Cyber Security With Intention: An Executive Guide

This guide will walk you through the key areas to focus on and the actions to take to secure your organization.

FALSE SECURITY ASSUMPTIONS

IF I HAVE SECURITY ON PREMISES, I DON’T NEED TO SECURE THE CLOUD This is a dangerous assumption that can wreak havoc with safeguarding your organization. Cloud security is just as necessary as your other security. With more and more workloads moving to the cloud and employees storing files and using apps in the cloud, sensitive data risks greater exposure. Without the right technologies in place, IT has less control and less visibility.

AS LONG AS I MEET COMPLIANCE REQUIREMENTS, MY ORGANIZATION IS SECURE ENOUGH What many don’t realize is that security regulations are typically tied to very specific situations and are not as comprehensive as true security needs to be. If your protections are limited to what you are required to implement, you are merely covering the basics. This can be a very expensive mistake considering the cost of remediation, brand tarnish, and loss of sensitive information and intellectual property.

TIGHT SECURITY TAMPS DOWN PRODUCTIVITY AND LIMITS INNOVATION In fact, good security enables just the opposite. When the right protections are in place, your business can take advantage of emerging technologies to spur greater agility. Plus, your employees can securely collaborate more freely—with greater confidence.

MOBILE ISN’T A BIG PROBLEM This is another myth that can lead to an insecure organization. The reality is that, last year alone, at least one in five organizations experienced a mobile security breach. Of these, 39% downloaded mobile malware and 24% connected to a malicious Wi-Fi? network. While testing mobile security for prospective customers, Check Point regularly finds five to 20% of enterprise devices are already compromised. A sobering fact, given that it takes only one compromised device to penetrate your security perimeter.

MDM IS ENOUGH Many companies rely on basic mobile policies using mobile device management (MDM) or enterprise mobility management (EMM) solutions. While these can be helpful, they are unable to detect the most recently created malware or new vulnerabilities in networks, operating systems, and apps. Security infrastructure for corporate PCs and laptops isn’t enough either, since mobile devices work beyond the network, creating potential security issues and enabling malware to enter.

SECURE CONTAINERS ARE SAFE Secure containers for data management platforms provide security inside the enterprise perimeter. However, mobile devices often access systems and apps like Salesforce, Oracle, or SAP outside the perimeter. As a result, this risks exposure to network spoofs or man-in-the-middle attacks, which can eavesdrop, intercept, and alter traffic. Everything a user does, including entering passwords, could be intercepted by criminals and used to breach the perimeter.

IOS IS IMMUNE Contrary to popular belief, Apple’s iOS is not immune to threats. Some organizations using MDMs unwittingly distribute infected apps to iPhones and iPads. Apps from unauthorized, unreliable app stores can also harbor viruses; hackers have even compromised Apple’s development tools, sneaking malware into new apps without the developers’ knowledge.

MOBILE ANTIVIRUS IS ALL I NEED It’s unfortunate that the same advanced detection techniques used on PCs and laptops can’t extend to mobile devices. That’s because devices used on the go have limited performance and battery life. Add to that, mobile antivirus solutions are limited compared to PCs. They can uncover malicious code in apps by looking for unique binary signatures that identify known malware. But, criminals can still get through: just a slight change in the code, such as adding a simple line that does nothing, generates a new version of the malicious app, which lets it slip by undetected by the antivirus program. So, while you might be protected against known viruses, a new one might hit your device before an antidote has been developed.

TYPES OF THREATS

• Known Malware Malware that has previously been identified and has a signature associated with it. Because many security tools analyze traffic based on an ever-growing library of signatures, known malware is easy to spot if your subscriptions are up to date.
• Unknown Malware New, malicious software that has not yet been identified and does not yet have a signature. By just changing the code of known malware slightly, you can easily create new, unknown malware.
• Zero-Day Malware Malware that is designed specifically to attack vulnerabilities that either haven’t yet been identified or that don’t yet have patches.
• Trojans Malware that relies on social engineering or some kind of disguise so that it makes users think it is a legitimate program to load or execute.
• Viruses Malware that integrates into a program and spreads. It is reliant on someone opening or running the program that hosts the virus.
• Worms Like viruses, worms, too, can self-replicate. They differ from viruses, though, by not requiring a host program. They get in through social engineering or are activated through exploited vulnerabilities on target systems.
• Ransomware Malware that prevents access to files or computer systems until a sum of money is paid.
• DLP (Data Loss Prevention or Protection) Protective software that operates based on policies and rules to prevent sensitive data or intellectual property from leaving an organization.
• DDoS (Distributed Denial of Service) A type of malware that utilizes multiple resources to overwhelm and hog bandwidth so a website or network hangs or crashes entirely.
• Bots Like worms or Trojans, bots spread once inside a network. Where they differ is that they communicate back to a command and control (C&C) machine and receive instructions for automated activities. This lets hackers easily orchestrate spam campaigns or DDoS attacks. Check Point researchers found that bots try to communicate with C&C more than 1,630 times per day, or every 53 seconds. Almost 75 percent of organizations studied were infected with bots in 2015. Worse, 44 percent of those were active for more than four weeks.
• High-Risk Applications Programs that individuals bring into the workplace, which they rely on for their own purposes, even though unsanctioned by IT. Some of these are considered high risk because of the number of vulnerabilities found and the potential for exposure to cyberthreats. File sharing, remote admin, and anonymizers are especially risky.
• Spear Phishing A type of attack that uses email to pretend to be from an individual or business that you know, in order to obtain sensitive information. Phishing that is conducted via short message service (SMS) texts is called SMS Phishing.

  QUESTIONS TO ASK

1.   What is our reporting policy and how frequently is executive leadership kept informed?
   
2. When was the last time we had a security risk assessment? How did we score? What’s been done to address the findings?
3. Is there anything in particular that makes us more of a target for cybercriminals?
4. What does an average week look like in terms of volume and types of incidents?
5. How frequently do we conduct a data inventory?
6. How is our data categorized and classified for access?
7. What security controls are in place to protect our data assets?
8. Do we have an incident response plan?
9. Do our employees receive security training?
10. What is the lifecycle of our software and hardware?
11. What is your email address? ([email protected])