By Chandramouli Dorai, ManageEngine
The pace of connectivity from businesses moving critical files to the cloud and the volume of cybersecurity threats has put security teams under significant pressure to maintain the safety of valuable, and often vulnerable, data. No company is immune from breaches, as we have seen from the major tech giants that have come under fire recently for their security practices. Google revealed that it stored the passwords of some enterprise G Suite customers in plaintext for over a decade, joining other notable companies in admitting similar lapses in security. A database of Instagram influencers was also found unsecured and publicly available online. These shocking headlines come merely a few weeks after it was discovered that WhatsApp was hacked using spyware created by cyber intelligence firm NSO Group Technologies.
In light of these high-profile security breaches, companies need to be proactive in protecting proprietary information and ensuring that security protocols are strictly enforced. This requires organizations to invest in strengthening defense systems to allow security teams the ability to investigate and report the most serious threats.
Bolstering corporate security
Companies handling critical customer data are increasingly coming under scrutiny from privacy regulators, as research indicates that malicious outsiders were behind more security incidents than other types of threats. In 2018 Singapore made important steps toward enhancing the security of networks and citizens’ data with the passage of the Cybersecurity Act and the creation of initiatives to encourage cybersecurity investment and education over the long term. Notable breaches in Singapore and globally have given people a better understanding of how important their data is, and how it can be used against them. Demand for more security is increasing the supply of solutions, and companies are utilizing every method to improve their security protection. With so many back doors, tech-savvy hackers, and sophisticated threats, compliance with security requirements becomes more challenging. The smallest breach can potentially have dire effects on an organization’s reputation.
Challenges to threat detection
Security breaches can be prevented if IT security professionals are equipped to identify tell-tale signs early on. Warning signs are easily visible in audit trails but are often ignored amid the volume of other harmless events that are displayed. Unmonitored permission changes, a new service running in a server, or a user getting locked out too many times, are small anomalies that signal a potential security breach. These types of indicators can go undetected for long periods of time. For signs to be spotted quickly, event logs need to be analyzed in real-time. The challenge is to detect these threats before it’s too late.
Combat attacks to stay safe
SOC professionals should have the capability to perform real-time auditing of all devices in their network. Organizations also need to be structured to enable quick notification of those affected and prompt reporting to regulatory groups. Singapore’s Personal Data Protection Commission is moving forward with plans to amend its Personal Data Protection Act (PDPA), which would require businesses to report breaches to regulators within a specified timeframe after detection and an investigation.
Comprehensive reporting, alerts, threat detection, and automated incident management need to be implemented as part of any company’s security strategy. Security logs should be classified based on the event type (e.g. login-related events and file activities) and structured in neat reports containing details of each event including the who, where, and when. Centralized event logging of all the network devices makes it easier for security teams to analyze data and connect the dots.
It is also important to track users’ actions, from their login failures to their file access. This establishes accountability in case there is a data breach investigation. IT security teams must stay vigilant in monitoring permission changes on sensitive files and folders to avoid unauthorized access. After a threat is detected, IT admins need to be notified immediately. Organizations that use an automated threat response ensure that these potential incidents of data loss are addressed promptly and efficiently with improved visibility into sensitive data access and critical servers.
Another reason to maintain an audit trail of every activity and remedial action taken within your IT environment is for compliance with industry and government security standards such as the Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR), and PDPA.
Cyberattacks and data breaches are increasingly making headlines, and the pace is not slowing. Organizations should take steps to ensure they aren’t featured in them. This means enacting stringent security protocols throughout the organization and enabling the IT security team to thoroughly monitor the environment to make instant fixes. The market is flooded with security auditing and reporting solutions that offer some or all of these features. These solutions need to be studied carefully to select one that is best suited to each organization’s needs and that ensures the utmost security.