Security Magazine on Creating a Comprehensive Security Strategy to Reduce Concerns, Risk of Breach
Hikvision Strategies for Preventing Malware Attack, Implementing ‘Defense in Depth’
In the Security magazine article, “Lose Battles, But Win the War: Devising a Grand Strategy for Security,” the author offers recommendations to help organizations reduce security concerns.
“It’s clearly a good idea to build solid defenses to try and prevent successful cyberattacks, but it’s important to be realistic. Consider that 67 percent of global enterprises have now been breached, according to Thales, and you’ll soon realize that it’s not a question of “if” you’re going to be hacked, but rather “when.” Losing the odd battle is inevitable, but with the right strategy you can make sure that you win the war,” said Brad Mallard, the article’s author and the CTO of Fujitsu EMEIA, in the article.
He offers several areas of consideration to begin developing a comprehensive “grand” security strategy:
- The Cloud: Eighty-one percent of enterprises have a multi-cloud strategy with 77 percent identifying security concerns. From the article: “It’s not unusual for an enterprise to be working with 20 different cloud providers. Businesses and their end users are typically using hundreds of cloud services at any given moment. This all adds up to massive potential for data leakage, for data loss, and for regulatory compliance issues.” The author recommends assessing risk in a broad sense when adopting cloud solutions as well as how people connect at the edge.
- Detecting When Data has been Leaked: Data security breach is a serious threat for an organization. The article advocates for use of cyber-threat assessment tools using the company name to determine if sensitive information is available outside of the organization. “You can’t take it for granted that your data isn’t out there. Just because you haven’t detected a breach doesn’t mean that it doesn’t exist, after all most breaches are several weeks old before they’re detected,” said Mallard.
- Evaluate and Assess Partners: Use the organization’s internal level of scrutiny to evaluate partners, including digital and cloud service providers. Mallard added “If new partners with less mature security strategies have access to your environment, then hackers will view them as low hanging fruit and use them as a backdoor in.”
For more, read the article online.
Hikvision Strategies for Preventing Malware Attack, Implementing ‘Defense in Depth’
In the Hikvision blog, “SecurityInfoWatch.com on Ransomware, a Cybersecurity Attack that Uses Malware to Exploit System Vulnerabilities,” Hikvision overviews ransomware, a kind of malware that exploits vulnerabilities, and methods to prevent it.
The blog also references Hikvision cybersecurity director, Chuck Davis, and his article about reducing security concerns in network security, user security and system administration. In that article, David provides insights to improve network security, and advises the use of “defense in depth” as a cyber strategy.
From the article: “Davis advocates the practice of "defense in depth," an approach to manage risk using diverse defensive strategies. It’s based on the idea that multiple layers of defense will provide additional protection against a potential cyberattack. This includes network segmentation, which simply stated means splitting a network into separate networks that are isolated, not connected, and compromising one won’t compromise the others. For example, finance, human resources and security should each have dedicated networks.”
Davis added, “This is the way corporate networks are built, which is based on the principle of least privilege – this means only giving people or systems access to the resources that they need, and nothing more. This is effective for the obvious reason of keeping sensitive resources only accessible by those who need access, but it is also an effective means of compartmentalizing a network environment in case of cyberattack or malware infection.”
Click here to read more.