sb-nz logo
Story image

Businesses can't outrun cybercriminals but they can 'outsmart' them

20 Jul 2017

​Cyber crime in recent times has hit an all new high – think WannaCry and Petya, both of which were global attacks affecting hundreds of thousands and were just in the last couple of months.

According to Empired, most businesses believe that because they have security controls in place, they’re protected against cybercriminal but that simply isn’t true.

“Business beats with a digital heart and the rate of cybercrime is increasing exponentially,” says national business manager for Networks and Security at Empired, Mark Blower.

“It’s essential for organisations to understand the threat landscape and how to mitigate the risk of being attacked.”

Blower says cybercrime has become an industry in which large organisations pay educated hackers a daily wage to find and exploit vulnerabilities.

“There are around 390,000 new malware threats every single day: it’s impossible to keep up with this volume of threats by simply relying on traditional technology like antivirus,” says Blower.

“Simply having security controls recorded in a policy is not enough, they have to be lived and acted upon every day.”

Blower asserts that business can invest in tools, processes and policies to identify when they are being attacked and how to respond, contain and recover from a successful breach – so that they’re prepared when it happens from a malicious hacker.

One of the big problems, according to Empired, is that because of a lack of resources and competing demands IT teams can only spend a fraction of every day on security activities while a cybercriminal’s full-time job is to find ways to breach an organisation.

“The big trap many organisations fall into is taking a compliance-based approach to security. By definition, this means that the decision cycle on implementing and updating controls will be longer than the attackers’ development cycle, letting cybercriminals get ahead,” Blower says.

“Given businesses can’t outrun the cybercriminals, the only other option is to outsmart them.”

Empired has provided six key facets of cybersecurity protection for businesses to consider:

1. Set clear policies around what is and isn’t allowed, and what to do if a person suspects they’re being attacked.

2. Update perimeter protection to next-gen firewalls that meet reporting requirements, deep-dive into traffic, and decrypt traffic.

3.  Implement unified threat management tools as they give security teams full visibility into what people are doing on the network.

4. Real-time threat analytics are the only way to protect against zero-day threats and are vital as traditional signature-based protection is no longer adequate.

5. Application control devices (ACDs). ACDs are the last line of defence as they protect against people who are already inside the network, such as guests or malicious attacks from employees, ensuring only the right people access applications.

6. Security incident and event management (SIEM) lets IT teams automate parts of the security puzzle, letting the team proactively find threats that might not be visible using standard logs

Story image
Malware and email scams targeting employees spread rapidly in Q2
"Businesses must stay alert and should employ defense-in-depth tactics and equip themselves with multilayered security mechanisms, including high-sensor spam filters and a VPN connection, which would prevent malicious pages from opening."More
Story image
OT networks warned of vulnerabilities in CodeMeter software
Manufacturers using the Wibu-Systems CodeMeter third-party licence management solution are being urged to remain vigilant and to urgently update the solution to CodeMeter version 7.10.More
Story image
Video: 10 Minute IT Jams - Who is CrowdStrike?
Today, Techday speaks to CrowdStrike ANZ channel director Luke Francis about the company's key products and offerings, its upcoming annual security conference, and the infrastructure it leverages in the A/NZ region.More
Story image
SecOps opens new Cyber Defence Operations Centre in Auckland
Privacy Commissioner John Edwards officially opened the centre this week, recognising SecOps’ efforts to provide managed security services to New Zealand businesses.More
Download image
Network functions virtualisation: What is is, how to use it, and why it matters
Network functions virtualisation (NFV) is fast becoming the go-to method of simplifying corporate networks from planning, through deployment and management.More
Story image
Check Point acquires Odo Security to bolster remote security offering
The deal will integrate Odo’s remote access software with Check Point’s Inifinity architecture, bolstering the latter company’s remote security capabilities in a time where working and learning from home has become the norm, and looks to largely remain that way in the near future.More