We suggest a fundamental change has come about – where ten years ago companies could reasonably strive to prevent a successful network attack and penetration, the likelihood now is that networks of most companies will be compromised in spite of those efforts. It follows that attention should now turn to minimizing or even preventing damage in such an event – taking measures to make the job of the hacker as difficult as possible.
In short, arrange the network such that a cyber-criminal will have access only via an endpoint network, that once connected there is precious little a cyber-criminal can do on that endpoint network, and make export of information from any network as difficult as possible – with good monitoring to alert of an intrusion.
Meeting new threats does not take from the old ones – strong network monitoring, Intrusion Detection, routine penetration testing, strong password enforcement, restrictive firewall policies, comprehensive anti-virus and patch management, and frequent end-user reminders of the dangers of phishing and related attacks have all become standard practice and a good foundation for security.
Tools that Support the Goals
CTP has found that there is good recognition for the many security technologies- Multi-Factor Authentication (MFA), network segmentation, monitoring, in-house Public Key Infrastructure (PKI), Internet Web Security (including decryption of HTTPS traffic), Data Loss Prevention (DLP) tools, file level encryption. We find that it can help to go at the problem by starting with the goals, and then consider the technologies that support those goals. It can be much easier to develop a rational plan for implementing technologies based upon the most immediate security requirements of the company, as a starting point.
As a point of interest, there is a carefully and concisely (and densely) written paragraph for guidance of network security, taken from the SEC Investment Management Guidance Update document:
Create a strategy that is designed to prevent, detect and respond to cybersecurity threats. Such a strategy could include: (1) controlling access to various systems and data via management of user credentials, authentication and authorization methods, firewalls and/or perimeter defenses, tiered access to sensitive information and network resources, network segregation, and system hardening;5 (2) data encryption; (3) protecting against the loss or exfiltration of sensitive data by restricting the use of removable storage media and deploying software that monitors technology systems for unauthorized intrusions, the loss or exfiltration of sensitive data, or other unusual events;6 (4) data backup and retrieval; and (5) the development of an incident response plan. Routine testing of strategies could also enhance the effectiveness of any strategy.
As we parse through this paragraph, we find that the goals that we have discussed in this blog correspond closely.
Our take-home message is that there are a series of security measures that have evolved and are effective in protecting company data from today’s cyber-attacks.