Security complexity threatens enterprises

Information security is one of the biggest challenges facing enterprises this year. Being hacked by criminals is becoming depressingly familiar for a many businesses. A roll call of prominent brands has succumbed to what is an unprecedented number of attacks. Increasing threats, regulations and complexity have catapulted network security up the corporate agenda. Considering billions are being spent on cyber security each year, why are businesses continuing to fall victim to cyber attacks?

The changing dynamics of the workplace have led to increasing complexity of enterprise security. Employees bringing their own devices to work, escalating the growth of data and need for corresponding protection. The proliferation of new cyber threats, daily, and the sheer number of security solutions available make a chief information security officer’s job a formidable challenge. These are issues that need to be examined in greater detail.

Employees and BYOD

The consumerisation of technology has been one the biggest trends in recent years—one that shows no sign of abating. Consumerisation has brought a whole new range of devices into the workplace, often as part of a sanctioned Bring Your Own Device (BYOD) program. These additional devices can create security and management headaches for enterprises as they struggle to deal with the implications of securing corporate data. Employees using their own devices also create numerous additional access points to the network—leading to many more opportunities for cyber criminals to attack the enterprise network, as well as leading to greater potential for data leakage.

Data growth is rocketing

Exacerbating the impact is the explosion in data. Over the last five years, data on the internet has increased five-fold, to almost 2 zettabytes (billion terabytes) and this trend is likely to continue on an exponential scale in the foreseeable future. Video is one of the main culprits—in January 2012, YouTube reported that 60 hours of video were being uploaded every minute to the site, equating to more than 300,000 full-length feature films each week.

Aside from video, amidst this avalanche of data there is important confidential information such as legal documents, state secrets, company IP and healthcare data. The challenge for businesses is to identify what they are actually responsible for in this growing mass of information.

Compliance demands protection

Companies need to identify and protect confidential information—and not just to protect their own assets. An increasing raft of international regulations and legislation are demanding that enterprises show due care and diligence in protecting confidential information. This is an area that Australia is yet to cover in depth, but with the advent of more and more sensitive information going online—for example, healthcare—this will need to be addressed.

New threats daily

There are currently over 45 million different viruses in circulation, with over 2000 new ones appearing each day. The steady increase in threats, coupled with manyfold new vulnerabilities created by employees using their own devices for work purposes, means it is nearly inevitable that an enterprise’s defences will be overcome at some point. Businesses need to develop new methods and systems for protecting critical company information and sensitive customer data.

Solution overload, outsourcing and increasing cost pressures

The combination of rising threats in security, changing employee behaviour and increased regulation has led to myriad solutions being made available by vendors. The sheer scale and complexity on offer can make it confusing for businesses to know what to choose for optimum protection.

There is also an increasing disconnect between the budget available for security and the wide-ranging nature of the chief information security officer’s area of responsibility. Previously, security was only about being able to connect the network securely and safely. Now a CISO needs to be a business leader while also managing security policy, compliance, access and application security. Finding the right staff is also crucial, and the higher demand for IT specialists has created a skills shortage which is, in turn, driving the uptake of outsourced security services.

Businesses are looking to outsource their security needs to third party suppliers to utilise their specialist capabilities and knowledge which the business may lack internally. Managed security, from specialists, can better handle the complexities posed by increasing threats, regulation and costs, and can free up internal resources. It can also help simplify the business’s security controls, audit and reports—something that is vital for efficient compliance.

By taking complexity out of the equation, a business will be able to focus on developing its responses to security incidents, ensuring that its reputation does not suffer while also establishing itself as a leader in doing business securely. As we rapidly move into a mobile age, it is vital for business to adapt and grow with the times, or risk becoming a risk itself.

Original Publication

The six pillars of security operations

Six key points that should be considered when creating and developing a SOC

As mobilisation and bring-your-own-device (BYOD) becomes increasingly prevalent, business security has been propelled to the forefront of corporate strategy. The Security Operations Centre (SOC) is a key part of the enterprise security infrastructure – it enables an organisation to establish effective protection against security threats. There are six key points that should be considered when creating and developing a SOC that can effectively detect and counter any cyber threats in a timely manner.

