The following is a guest post from Todd Scallan, vice president of product and engineering at Axcient.
Traditional security tactics teach us to build our infrastructure like a castle — strong, high, impenetrable walls with a few points of securable entry, surrounded by a moat and on top of a hill.
With elementary mechanisms in place — like antivirus software and a firewall — many businesses think they are well protected. Unfortunately, organizations are leaving themselves exposed to data loss, breach, user error, disaster and more.
Moving from a false sense of security to actual security requires action. While employing perimeter measures and accounting for the unpredictable human element in a security solution are large parts of a comprehensive plan, the best plan is one that assumes a breach, hack or disaster will happen.
By being prepared, IT security rests on actionable and tangible plans instead of just the hope that a breach won’t happen. Replacing that false sense of security with real solutions is a constant work in progress, but there are some basic things every IT team can do.
While it may seem obvious, the first line of defense is a properly configured firewall and antivirus software. But what is the definition of a perimeter for your organization? Does your network consist solely of on-premise servers and desktops? Or does it include cloud-based servers and applications? And what part do mobile devices and off-site computers play?
Perimeter security has expanded beyond basic and fundamental tools. Intrusion prevention systems and breach detection can help to prevent losses and alert an IT team when a breach has occurred. In today's world of bring your own device (BYOD), access to a company's network and data should be carefully managed. As walls and easily controlled network cables no longer define the workplace, MAC filtering or other methods can further control the perimeter.
Perimeter security is where many companies stop, and therefore fail at providing a complete security solution. Human error has been found to be a leading cause in data breaches. This can range from anything as simple as using unsafe practices when dealing with passwords — such as reusing the same password on multiple systems, especially between personal and professional systems — to accessing company networks and data from public WiFi.
Training employees to be cognizant of proper security protocols is paramount when moving beyond a false sense of IT security.
While we've been told for years to be aware when downloading email attachments or clicking on links, hackers have increased the sophistication of their attacks. For example, spearphishing has led to many high-profile security breaches. While phishing tries to lure individuals to click on links and provide credentials, in spearphishing a hacker goes to great lengths to impersonate co-workers and friends — perhaps by monitoring activity on social networks — in order to get employees to give up information and access to networks and data.
Despite all the efforts to prevent a breach, the reality is a breach is likely. Accepting this fact is the first step in making sure reaction time is swift in getting an organization running and back to business again.
The most important component in this effort is the backup system. When a breach occurs, perpetrators may not just steal information, but may also completely disrupt business operations. The goal should be to have systems up and running again in minutes or hours, not days.
Relying on IT teams to manually recover data, applications or servers means prolonged downtime and a much greater impact on the bottom line.
Quicker recovery times can be achieved using a backup system that supports point-in-time snapshots of entire systems, including the data and application state. The ability to go back in time allows for the resumption of operations in the wake of an attack. This is increasingly necessary, as ransomware attacks have become so commonplace. Rather than being held hostage to the attackers, one can go back to a point in time before the impacted server was infected and immediately resume operations.