5 Steps IT Managers Can Take to Defend Against Major Corporate Security Threats

1 comment

A few weeks ago, online security expert Marc Goodman was at the University of Toronto Munk Centre of Global Affairs to discuss his new book Future Crimes.

In the book, he explains how some of the tactics used by cutting edge businesses are also being used by cybercriminals to break the law. For instance, on the Dark Web there are criminal marketplaces equivalent to Amazon that make it easy to buy illegal goods and personal information such as credit card numbers. Enterprising hackers are also creating software and cloud services that make it easy for anyone to leverage an attack.

Goodman says that history tells us that criminals will always find ways to repurpose new digital innovations to steal from, exploit, and otherwise harm individuals. And the unfortunate part is that the criminals are often at least one step ahead of those trying to stop them.

Yet, there are several practices that organizations can use to help limit risk.

Organizations often have very unique security considerations, but I want to bring to light a few threat areas that all IT managers should be concerned about: Distributed Denial of Service (DDoS) attacks, software vulnerability exploits, the security risks from shadow IT, and how organizations can defend themselves from criminal activity.

Have the Capacity Needed for Enormous Distributed Denial of Service Attacks

DDoS attacks are one of the most common attacks, and something that should concern all businesses. They basically leverage compromised systems to flood an organization’s servers with junk requests that keep legitimate requests from being fulfilled. This could make an organization go offline for the duration of the attack.

What’s frightening for many system administrators is that the size of these attacks have grown enormously in recent years. According to some findings, the average peak bandwidth of DDoS attacks in the last quarter of 2015 had grown by 52 percent compared to the same period the previous year, and many attacks now exceed 100Gbps.

A way organizations can defend themselves is to have enough capacity to handle these junk requests, but also the ability to scrub traffic and cut off attackers. Not all web hosts have the capabilities to do this. At Server Mania, for example, we have extensive traffic scrubbing hardware (including four enterprise-grade RioRey DDoS mitigation appliances) that can deal with massive DDoS attacks.

Install the Latest Patches to Avoid Exploits of Known Software Vulnerabilities

It’s commonplace to discover weaknesses in software that can be exploited by criminals. Luckily, many developers are hard at work seeking out these vulnerabilities and developing patches for them. However, it’s an organization’s task to install patches and updates in order to be truly protected, and they often neglect to do this.

Sometimes organizations have a legitimate reason to be concerned that a patch might introduce new problems given a number of high-profile “patch fiascos” such as a recent Windows update that caused systems to reboot repeatedly.

But while there are risks to updating software, not installing updates means a system is vulnerable to exploits and attacks. Even if criminals haven’t developed a way to exploit a vulnerability, the vulnerability is disclosed and they will eventually find ways to use these vulnerabilities to their advantage.

In order to ensure that new patches keep your organization safe, it’s useful to have a process for testing patches before deploying them to the entire network. Also, while it may go without saying, it’s extremely important to follow the software vendor’s patching instructions to, for instance, ensure that updates are applied in the right order or that patch prerequisites are present before the installation. And it’s always wise to have a restore point to roll back to in case you encounter a problem.

Control Access to Sensitive Data and Applications

You wouldn’t allow just any employee to route through important company file cabinets without a good reason. Yet, many companies neglect to restrict employee access to corporate IT assets.

Oftentimes employees have access to files they don’t need to have access to, meaning that a disgruntled employee could delete important files or smuggle them out of the organization. Or even a well-meaning employee could accidentally delete or corrupt important files.

Furthermore, instead of having individual logins, many people share a login and password. This means that management can’t keep track of individual users and identify suspicious activity.

To limit their risk of data leaks and corruption, it’s extremely important for administrators to limit employee access and have tools to investigate instances where an employee is trying to access files that don’t relate to their job functions.

Limit the Security Risks from Shadow IT

“Shadow IT” includes applications and data that resides outside company firewalls and controls. It could be the product of well-meaning employees or nefarious activity, but one of the things that makes it especially shadowy is that the IT department doesn’t know where the data resides and if it’s secure.

As noted, it can be well-intentioned. The most desirable employees are always trying to find new ways to be more productive, and this might involve incorporating the latest apps and cloud services into their workflow. For instance, this could be a cloud storage service like Dropbox that lets the employee access their work files across different PCs and mobile devices. Or an employee could be using their personal tablet to access corporate applications at a local cafe during a coffee break.

Of course, disgruntled workers could also engage in shadow IT in an effort to profit individually or do damage to the company.

Either way, corporate IT doesn’t have the power to secure shadow IT and enforce controls that limit the exposure to risks.

One of the first steps an organization should go through is to educate employees on the appropriate use of data, and what applications and devices they are allowed to use when dealing with corporate resources. Allow employees to report their shadow IT actions without serious repercussions if they did not understand the risks. This helps corporate IT understand the scope of its shadow IT.

Realistically, it’s important to note that if employees will likely be driven to shadow IT if corporate IT doesn’t give them access to the tools they want. So, instead of driving them to break the rules, corporate IT should try to have a variety of apps that employees can securely use.

If a company has identified shadow IT applications that have become integral to the organization, it can also bring them into the fold rather than shutting them down. This can be done by migrating these applications to a secure infrastructure and/or applying Identity as a Service to add a set of identity and access management functions to these applications.

Keeping Up with the Threat Landscape

In order to keep data secure, corporate IT has to deal with both external and internal threats – some of which can be very difficult to detect. One of the interesting things we’ve found is that many of these risks are felt both by organizations with traditional on-premise IT and those moving over to externally hosted IT. Taking measures to protect your organization from these dangers means that IT is a more difficult target for criminals, who are often attracted to the many easy corporate IT targets that currently exist.

This post provides a quick overview of some of the most pertinent threats we’ve been seeing and that are doing real damage. And, as Goodman’s book suggests, online criminals are becoming more savvy and presenting new dangers. We recommend you start applying security policies that strengthen your organization and that enable your employees to be productive as well as secure.

About the Author

chrisservermaniaChris Niedojadlo is Chief Operating Officer of Server Mania. His extensive technology experience has given him a wealth of knowledge and resources that he’s pleased to share with the cloud and web hosting community. Through his work at Server Mania and previous high-profile positions, he has built an extensive knowledge of the hosting industry, general IT, web monetization, and social media. Server Mania provides internet hosting solutions with industry leading customer service, superior uptime and cutting-edge technologies.

Add Your Comments

  • (will not be published)

One Comment

  1. I feel there needs to be a change in mentality. People seems to be thinking 'if' we're attacked, rather than 'when'. Adjusting that frame of mind, will change how we plan, test and act on our security.