Every day, new threats come our way that compromise the confidentiality, integrity and availability of IT infrastructure. Ransomware, phishing, zero-days, man-in-the-middle attacks, ... It just doesn't stop. Add that to the fact that there are a huge number of products to mitigate these attacks, and the complexity can rise quickly. Therefore, creating and implementing an effective security strategy becomes a challenge. After all, you must protect everything: from the cloud to the endpoints and everything in between. Implementing security is not something that can be done in a few days. It is a marathon, not a sprint.
I like to go hiking in the French Alps or in the Pyrenees and often refer to this to make the comparison with cybersecurity projects. Like a challenging mountain hike, IT security requires thorough preparation. You need to keep a goal in mind and break it down into concrete steps to act.
The fact that good information security is a must is evident from articles you read in newspapers and magazines. Very often, ransomware attacks make the main news. The damage to companies is huge. A company whose data has been held hostage not only suffers a loss of revenue, but also a loss of reputation. In addition, there is the human aspect. Last year, for example, someone died when a German hospital had to rush to move patients to another hospital because of a ransomware attack.
Looking for the weak spots
That is why it is advisable to start a security trajectory that begins with mapping out the current environment. How thorough is the security currently? In what places are the organization vulnerable for attacks? Is there already a security strategy in place? What level of security should be achieved? Is the organization in line with compliancy obligations such as GDPR? Are networks and infrastructure already monitored to detect anomalous behavior?
We are very often struck by how many companies live under a false sense of security. "We have antivirus and a firewall, they will keep malicious people out," is often the reasoning. This often turns out not to be the case. Just like on a hike, the environment is constantly changing, and you must adjust yourself accordingly. What was sufficient a year ago, may already be outdated today. We experienced this best during the early days of the Corona crisis. Everyone suddenly had to work from home. A home environment where security is of a lesser level than when working in the office. This change demands an adaptation of the network architecture and the built-in security.
Once you know what weaknesses exist in your defenses, you can address them. This can involve keeping hard- and software up to date but, equally important, imposing the ‘least privilege’ concept on users and making employees aware of their responsibility in the security of the entire organization. End-users are often the weak link in a security strategy, and you'd be surprised how many people, despite all the warnings, still click on a wrong link or are fooled by the financial gain that is promised. I will come back to this human aspect in a later blog.
... then proactively maintain
But it doesn't stop there. Perfect security is a moving target. Your security strategy is not a static description of your security, but a living document. You have to keep looking for possible breaches against the dam you’ve erected, manually, but, because of the size, automated as much as possible. Software needs patches, some more often than others. So, make sure that all the software you use is always up to date. Active patch management is a good insurance against new intrusions. Hackers mainly use poorly maintained software to escalate their privileges, so cut them off at the pass. Also make sure you have good monitoring of your infrastructure. Are there unusual spikes in network traffic? Are connections being set up to a foreign server outside the trusted domain? Is a user working at odd hours of the day? These are all signs that a hacker is at work, or a ransomware attack is being prepared. Hackers usually take their time exploring your network before they strike. Timely detection can prevent an attack.
Just as it is best not to climb a challenging mountain alone, it is also best to surround yourself with experienced people when drawing up a security strategy. These are also the people who can help you convert the strategy into a concrete action plan.
At Simac, we have been working for years with companies such as Cisco, Fortinet, Rubrik and Prolion, strong brands in the field of data security. Our teams work out a security strategy with clients, look for the right tools and then implement them. Moreover, through our managed services, we constantly keep our finger on the pulse: we provide patch management, monitor networks and infrastructure and intervene when anomalies are detected.
Implementing security is not something you do overnight. There is a lot involved and, moreover, you are never completely finished. With Simac as a technology partner you know, just like with a guide on an Alpine walk, that you will be well guided on your journey.
Fons Quidousse is technical cybersecurity & network consultant at Simac ICT Belgium. He helps his colleagues and clients to find the best possible solutions for challenges concerning networks and security. Fons has been working at Simac since October 2020.Contact us now