A report released earlier this year suggests that cybercrime costs consumers and companies between $375 and $575 billion annually. Despite billions of dollars spent fighting it every year, cybercrime continues to rise with another report estimating 200-percent growth in just five years.
If you’re a federal IT decision maker, it’s worth taking time to analyze your defenses and question your readiness to tackle new age cyberthreats. To effectively do this, agencies need to review their existing technology, take advantage of new innovations, ensure their systems are interoperable, and listen to end-user concerns to thwart attacks before they come to fruition.
Customization
Federal best practice guidelines dictate that agencies should arm themselves with basic security tools such as anti-virus and firewalls. But, while that’s a great first step, it’s not enough to simply install this software, switch it on and leave it at that.
While doing so will catch some malicious activity, it also creates numerous alerts for IT security professionals to monitor and tend to. While next-gen firewalls such as StealthWatch are powerful assets, you have to set the proper rules to avoid creating frequent false positives. This can waste a lot of agency time and money, not to mention distract from genuine security threats.
Unfortunately, because IT vendors lack insight into which parts of your datacenter are critical and what your normal traffic looks like, customization doesn’t come out of the box. Instead, this is a step that agencies and sub-agencies often must take themselves by examining their operations and building into their security stacks custom indicators that match their particular requirements. Not only will this bolster security, but it could also reduce time and effort spent on false alarms.
While requiring some level of effort, customization doesn’t have to be time-intensive or overwhelming. For instance, creating a security event whenever data is sent outside the country is a simple rule most agencies can immediately implement and from which they can immediately benefit. After all, most U.S. agencies’ network traffic should be domestic; anyone sending files abroad is probably up to no good.
Correlation
Customization naturally transitions into the need for ensuring that certain that systems are interoperable and that IT can link alerts from different systems. For example, once you’ve customized your firewall, you should connect this to all other equipment inside your organization.
Doing this allows security professionals to analyze multiple simultaneous security events from different sources, instead of retroactively looking through numerous alerts to find correlations. Not only does this approach save time and money, it could protect your network from potential breaches.
User concerns
Combating 21st century hacking techniques requires your security employees to listen to and track user concerns. This includes forgotten passwords, application errors, data loss and more.
Currently, would you be able to know if 10 people simultaneously reset their passwords? If you’re currently outsourcing your IT—and many government agencies are—this information might remain untracked.
Whether through a malicious email or a hacked laptop, the end user is where most threats originate. Tracking user behavior and examining behavioral trends provides immediate insight into whether someone is trying to infiltrate your systems.
Leave a Reply
You must be logged in to post a comment.