1) Determine the correct policy.  

Security policy is the beating heart of an effective Security Operations Centre – it clearly defines the scope of protection and outlines the responsibilities of all relevant parties. The first step in designing a policy is to determine exactly what role you want the SOC to play. Will it simply observe, record and report on recurring attacks? Will it be actively involved in mitigating threats? Determining its role is crucial to ensuring your resources are not working against each other, but are instead working in harmony.

The second step is to agree on the scope of your SOC’s activities, such as whether it is restricted to the network only, or includes suspicious behaviour from user activity. An effective policy allows for the delegation of responsibility for certain actions within the SOC, maintaining close involvement among related parties who need to work together to accomplish a shared purpose.

2) Perform risk analysis

In a perfect world, there would be no risk and thus no need for security. But since the world is not perfect, risk is the main driver of security processes. A careful risk analysis can reveal critical issues – maybe issues you originally thought were insignificant, or perhaps vice versa. For example, attention may have previously been focused on your network monitoring, with anti-virus updates taking lesser precedence. This leaves your organisation more vulnerable due to anti-virus signatures not being updated.

A thorough risk analysis will enable you to pinpoint any threats and take corrective action. The results of the risk assessment should be used as the foundation of your security policy, with periodic reassessments. The SOC must meet the strategic needs of the business and it is usually appropriate to revise the risk analysis on an annual or biannual basis.

3) Define appropriate procedures

Procedures are vital – they will inform the actions you take in any security crisis. Implementing a clear set of procedures for your SOC will mean that all parties know, and understand, how to undertake their responsibilities properly in the event of an attack. If your current procedures need altering, if they do not meet best practice standards, changes should be agreed to by all parties involved.

It will also be valuable to provide instructions on how to best implement the procedure tools. Small but significant details about business operations should be stated clearly and used as reference in any incidents.

4) Focus on staffing

Staff are the life blood of any organisation, so your SOC staff are in a key position to prevent any threats disrupting your business. It is therefore essential to hire experienced staff such as incident responders, IDS analysts or knowledgeable forensics analysts with proper network experience. These people may not be easily found amongst job seekers and they may be expensive to hire, but the bottom line is – you get what you pay for. They are valuable resources who can search for a tiny detail in an ocean of data, and this ability makes them a good investment. It is too risky to have a security attack go unnoticed due to inexperienced staff.

5) Consider the organisational dynamics 

When you begin to implement your SOC, you need to define your organisational dynamics. There are three tiers you should consider, namely:

Tier 0: Core services where the security centre operational procedures run monitoring, prevention and mitigation of incoming attacks. Tier 0 is responsible for performing incident response, complete monitoring, and providing the patches and updates appropriate to the business needs of the organisation.

Tier 1: Internal customer base. This tier incorporates the other departments in your organisation which receive security protection. Protection and monitoring Tier 1 are daily duties.

Tier 2: External or business partners. When business is being conducted over the shared network, they are protected by your security operational procedures and monitored directly.

These three tiers require different levels of security. Tier 0 needs optimum protection and control over any incoming threats, while Tier 2 only needs minimum protection. Ideally, the critical assets in Tier 0 should be kept close to the core of the security operations centre.

6) Integrate the SOC in the organisation

It is necessary to integrate the SOC into your organisational information flow and activity. If there is any information that is valuable to the SOC, it needs to be passed on as every piece of information helps. Integration of information and effective communication strategies will enable the security operations manager to obtain information from within the organisation that may be relevant and applicable to detecting threats. Fully integrating the SOC into the organisation will enable a rapid response to any attacks.

These six pillars are vital to building a strong and effective security operations centre. By having a solid SOC, you can feel confident conducting daily business with minimal risk. In an increasingly online world, having the right defense in place is critical to business operational security.

Original Publication on CSO