Story image

Fortinet's top tips for cultivating situational awareness of cyber threats

19 Jul 2017

IT professionals should brush up on their situational awareness to better defend their organisations against cyber threats – even in the technology space, cybersecurity provider Fortinet says.

According to the company, people are constantly looking for ways to improve their current situations – such as finding the best routes to avoid crowded city traffic and keeping track of a suspicious person in a room – but

But Fortinet’s Australia country manager, Ben Field, says that situational awareness doesn’t extend to how they use IT.

“They click on links without a second thought, open files they don’t recognise, and connect to wireless networks they are unfamiliar with. If people could become more situationally aware in their handling of computing devices, they − and the organisations they work for − would be victimised by cyber threats much less often.”

Businesses can start their journey to situational awareness by first understanding the business priorities, risks and threats.

Fortinet advises that IT leaders should be able to frame their issues within short and long-term business objectives, have a clear line-of-sight across the business and its technologies and finally be able to establish policy and governance for everyone who has access to company data.

The company has four guidelines for IT leaders and where their focus should lie:

1. Business mission and goals: Understand the organisation’s business mission, and then align it to those processes and resources that exist to enable that mission.

Companies must understand the type of data it uses and generates, and how much the processes that use this data overlap with those of other teams as they learn about and document these processes. Organisations should also prioritise data and systems, determine which have regulations tied to them, and compare their priorities with those teams that share these resources.

2. Cyber assets: Understand and catalog all the assets on the organisation’s network, along with any vulnerability they may have. Get to know their profiles, such as what OS and version is installed, what applications reside on those devices, and what data they hold.

Once firms gain full knowledge on the devices they own, they need to ensure these devices are securely configured and patched as the vast majority of exploits target publicly known vulnerabilities that are five or more years old. Always prioritise the critical vulnerabilities.

3. Network infrastructure: All devices are connected, which means we need to understand how they are connected, and to what. A single vulnerable device may not matter much, but if it is connected to something critical, the risk level can become very different. 

Organisations must strive to thoroughly understand their topology because cybercriminals are spending much time and resources to learn it to exploit the vulnerabilities in the system. Understanding how and where devices are connected and the data that flows through them will determine where the risks are, and let organisations implement appropriate policies and countermeasures, including technology solutions that are most suited to protecting their unique environment.

These solutions must allow devices to interact, share intelligence, and respond to threats in a coordinated fashion anywhere across the extended network. 

4. Cyber threats: Understand the capabilities and tactics of threat actors targeting your organisation. Threat actors can include government sponsored cyber espionage, organised crime, hacktivists, insider threats, opportunistic hackers and internal user errors. Organisations need to know which of these threat actors are most likely to be focused on stealing the data that resides in the network. 

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.