The advent of cloud based services, increased use of smartphones, appliances and new items with Internet connections, and increased cyber theft and espionage from international agents have combined to create a tsunami of new security challenges for IT managers. Unfortunately, there's not a single solution to thwart each new attack. Existing technologies in place at most companies are ill suited to address increasingly sophisticated attacks and new security concerns.
To help you identify top concerns today, we've put together a short list of security issues that should be on your radar [View the Infographic]:.
There has been an upsurge in highly targeted, stealthy attacks - one of the most dangerous and potentially damaging forms of cyber-attacks. Security professionals dealt with an average of 78 security investigations per firm in 2015, with 28% of those involving targeted attacks, according to a survey by the Enterprise Strategy Group in April 2015. The numbers are only expected to increase this year.
These attacks aren't coming through network perimeters protected by firewalls but often arrive through email, web posts, network files, instant messaging, file share cloud programs, databases, desktops or laptops, removable media, printers, smart phones and cloud email, storage, and even partner agencies. Firewalls don't protect all these different access points, and most virus software doesn’t either, leaving many companies vulnerable.
Many companies don't detect targeted attack breaches until weeks, months and even years later. Part of the problem stems from the very complicated and timely process it takes to detect these breaches. Companies have put in place an array of security devices from different vendors that don't talk to each other, making it hard for IT to gain visibility into the entire ecosystem and making it hard to manage and find intruders.
Data Center Transformation
The data center is the heart of most businesses, but many aren't set up to handle remote access, cloud computing and other functionality that's been created in the past few years. Most data centers have been virtualized, consolidated and centralized, and now must become more open, service-oriented and modern to meet the needs of a growing mobile workforce.
A modern data center must host critical applications and data, help employees consume IT as a service, and augment capacity by using an external cloud. To secure this new way of doing business, companies need special protection for software-defined services based on virtual and cloud-based environments so they don’t put themselves at risk.
According to security firm SailPoint, 84 percent of companies have cloud-based applications in their offices. These applications allow them to be more agile, spend less on IT and boost innovation, says Ed Anderson, an analyst at Gartner.
But he says, "These drivers are offset by persistent concerns about security and privacy, which continue to inhibit adoption, particularly of public cloud services." About 40 percent admit they can't effectively manage identities and access management via the cloud, leaving them vulnerable to security breaches.
Complicating this issue further is the fact that employees often use cloud services of their choice without the knowledge of IT or even their bosses. They upload and share data with partners or even co-workers and are often unaware of the security protocols they should be following.
Only about one fifth of corporate data is managed in traditional databases, the remaining 80 percent lives in mobile devise such as laptops tablets and smartphones. Most companies don't have a good inventory of where their data resides, and they also don't know if it's protected.
Some have installed data loss prevention technology, also known as DLP, thinking DLP will find issues for them, forgetting that they need to put policies in place to make the technology effective. Putting those policies in place means they have to identify critical company data, figure out where it resides, determine who has – and who should - have access to it, among other things, which some try to avoid since it is a time consuming process.
According to Verizon's 2015 Data Breach Investigations Report, the estimated financial loss from 700 million compromised records was $400 million. That staggering figure illustrates the real importance of managing data breach risks.
Internet of Things
Remember the Target breach? Cyber thieves didn't directly attack the retailer's corporate network. They slipped in through an Internet connection with stolen VPN credentials a small heating and cooling vendor used to check Target's refrigeration units. Certainly, you've heard about the people hacking into computer systems in cars, right? Just when you thought you had your arms around the devices connecting to your corporate network, the Internet of Things or IoT is opening Pandora's Box to an endless number of new entry points.
By 2020, the number of smart phones, tablets and PCs in use will reach about 7.3 billion units, says Peter Middleton, Research Director at Gartner. In contrast, the IoT will have expanded at a much faster rate, resulting in a population of about 26 billion units at that time, he says.
Even scarier: 80 percent of IoT devices and their cloud application components don't require sufficient passwords. Making matters even worse: 70 percent contain at least one security flaw and the average number of flaws per device is 25 percent. Securing your network and company is going to get even more complicated.
Rethinking Security: A New, Connected Era
These new security threats have caused our partner Intel Security to rethink the way it provides security solutions. The company is creating an integrated and adaptive security system that reduces complexity, offers increased visibility and improved operational efficiencies. Intel is working with other security vendors and has proposed a common set of protocols that connect vendors and products on-site and in the cloud, making it easier to manage security.
As a Platinum Intel Security partner, we are uniquely qualified to help you formulate a plan, leveraging our expertise, partners, and a unified and open framework for hundreds of products and services from Intel Security and others. Contact us today for a complimentary consultation.