Headline reports of devastating cyber-attacks have become common in recent times, and this trend appears to be on the rise, with breaches continuing to increase in both frequency and impact.
It would be fair to assume that this is because hacker sophistication has developed beyond defense capabilities. Although this may be true in some instances, cyber-criminals are not regularly breaching impregnable networks with a newly developed piece of futuristic, intrusive software, leaving experts baffled.
In fact, the common theme is that most breaches happen because of low-level security holes. This presents both good and bad news: good in the sense that the attacks are very much preventable, if the applicable security solutions are in place; and bad because the attacks are exactly that: preventable. This makes a breach an even harder pill to swallow for those organizations that have fallen victim to them.
For organizations that do not want to experience the financial and reputational consequences of a high-profile cyber-attack, investing in security must be made a priority. Organizations devote a lot of budget to improving the speed and efficiency of their data centers, which is clearly an important area to focus on. However, with today’s cybercrime landscape, it shouldn’t come at the expense of security.
Based on an analysis of recent data breaches, here are five of my top ten security best practice methods. These approaches can be implemented in every data center, and will go a long way in minimizing susceptibility to attack.
Don’t discard physical security
There are fresh concerns for data protection following the widespread adoption of cloud and hybrid IT technologies—no longer storing data within on-premises servers has added a further complexity to data center security. Yet amongst the noise surrounding data protection issues, it is important not to neglect the threat posed to your data center by insider breaches.
With regards to government agencies, the SolarWinds Federal Cybersecurity Survey Report 2017 found “malicious insiders” to be responsible for 29% of security incidents. Threats of this nature appear to be increasing in popularity, so it is important to prepare for the possibility of internal staff members exposing secure data. Otherwise, the consequences can be severe. In 2016, UK-based accounting and HR software firm Sage, lost personal information for employees across 280 businesses due to an individual using an internal company login—an incident that was believed to be intentional.
Closely controlling physical access to the data center with security and surveillance technologies should be your first line of defense against malicious insider threats. Video analysis tools, such as motion tracking and facial recognition, are now widely accessible, and can be used in conjunction with CCTV to detect predefined situations within the data center that could potentially lead to security issues.
Work with security consultants
It may be the case that internal IT staff have neither the capacity, nor the experience to implement the required security programs. Outsourcing these responsibilities to security consultants provides you with the confidence that your data center is protected by an expertly tailored security strategy that is customized to the unique needs of your organization.
With external personnel solely devoted to testing, reviewing and consulting on data security risks, internal staff can then spend more time managing the performance of the data center and improving the end-user experience.
Monitor baseline performance
Identifying baseline performance within your data center is one of the most effective methods when detecting issues. With an understanding of what “normal” looks like, any deviations from this will become immediately apparent. Your team can then benefit from identifying potential breaches at the earliest possible opportunity, before executing a predetermined response plan to shut the issue down.
Invest in SIEM solutions
Security information and event management (SIEM) tools will automatically detect and respond to irregular behaviors within the data center. Following an incident, the tool will automatically conduct an investigation into the root cause of the issue, before correlating this information with previous events to identify any patterns or trends. With this awareness, your data center will no longer fall victim to repeat occurrences that originate from the same source.
Manage device configurations
When protecting against security issues, it is important to regularly assess device configurations to ensure they are up-to-date, and that they also comply with the most recent industry policies and standards. In addition, configurations should be safeguarded through regular archiving and by following effective change controls, such as SolarWinds Network Configuration Manager.
The overall theme in these five best practice methods, and across all ten in fact, is proactivity. By assuming your work will never be done when it comes to protecting data, you are ensuring that security is never seen as an afterthought. Proactive, not reactive, is the right approach to adopt.
Stay tuned for my remaining five best practices methods in part two.