Why You Need a Strategic Security Concept to
Beat Cyber-Threats

Why You Need a Strategic IT Security Concept to Beat Cyber Threats

  • Dirk Frießnegg
  • Managed Security
  • Tips, Cyber-Attacks, Cyber-Threats, Cyber-Security, Cyber-Crime

IT-Security in your company should be designed along end-to-end – not modular – lines in order to create a successful infrastructure. Which attacks are possible? How should the security solutions communicate? Providing common and at times shocking examples, we will take a closer look at the challenges facing an IT-Security strategy, while demonstrating why it is sensible to trust in the portfolio offered by a single vendor.

Targeted Attacks via Facebook, LinkedIn & Co.

By now, everyone should be aware of the risk of inadvertently falling prey to malware attacks by opening unknown or suspicious mails without thinking. What’s more, attacks can now be targeted specifically. Cyber criminals glean information about companies and their employees, for instance from their profiles on Facebook, LinkedIn & Co. Reports of how easy it is to obtain relevant information are reaching my desk in increasingly short intervals. No doubt you will also know people whose Facebook profiles were hacked. An attacker could hardly hope for a better, more direct source of information.

But even publicly available information can be useful. Certainly, you will be familiar with Facebook posts with photos from company excursions in which John Doe and Mike Smith are tagged as colleagues. Let’s say an attacker pretending to be John Doe sends out an email from his private account with “photos of our boat trip on Lake Constance”. In these cases, your colleague Mike Smith might be just a few clicks away from giving an attacker access to your company network, without even noticing. And as soon as the hacker has got his foot in the door – so access to the network – he can busily start collecting, siphoning and manipulating data.

Why You Need a Strategic IT Security Concept to Beat Cyber Threats
Fig. 1: Targeted attacks using social engineering (source: SoftwareONE)

Challenges When Designing an IT-Security Infrastructure

Imagine a huge, teeming festival. The swarming crowds are all keen to see as many musicians and bands as possible. They all gather at a large meadow. Given the current threat situation, the security company has been instructed to proceed meticulously and so it has hired a few dedicated stewards. Deployed at the northern gate is a veritable giant from Ukraine, 6’5” tall, 6’5” wide, with hands like frying pans. At the eastern gate stands a Japanese gentleman, significantly smaller, but more agile and experienced in martial arts. A Latin American guard – a former drug squad specialist – has been sent to the southern gate, while the western gate is in the competent hands of a true Scot and world champion in tossing the caber. All of them can look fearsome and overpower an attacker when necessary. In a nutshell: They are all specialists in their own rights! But there’s one thing they can’t do: Communicate with each other. After all, they lack a common language to understand what the other person is saying and to report dangerous situations at the gates they are guarding, perhaps even in a zone in-between. They might even be reliant on digital radio and will be completely flummoxed if it happens to fail.

Besides stable, standardized means of communication, it would be good at this point to have one person who speaks all the different languages and who is able to provide faultless and simultaneous interpreting. Maybe even someone who could help if the Japanese guy is off sick and will be replaced with a proud Maasai from Kenia.

Another, potentially better way of doing things would be to deploy resources that all speak one language and that use a common communication system. Perhaps not all of them would be world-beaters in their particular areas; instead, we might “only” have a large number of very good people … but they would come with the benefit of being able to communicate quickly whenever it is necessary.

Probably you can guess already: My music festival is just an analogy to illustrate the challenges associated with designing an IT-Security infrastructure. Designing? – Well, it sounds so conclusive on the one hand. But on the other, I’m constantly running into customers from the industrial and public sectors that do not consider the issue of IT-Security from an end-to-end perspective and instead adopt a modular approach. Put succinctly: As a patchwork issue. They continue doing so despite an increasingly fraught cyber-threat scenario that has become more intense, targeted and destructive than ever before.

Best of Breed or Best of Suite?

As far back as 2016, the market analyst Gartner wrote in a report on endpoint protection platforms: “History has shown clearly that no standalone solution can be successful in warding off all kinds of malware attacks. Organizations and solution providers need to adopt an adaptable and strategic approach in providing protection against malware.” Trend Micro puts it similarly : “There is no silver bullet in endpoint security”. In other words: There is no single panacea to solve all problems associated with modern attacks.

For a long time, IT-Security concepts were advised to follow the “best of breed” principle, i.e. to take the – supposedly – best solution for each particular area. The associated challenges are manifold. First of all: What does the best solution even mean?

Even the most independent report will never be able to provide a definitive answer to this question, as it cannot be familiar with the individual infrastructure in each case. Then there is the challenge relating to the operability of various systems and control panels. Finally, there is the license manager who is faced with a slew of varying licensing models, framework agreements, terms and such like.

Viewed from this perspective, would it not be more interesting to obtain as many components of an IT security concept as possible from the portfolio of a single vendor? It would certainly have unbeatable benefits, among them for the admin who will no longer be required to keep an eye on a large number of individual panels, or due to the fact that the connectedness of the individual components can help to achieve a whole new level of security.

Looking for Advise on Security?

Reach out to our experts for further information. They are happy to advise you.

Read more
  • Wednesday 11 July 2018

Comment on this article

Leave a comment to let us know what you think about this topic!

Leave a comment

Author

Dirk Frießnegg, Solution Advisor IT Security

Dirk Frießnegg Solution Advisor IT-Security

Endpoint security against modern threats such as Ransomware

Related Articles

Oracle Java Security Challenges - What you need to know
  • 19 July 2019
  • Abhishek Gupta
  • Managed Security, Publisher Advisory
  • Oracle

Oracle Java Security Challenges - What You Need to Know

SoftwareONE’s latest blog covers the recent Oracle Java support policy updates – be sure to read on to understand how to best protect your environment.

How to Decide for a Data Backup Provider
  • 18 July 2019
  • Sanjay Miyanger
  • Managed Security, Publisher Advisory, Managed Backup
  • Data Backup, Backup Recovery, Data, BackupSimple

How to Decide for a Data Backup Provider

Data backup is an essential function for every business. So how do you choose the right backup provider for your organization? Here is a guide to help you decide.

It’s Simplicity Day! Reduce IT Complexity with Managed
  • 12 July 2019
  • Blog Editorial Team
  • Unified Communications, Software Asset Management, Managed Cloud, Managed Security, Managed Backup
  • BackupSimple, UCSimple, SAM Simple, AzureSimple

It’s Simplicity Day! Reduce IT Complexity with Managed Services

At SoftwareONE, we have a firm commitment to making the lives of IT professionals simple. Find out how we accomplish this through managed services.