknown threats and stores them in a cloud that connects to the SonicWall database of with information from millions of other SonicWall devices. Using this information, Capture ATP can then deem if the file is harmful or not.
This kind of technology could have saved those hit with recent ransomware scans such as NotPetya and WannaCry hundreds of hours trying to retrieve their lost data.
3. Can we be certain that users on our network are behaving in a safe and secure manner?
In more and more cases, threats are allowed in to a network from a user's computer from downloaded content and unsafe websites.
What companies lack is the ability to monitor user activity and also prevent users from accessing unsafe sites, this includes real-time alerts so that action can be taken as soon as an unsafe site is accessed.
To achieve a secure web gateway, web page requests need to be monitored to better defend against zero-day threats and spam servers. Hackers and cyber-criminals often leverage infected web sites and spam distribution and frequently move domain names to stay ahead of blacklists.
Prevention can be better than a cure and with capable content and user monitoring systems, wide-scale cyber-attacks can be avoided just by restricting and assessing with users are moving.
With increasingly flexible working patterns and advancing technology more and more users on a network will be remote and roaming employees. Distributed work is becoming the norm, and with it, cloud-based programmes and software. This means that cloud-based security also needs to become the norm, which is what should be considered when looking at how to protect users on the network.
With complex networks now the norm in business, these priorities help to keep network security on-track and secure across the board. The most important thing to remember is that both security and threats are constantly evolving and intelligent, advanced and next-generation products are essential to proper protect your data and assets.