Jul 22 2015
The many recent highly publicized cyber-attacks have proven to the world that substantial change is required in the way organizations protect intellectual property, prevent breaches, respond in the event of a direct attack and mitigate overall risk.
Given its magnitude, the issue of cyber security has quickly escalated from the IT department, above and beyond the executive conversation, and now is a boardroom priority. It is simply no longer feasible or profitable for technology officers to be solely responsible for the management of an organization’s entire cyber footprint. In order to be effective against cyber-attacks, organizations must engage all business stakeholders to drive awareness and enforce protective measures to safeguard patent, copyright, trademark, and intellectual property. In addition to wide-spread internal support and vigilance, businesses must engage the expertise of a next-generation data-center security provider that will deliver specialized and effective technology services.
Cyber criminals are presented with endless quantities of information enabling exploitative penetration within the data center. Making matters worse, public databases and search providers cache and retain such sensitive, accidentally leaked data, enabling perpetrators to glean information without having to probe external applications. This type of stealth activity goes unforeseen as SIEM logs, alerts and metrics stay static creating a false sense of security.
The solution proactively mitigating IT security risk is multifaceted and ongoing.
First, businesses must undergo executive sponsored enhanced security awareness training on how social media and meta-data can be used against the company, its customers and strategic partners. This type of training provides details on how today’s sophisticated attacks are performed and shows businesses how to put effective safe computing practices into place.
Second, businesses need to work with data center security experts that conduct specialized attack-profiling assessments. We at Red8 perform attack profiles for our customers that aggregate publicly available data about their infrastructure and Internet presence in order to identify the areas of weakness that need to be addressed. Some of the information we collect includes meta-data, usernames and passwords, unprotected web applications, and other sensitive data that may have been accidentally indexed by search engines. The result is a detailed report that shows how an adversary could penetrate the company. It adds significant value beyond the compliance regulations and delivers the foundation for a strong security plan.
Third, the findings must be addressed and also shared appropriately with strategic business partners to protect the businesses’ entire community. When partners share threat information with each other they are providing a valuable digital “heads up” on important potential security threats. For example, a manufacturing business could help protect its supply chain partner by warning the company of a dangerous variant of malware attacking similar vendors.
Finally, the knowledge gleaned from the risk assessment report must be used to shore up all areas of vulnerability. For ongoing support, businesses should look to a data center security provider that has a strong management team and deep strategic partnerships with the most advanced technology vendors. Spend the time to ensure that the provider has the top data center networking and virtualization experts and really understands the security technology space as well as the broader issues. An ideal data center security solutions partner should have strong industry relationships and demonstrate innovation in solving tough challenges.
The return on security investment (ROSI) gained from involving a key partner early in the process of assessing your attack surface is essential to understanding vulnerabilities in organizational and datacenter controls. Don’t wait another day. To get started, contact our team of experts at [email protected].