Technology is evolving at a stellar pace, and the frequency, size and level of sophistication of cyber-crime is evolving alongside it. AV Test, an Independent IT-Security Institute, claims that 390,000 pieces of new malware are found every day, that’s over 270 per minute.
Financially motivated cyber-criminals, nation state attackers and hacktivists increasingly all have the tools at their disposal to craft insidious, targeted attacks. Today, it’s more likely a case not of ‘if’, but ‘when’ your organization is going to suffer a damaging breach.
Many organizations rely on low overhead prevention techniques, such as firewall and antivirus solutions, which are no match for the increasingly well-planned and well-funded attacks that they face. In a world of zero day vulnerabilities and advanced persistent threats, it is the Service Desk, coupled with a layered approach of patch management and application control, which must provide a vital first line of defense against industrial hackers.
Research by the Ponemon Institute has shown that the biggest problem facing organizations’ cybersecurity today is the negligent or careless employee with multiple mobile devices using commercial cloud apps and working outside of the office. A shocking 75% of organizations have reported experiencing a data breach due to the insider threat, and whilst some of these breaches are down to malicious activity, a lot of it comes down to staff being uneducated on cybersecurity and its importance.
Senior leadership teams need to understand that good screening and management of staff should be a priority, and can be more effective than legacy-based firewalls in preventing malware attacking an organization’s OS.
Today’s breed of malware scans for unpatched machines and non-Windows third party apps which are insecure and do not update automatically. Whilst the IT department may work tirelessly to ensure that the internal OS is consistently updated, and all patches routinely managed, the only way to ensure the safety of the system is to employ a rapid ‘detect and respond’ routine against threatening insiders.
How can this be done? The best defense against cyber-crime is knowledge, namely, knowing exactly what is going on inside an organizations’ network. That’s why the IT Service Desk plays such a crucial role in identifying strange behaviors and meaningful trends. After all, if a number of users’ PCs are running slowly, or a business application is frequently crashing, it could easily be a symptom of a wider cyber-attack.
Yet, users are unlikely to go running straight to the IT security department. For this reason, the Service Desk is best placed to notice if any trends begin to appear which could warrant further investigation.
There are several measures that organizations can take to equip their Service Desk against cyber-crime. Automated patching should proactively manage operating systems and application vulnerabilities and endpoint protections should ensure that only authorized applications run. As well as this, removable devices’ ability to control data in and out of endpoints should be controlled via company-written policy, and application control and intelligent white-listing should ensure end-point security.
Taking the time to arm your Service Desk with these sorts of defenses will result in efficiency and, consequently, a well-secured operating system that blocks the majority of incoming threats.
It is also important to keep up to date with evolving threats, pay greater attention to all security layers and think strategically throughout your security program. The volume and diversity of threats today can at times seem overwhelming and everyone in the organization needs to be taking responsibility for cybersecurity, however the vast majority of threats can be addressed by implementing a comprehensive layered system of protections.
The IT Service Desk won’t prevent attacks from occurring but its ability to monitor and alert the organization to a wider problem positions it perfectly to act as the first line of defense. As the saying goes “forewarned is forearmed” and even the most sophisticated security tools can do nothing about a threat that remains undetected within the network.