What To Do In An Age Of Never-Ending Cyber Threats

In 2018, public breaches dominate the news cycle. This includes top-tier companies getting hit with black hat demands, and small or midsize enterprises (SME) fending off persistent threat actors.

Between the hacker presence in and around networks and an abundance of Internet of Things (IoT) devices, the attack surface progressively widens.

In recent years there have been awareness campaigns within the enterprise that place cyber security under the microscope, and that’s largely because the “employee” has been said to be the weakest link (or the easiest target). Yet, in the same breath, there is acknowledgement that the security teams cannot be 100% effective. No network is impenetrable – not in an age of automated attacks, multi-vector offensives and the expansiveness of the cloud.

Cyber security, then, does not become a futile endeavor, but a lengthy campaign to shore up gaps, mitigate threats and communicate effectively. That final point is perhaps the most important, too – perhaps as crucial as an enterprise’s layers of defense.

See Related: From DDoS Attacks To Malware Strains: Top 5 Breaches Of 2018

But what can be done to progress cyber security, knowing full well that cyber-attacks morph and take on new sophistication? It’s a battle some enterprises – large and small – might call unwinnable. Still, there are always solutions.

According to Forbes Technology Council member and technology evangelist Michael Trachtenberg, CTO at Maureen Data Systems, there are numerous ways to enhance cyber hygiene even while recognizing there is no silver bullet.

A select few of Trachtenberg’s solutions include reducing the IT infrastructure, offloading some of the workload and, of course, training.

In a column for Forbes, Trachtenberg wrote, “The quickest and easiest place to start is reducing IT infrastructure across the board.

“With the proliferation of virtualization came server sprawl, and with the advancements in end-user compute came the multi-device experience.  Now we must trim down the overall footprint and give IT less to manage, less to update and less to maintain.”

One such tactic is the embrace of public cloud, which moves storage offsite, and surrounds the data with the cloud provider’s own strict security controls (this should be a requirement when selecting a provider). It usually means the data sits behind a vault built up with larger budgets and more resources.

See Related: KPMG Cyber Director Outlines 'Expert Generalist,' Unified Data

The Forbes Technology Council member also stated that in the vendor community, consolidation isn’t necessarily highlighted right in the proverbial shop window. However, in order to fortify defense, this pare-down should be seriously considered. Security tools no longer have to be disparate, but orchestrated in a way that has a positive impact on the enterprise.

Today, the perimeter has come under fire, too, with many saying it is essentially outmoded. That concept, along with Zero Trust and models such as the kill-chain, illustrate how security is truly imperative to daily workflows. Yet, practitioners should not have to sift through dozens of layers or devices to implement controls. Security oversaturation can actually be a hindrance – as opposed to earlier days of perimeter defense with antiviruses aplenty, and other “shiny boxes.”

What’s more, cyber awareness training is both inescapable and a force multiplier. But it goes deeper than just the employee base. It’s really an existential question the space has begun to embrace: More of a grassroots effort to instill best practices and train users, and practitioners, from an earlier age. Inside the workplace, this should be standard practice.

Despite the “black cloud” often hovering over cyber security – both in terms of breaches and the age-old disconnect with lines of business (LOB) and management – the space is growing rapidly, trying to keep pace with sophisticated hackers. The next step in the evolution is recognizing these trends and utilizing them as organizational best practices.

Be Sure To Check Out: 'Head In The Sand' Approach Hurting Enterprises Post-GDPR?