Why You Need a Strategic Security Concept to

Beat Cyber-Threats

Why You Need a Strategic IT Security Concept to Beat Cyber Threats

IT-Security in your company should be designed along end-to-end – not modular – lines in order to create a successful infrastructure. Which attacks are possible? How should the security solutions communicate? Providing common and at times shocking examples, we will take a closer look at the challenges facing an IT-Security strategy, while demonstrating why it is sensible to trust in the portfolio offered by a single vendor.

Targeted Attacks via Facebook, LinkedIn & Co.

By now, everyone should be aware of the risk of inadvertently falling prey to malware attacks by opening unknown or suspicious mails without thinking. What’s more, attacks can now be targeted specifically. Cyber criminals glean information about companies and their employees, for instance from their profiles on Facebook, LinkedIn & Co. Reports of how easy it is to obtain relevant information are reaching my desk in increasingly short intervals. No doubt you will also know people whose Facebook profiles were hacked. An attacker could hardly hope for a better, more direct source of information.

But even publicly available information can be useful. Certainly, you will be familiar with Facebook posts with photos from company excursions in which John Doe and Mike Smith are tagged as colleagues. Let’s say an attacker pretending to be John Doe sends out an email from his private account with “photos of our boat trip on Lake Constance”. In these cases, your colleague Mike Smith might be just a few clicks away from giving an attacker access to your company network, without even noticing. And as soon as the hacker has got his foot in the door – so access to the network – he can busily start collecting, siphoning and manipulating data.

Fig. 1: Targeted attacks using social engineering (source: SoftwareONE)

Challenges When Designing an IT-Security Infrastructure

Imagine a huge, teeming festival. The swarming crowds are all keen to see as many musicians and bands as possible. They all gather at a large meadow. Given the current threat situation, the security company has been instructed to proceed meticulously and so it has hired a few dedicated stewards. Deployed at the northern gate is a veritable giant from Ukraine, 6’5” tall, 6’5” wide, with hands like frying pans. At the eastern gate stands a Japanese gentleman, significantly smaller, but more agile and experienced in martial arts. A Latin American guard – a former drug squad specialist – has been sent to the southern gate, while the western gate is in the competent hands of a true Scot and world champion in tossing the caber. All of them can look fearsome and overpower an attacker when necessary. In a nutshell: They are all specialists in their own rights! But there’s one thing they can’t do: Communicate with each other. After all, they lack a common language to understand what the other person is saying and to report dangerous situations at the gates they are guarding, perhaps even in a zone in-between. They might even be reliant on digital radio and will be completely flummoxed if it happens to fail.

Besides stable, standardized means of communication, it would be good at this point to have one person who speaks all the different languages and who is able to provide faultless and simultaneous interpreting. Maybe even someone who could help if the Japanese guy is off sick and will be replaced with a proud Maasai from Kenia.

Another, potentially better way of doing things would be to deploy resources that all speak one language and that use a common communication system. Perhaps not all of them would be world-beaters in their particular areas; instead, we might “only” have a large number of very good people … but they would come with the benefit of being able to communicate quickly whenever it is necessary.

Probably you can guess already: My music festival is just an analogy to illustrate the challenges associated with designing an IT-Security infrastructure. Designing? – Well, it sounds so conclusive on the one hand. But on the other, I’m constantly running into customers from the industrial and public sectors that do not consider the issue of IT-Security from an end-to-end perspective and instead adopt a modular approach. Put succinctly: As a patchwork issue. They continue doing so despite an increasingly fraught cyber-threat scenario that has become more intense, targeted and destructive than ever before.

Best of Breed or Best of Suite?

As far back as 2016, the market analyst Gartner wrote in a report on endpoint protection platforms: “History has shown clearly that no standalone solution can be successful in warding off all kinds of malware attacks. Organizations and solution providers need to adopt an adaptable and strategic approach in providing protection against malware.” Trend Micro puts it similarly : “There is no silver bullet in endpoint security”. In other words: There is no single panacea to solve all problems associated with modern attacks.

For a long time, IT-Security concepts were advised to follow the “best of breed” principle, i.e. to take the – supposedly – best solution for each particular area. The associated challenges are manifold. First of all: What does the best solution even mean?

Even the most independent report will never be able to provide a definitive answer to this question, as it cannot be familiar with the individual infrastructure in each case. Then there is the challenge relating to the operability of various systems and control panels. Finally, there is the license manager who is faced with a slew of varying licensing models, framework agreements, terms and such like.

Viewed from this perspective, would it not be more interesting to obtain as many components of an IT security concept as possible from the portfolio of a single vendor? It would certainly have unbeatable benefits, among them for the admin who will no longer be required to keep an eye on a large number of individual panels, or due to the fact that the connectedness of the individual components can help to achieve a whole new level of security.

Looking for Advise on Security?

Reach out to our experts for further information. They are happy to advise you.

Read more
  • Managed Security

Comment on this article

Leave a comment to let us know what you think about this topic!

Leave a comment


Dirk Frießnegg

Solution Advisor IT-Security

Endpoint security against modern threats such as Ransomware

Related Articles

How to Improve Your Microsoft 365 Security

How to Improve Your Microsoft 365 Security

Your most sensitive data passes through your M365 deployment - but is it protected? Read this to ensure your assets are safe from malicious actors.

Cyber Security Update February 2021

Cyber Security Update February 2021

Do you know the latest cybersecurity attack motives and methods? Read more about how hackers tried to steal data and disrupt business.

  • 18 March 2021
  • Bala Sethunathan
  • Managed Security

How to Prevent Cyber Attacks through Penetration Testing

Penetration testing imitates a cyberattack to help assess security measures - and new advances in automation are changing the game. Learn more.