Why proactive security is the future of IT

Cybercriminals are expanding their tactics and adopting new technologies to carry out devastating digital attacks.

Their ability to find and leverage gaps in security, evade detection and conceal malicious activities has only gotten better and more sophisticated. Organizations need to adopt an all hands on deck approach to defend against new security threats. If CIOs fail to take a proactive approach to security — including advanced threat intelligence tools and the careful training of both IT staff and employees — then they very well could face serious issues in the future.

How do we know that traditional measures aren’t enough? Most companies are actively taking at least partial steps to secure their organizations:

• 81 percent deploy a traditional firewall

• 66 percent make use of anti-virus software

• 60 percent use IDS/IPS technologies

Securing your network

For the new generation of threats, companies should consider a Next-Generation Firewall (NGFW). With traditional firewalls, IT is left tacking on additional appliances to try and answer new threats. This is far from thorough, and also has the consequence of progressively degrading the performance of the network. NGFWs have the benefits of a traditional firewall, plus a number of advanced features that can help protect you from new threats, including deep-packet inspection, which gives insight into network traffic and helps identify anomalies; granular permissions on the application level (for example, blocking Google Hangouts while still allowing the use of Gmail or Google Inbox); and user identifications that limit access to approved names and IP addresses. NGFWs also have a negligible effect on network performance when compared to stacking traditional firewalls with secondary appliances.

But even with NGFWs and other technology securing your systems and infrastructure, IT needs to intensify the monitoring they already do. Breaches are inevitable, and they often aren’t detected for weeks or months after they actually occur. IT needs to be able to recognize the subtle cues that may indicate unauthorized entry, which include:

• Login credentials suddenly not working

• New admins and login accounts to system portals have been created

• A network that is normally quick now runs sluggishly

• A device is running an unauthorized file transfer protocol (FTP)

• DNS setting have been changed

By identifying and investigating these and similar incidents, IT can help identify breaches early and implement their data security incident response plan as soon as possible.

Trained employees: your best defense

While IT plays a major role in keeping the company secure, information security is everybody’s responsibility. Your employees play a critical role in helping you protect your organization’s security, confidential documents and valuable information. Increasing employee awareness of some basic security best practices is a good investment for everyone. This can include training employees on:

• Email security to identify phishing emails, dangerous attachments and other email scams

• How to spot fraudulent URLs

• How to recognize and avoid social engineering scams

• Security beyond the office (working from home or on the road)

• When and how to report suspicious activity

And just as with compromised networks, it’s also important to educate employees about the symptoms of a compromised device. For example, if employees experience any of the following on a device they use for work, they should notify IT immediately:

• False notifications about updating anti-virus software: Hackers use phony “your software is out-of-date” alerts to get people to enter valuable personal and financial information into false renewal forms. And if these false notifications show up on an employee’s device, it means the device is already infected.

• Frequent pop-ups when browsing the internet: Like with phishing, pop-ups often appear to be from legitimate sites — and, in fact, many legitimate sites actually do use pop-ups. Copious pop-ups, however, are a likely sign that a device is infected with malware.

• False search results: Sites often pay vendors to drive traffic their way, and some of those vendors drive that traffic illegally, by inserting particular sites into search results regardless of what the search query is. If certain websites appear among search results time and again, with no relation to what was searched for, it’s a sign the device is compromised.

• Unexpected negative change in system performance.

At the end of the day, if you can’t get your employees’ heads wrapped around the key role they play in proactive information security, then you are still leaving your business exposed. Good proactive security isn’t just about technology — it’s about the whole ecosystem. And if you and your employees are not prepared, all it takes is a single email to breach your entire network.