Data Protection

Be Cyber Smart:

Why Data Protection Should Be Your Daily Routine

Why Data Protection Should Be Your Daily Routine

In my last post I discussed some of the biggest security trends I advise security workers to watch out for in 2020. But, how do these impact your daily business – and more importantly, how can you best prepare yourself for them?

Over the last decade, we have also seen cyber-criminals become more and more creative in bypassing digital security hurdles. It’s not that the number of malware or ransomware attacks has decreased. It’s more that hackers have come up with very advanced threats that are not always easy to detect.

 

Phishing And Ransomware Attacks Will Increase

So, what does that mean when working in a high-digitized company with sensitive data being at risk permanently? The bad news is that sophisticated phishing attacks will continue to increase. That in turn will encompass new technology such as audio and video deep fakes. We’ve seen attacks like this last year already when Facebook quietly patched a vulnerability in WhatsApp that allowed hackers to take over any device by just sending an infected MP4 video file. 

The same applies for ransomware attacks (PII data) which I expect to double (at least). Those attacks come in different shapes as we have heard of in 2019 as well when affected companies are often willing to pay whatever sum is demanded so they can regain control and get back to business. Consequently for 2020 I expect more high-profile breaches with phishing attacks still being the number one attack.

Where Security Gaps Come From

To go one step further we should also carefully look at the real possibility of security gaps coming from within an organization. This is still the number 1 threat to all companies. Monitoring Identity and Access Management (IAM) and behavior is crucial! In addition to that, Identity (and more importantly, Access) management will be key. This will to be extended to Machines and IoT devices.

Cloud security for instance will become increasingly important in large platforms like AWS, Azure and Google coupled with a using a hybrid cloud approach with shared responsibilities between the customer and the cloud provider. This shared responsibility model will be tested and likely found to be inadequate. Cloud first cyber security solutions will become more important as companies transition from on-premises to cloud.

Plan Your Own Cyber Defense Strategy

Having said this, what should your cyber security defense strategy look like? To me, it’s important to implement the following:

  • Gather more data – Data and therefore a place to store Data (Data Lake) is key to future analysis
  • Expand reach into Operations Technology (OT)
  • Employ automated response tools (SOAR) to help with load
  • Deploy machine learning at scale to identify new unknown risks
  • Engage in more threat hunting activities (VA and PT)

With new risks and new vulnerabilities emerging every day cybersecurity has become one of the fields changing the fastest and making it very difficult to keep up to speed with all the different threats threatening your business from within and externally. This not only requires constant education and improvement but also a skilled security team. Building such a team internally is getting more and more difficult with less talent on the market and less time to train yourself as Head of IT or Cybersecurity on all the possible threats, tactics and strategies for combatting said threats. We at SoftwareONE can help you close this gap. Depending on your business needs we can support you to better understand relevant threats and learn about adversary’s tactics, techniques and procedures (TTPs) to build your effective cyber defence strategy:

  • Education services (Phishing attack detection for employees)
  • Red team (Vulnerability Assessment and Penetration Testing) as a service
  • SOC services (MSSP) – Endpoint, Network and Cloud.
  • IAM as a Service.
  • Dedicated Threat Hunting
  • DPO as a Service
  • Advisory Services.

The risk of being attacked by hackers and virtual thieves is nearly everywhere. That’s why companies should invest in a proper security strategy and keep themselves updated about new malware, ransomware, and other threats at all times. Make sure to read our monthly Cyber Threat Bulletin where we provide a regular update on recent threats, latest breaches, and how to react on them.

Prepare Your Cyber-Security Defense Strategy

Learn more about how to protect yourself from internal and external attacks on your business.

Learn More

Comment on this article

Leave a comment to let us know what you think about this topic!

Leave a comment

Author

Bala Sathunathan

Bala Sethunathan

Director, Security Practice & CISO

Cybersecurity

Related Articles

multilayer-edr-xdr-is-next

Multilayer EDR (XDR) is Next

Most organizations don’t want to work with EDR due to the huge number of alerts to manage. Cross-layer EDR (XDR) can be the solution. Find out how.

Resolving SAP Downtime & Visualization Challenges with PowerConnect & Splunk
  • 24 November 2020
  • Warwick Chai
  • Digital Transformation, Managed Cloud
  • SAP

Reduce SAP Downtime & Visualization of SAP Telemetry

It’s difficult to investigate failures in SAP to prevent them from happening in the future. Find out how to gain SAP intelligence via PowerConnect and Splunk.

Endpoint Security: What you need to know about "Next-Gen" EDR

"Next-Gen" EDR

Combining EDR and SIEM might be the ideal way of fighting cyber security risks. But why isn’t EDR enough? Learn more about the challenges of standalone EDR and how it differs from SIEM.