PART ONE: An Introduction to Defining a Zero Vulnerability Infrastructure
Cybercrime is on the rise across the globe and presents a very real and serious challenge for businesses year after year. With this increase, the holy grail for C-levels and those responsible for securing their company networks is quickly becoming a zero vulnerability infrastructure – a network that is completely secure against both outside and insider threats. But is this really possible?
As our economy becomes more global by nature, and with the growth of new technologies such as those surrounding the Internet of Things (IoT) and the move to the cloud, it is naive for businesses to think they are immune to cybercrime. We see more data breaches and more cybercrime with each passing year. In 2018 alone, we learned about high profile breaches at British Airways, Cambridge Analytica, Cathay Pacific, Dixons Carphone, FIFA, Eurostar, and Marriott International amongst others. And the trend has continued in 2019 with major breaches at Toyota and Planet Hollywood reported, while Facebook user records or more than 500 million users of the social network have been found on online. These are just a few examples of high-profile breaches where businesses have fallen at the feet of fraudsters.
Many cyberattacks still go unreported – but regulators are clamping down on this and making it a legal requirement for businesses to declare the details of certain types of breaches within 72 hours of discovery. This is all very well, but in some cases, it can take months or years to detect, or for businesses to even realise they have fallen victim to an attack. What we can assume is that the high-profile breaches that make the news are just the tip of the iceberg.
The 2018 Cost of a Data Breach Study from Ponemon Institute showed that on average it took organisations 196 days to detect a breach.
What all of these breaches confirm is the fact that most businesses – no matter the size – are still struggling to deal with this changing threat environment.
Part of the challenge for businesses is that many do not have a good grasp of what data they actually hold and where it is located. Nor do they have a robust overview of their network and all the device and users that might need to access it. This makes it much harder to protect the network and therefore the data itself. It also makes it extremely hard to notice if a breach has occurred – potentially leaving an open door for an attack. The introduction of GDPR in 2018 has gone some way to addressing this – businesses have a requirement to be more aware of what data they actually hold and where it resides, and therefore more likely to notice if it is compromised.
This knowledge of what data you hold, where it resides and who has access to it is crucial to protecting against security breaches. In fact, it’s the first step to understanding your businesses’ weak points and vulnerabilities and helps form the backbone of a cyber security strategy specific to your organisation. Armed with the facts, businesses are better placed to be able to address any vulnerabilities in their organisation, and to fend off data theft, sophisticated attacks such as DDoS (Distributed Denial of Service) and ransomware – all of which are becoming more prevalent, more adept and increasingly powerful. Businesses must look at how to protect their network, how to stay abreast of monitoring and managing it, and how they can ensure safety to their customers.
Still, the cyber marketplace landscape is crowded, complex, and confusing – there are so many threats and vectors of attack, and as such, so many different solutions on the market. Most businesses, and those individuals responsible for securing the network, just do not have time, resource or budget to sift through every solution to understand what it addresses, what it doesn’t, and how it might help protect their network. This is where third party experts like KHIPU Networks can help with advice on solutions, training and ongoing professional and managed services to help businesses get closer to a zero vulnerability infrastructure.
‘’While the goal is undoubtedly to reach and maintain a true zero vulnerability infrastructure, there is no one-size-ﬁts-all approach. But, at KHIPU, we truly believe it is possible to achieve this with the right strategy and operations in place.’’ Matt Ashman, Chief Commercial Officer, KHIPU Networks
Over the next few weeks, we will explore the types of risks and threats that are widely prevalent today, how to manage your vulnerabilities with the right security strategy, and the steps you can take to secure your network infrastructure for today and tomorrow.
Next week, we will explore, ‘Securing your assets – where do you start?’, where we will delve into:
- Work backwards
- Get to grips with your data and where it resides
- Keep up with industry regulations
- Understand the impact
- Stay up to speed