Five minutes with: GCI’s Managed Security Product Manager, Kelvin Papp
Cyber-security has never been a higher priority for businesses. With high-profile cases of WannaCry ransomware attacks and the Yahoo breach that saw one billion accounts compromised, it’s clear that cyber-attacks are increasing in scale and severity.
2 May 2018
Organisations are starting to recognise that they are now a matter of “when” rather than “if”, and in today’s connected world where everyone wants the option to work remotely on an array of devices, a breach for one organisation can compromise an entire supply chain and leave businesses in financial ruin.
To help you understand the current threats against your business – as well as how to prevent them – we thought we’d pick the brains of our Managed Security expert, Kelvin Papp.
What do you think is the biggest security concern for businesses at the moment?
I’d suggest it’s a combination of the volume/prevalence of attacks, and the unknown. Cyber-attacks and malware infections are a daily occurrence, but many organisations that we engage with feel powerless when faced with the magnitude of what they need to try and protect themselves against, which can be a source of real concern. With GDPR also on the horizon, the potential impact to businesses of a data breach resulting from an attack is an added concern…although I hasten to add that having suitable controls/protections in place will be hugely important in mitigating the risk of fines for non-compliance.
In relation to “the unknown”, Zero-Day exploits have always been a real challenge for businesses to protect themselves against – even with a robust set of traditional security measures in place. Infections are no longer just an annoyance but can carry real cost in terms of data retrieval or recovery, which can be catastrophic for some businesses.
What can organisations do on a practical level to protect their data?
There are some basics that we recommend all organisations implement to provide a base level of protection; high-quality Endpoint Protection and a perimeter Firewall to name a couple (ideally a next-generation device that can provide some inline protection, like anti-virus and intrusion-prevention services). There are also a range of additional products and services that organisations can consider which dramatically improve the chances of detecting and putting a stop to threats. Many security vendors now offer next-generation protection at the endpoint, monitoring behaviour and changes on the local machine as an additional layer of protection to signature-based solutions. Advanced Threat Detection (ATD) and SIEM (Security Information and Event Management) products are more advanced approaches, supplementing traditional technologies through correlation and lower-level analysis of activity on your network.
The importance of end user training and awareness is also a key thing to consider. Basic training on how to spot potential threats like phishing, or suspicious links on websites or in emails is a really simple way of mitigating some of the risks of infection or compromise for (hopefully rare) scenarios where your security solutions aren’t effective.
What’s the number one reason to choose to use automation tools?
Volume is a key factor when it comes to security and automation. Threats change daily, and as a result the activity associated with protecting your infrastructure changes just as quickly. The right toolset (which often involves a degree of automation), can massively reduce the impact and burden on in-house IT staff by ensuring that the focus is maintained on the right areas as the threat landscape changes, and similarly by ensuring that things don’t get missed.
Taking a practical example, our ATD solution (based on AlienVault) updates dynamically to take account of new vulnerabilities and behaviours that are being seen around the world. Those behaviours are applied in real time to traffic and events on a customer’s network, ensuring that any indicators of suspicious behaviour are translated into an alert for action at the earliest opportunity. To provide the same level of analysis without using automation would be almost impossible, or would at least require a significant team of (expert) individuals to deliver.
If you could only give one piece of cyber-security advice, what would it be?
I think it would be quite simple – don’t feel threatened or powerless when considering the security-related threats that you need to protect against. It’s often said that our attackers are one step ahead of us; that may be true, but there are a multitude of options available that can ensure you are as well placed as possible to ensure the security of your data, both technical and practical in nature.