A lax approach to cyber security can result in enormous disruption to your enterprise. Get it wrong, and damage to finances, operations and reputation can occur in an instant.
But in today’s digitally-driven world, understanding what you need to do to secure your IT environment can be a daunting task. How do you evaluate all the competing solutions from the various cyber security partners? What actual strategies should you deploy? These are the sorts of questions at the forefront of C-suite executives’ minds.
All is not lost, though. You can protect your organisation by having an informed view of cyber security fundamentals. That journey to enlightenment starts by recognising some of the most common cyber security misconceptions, as listed below:
Misconception 1: We Have Migrated to Public Cloud – So Security Isn’t My Problem
Workloads might have been migrated to Microsoft Azure, AWS or GCP, but you still have a role to play in ensuring the infrastructure is secure. Different types of infrastructure in the cloud means that there are different roles and responsibilities, depending on the kind of service adopted.
For instance, having migrated physical servers and VMs to Infrastructure-as-a-Service, you would still be responsible for the maintenance and security from anything over and above the Operating System. That would mean:
- Ensuring the OS is patched and up to date
- Ensuring that the endpoint is protected
- Ensuring that the data and applications that reside on those servers are also both secured
- Ensuring that access to the environment is authorised and authenticated
It’s also important to remember that just because the public cloud provider is providing the platform, access is not secured by default – it needs to be authorised and authenticated.
Misconception 2: Cloud-Native Firewalls Will Protect Me From Hackers and Nefarious Activity…or Will They?
If you just want a layer 3 / 4 firewall and have other measures in place to protect your apps and data, then the answer is yes, but we find that most organisations don’t and therefore they’re not enough to protect your cloud environment from modern threats.
Having a next-generation firewall in the cloud is the baseline towards establishing a strong first line of defence. The bare minimum is breaking open the TLS connection and inspecting the content of the packet coupled with intrusion prevention and anti-virus techniques as well as protecting those devices from reaching malicious IPs on the Internet through Web Filtering and DNS Security.
It’s vital to not only protect the perimeter but also implement the necessary segmentation between resources using different VPCs/NSGs to further reduce risk of a breach or compromise.
Remember, if anything, there is a greater risk of a breach from internet-based attacks and misconfigurations in the cloud than within your on-premise infrastructure, so it’s crucial to understand the risks within your environment and have total visibility of all traffic to implement the correct security measures.
Misconception 3: Anti-Virus Is Enough to Protect My Endpoint
There’s been a surge of customer environment breaches through file-less malware where there is no apparent signature. By taking hold of native tools in a desktop or server environment, they can then conduct malicious behaviour - uplifting privileges or moving laterally to connect to other parts of the network using a windows-hosted tool – and your anti-virus software is blissfully unaware of what is going on.
This is where next-generation anti-virus software comes in as it protects against these new types of attacks by performing an examination of the content of the potential scrips along with more sophisticated behavioural analysis which reveals activity that deviates from the norm. If it did accidentally happen to get through the NGAV, as you can never have 100% protection, you have the help of EDR. Endpoint Detection and Response (EDR) technologies give you the strength of a full team of security analysts at the blink of an eye, by either detecting that something has happened with remediation including root cause analysis from start to finish. The power of EDR is infinite.
But without telemetry, there is no protection. You must ensure the same tool from a single partner is used across your corporate environment for detection and response. The real strength in EDR comes through the volume and consistency of data streams - giving you visibility over all endpoints.
As a use-case scenario, if there was a certain type of action or behaviour initiating on your corporate server and there was similar activity on your unsuspecting C-level’s laptop, you would probably want to pick up on that. With EDR, that power is yours.
Misconception 4: Our DevOps Team Knows Precisely What it is Doing
When it comes to super-quick coding, your DevOps team might be on its A-game. But is it building those apps with security in mind and in full adherence to the corporate security policy? The answer, in truth, is ‘probably not’.
Many DevOps teams have been granted super-admin privileges, and there is very little control over what they are doing. The solution is a Cloud Security Posture Management (CSPM) tool that provides visibility, enables you to enforce policy and check compliance across your organisation – and automatically remediate actions if there has been a deviation from that course.
By adopting a CSPM, you also get an in-depth report that shows the C-level execs just how well the security and cloud team are working together.
Rest Easy by Talking to the Experts
These are just four of the most common misconceptions about cyber security. When you add in end-users to the mix – the people at the frontline doing the work, receiving and sending emails, accessing your systems remotely from multiple devices – the role of ensuring effective cybersecurity becomes even more challenging.
At CDW, we can cut through the conflicting messages from multi-partners to give the clarity you need. We have the knowledge and experience to make sense of all the latest technologies.