Scott Chenery at Kiteworks shares his insights into the fundamental necessities of keeping cyber-secure
Data loss or theft, identity theft or even ransomware: cyber-security is one of the main concerns of all companies in the world, given the current crisis. From now on, they must not only protect themselves from attacks by isolated hackers, but also from organized gangs with substantial financial and technological resources.
The stakes are real for any company that is attacked and include its very survival and reputation. The following tips will help firms to really protect themselves from these attacks – especially if they use a content protection platform.
Sharing is creating a breach
The objective of hackers is simple: to exploit system vulnerabilities as quickly as possible in order to take control. In a world that is increasingly collaborative and based on teleworking, sharing information is vital. Knowing that anything can happen between sending a file and receiving it, the process must be secured.
Very often, the business applications available on the market are not natively secure, i.e. they are not integrated at the design and development stage. The security layers are added after the functional layers. Companies use these business applications to share information with their external partners (auditors, customers, suppliers, etc.). Hackers can intercept information and use it to carry out phishing or cyber-extortion attacks.
Setting up a secure platform dedicated to information sharing can prevent this type of attack, provided that it offers real security features – MFA, encryption, but also AI to alert the SOC team to any threats in real time.
Address data security first of all
A common mistake in security is to think of the environment first. Typically, companies use solutions, tools and resources to protect themselves on two levels: the network and the applications. But they often forget about data protection – which is paradoxical, considering that data is the ultimate target of the majority of attacks.
Data is shared and stored. Regardless of the channel used, it is exposed to risk as soon as it is shared, hence the widely adopted protection of its environment. But it is not enough to protect data during transmission, it must also be protected wherever it is stored. It is therefore essential to secure data on an ongoing basis to complement the cyber-security solutions already in place.
The best approach is to choose a platform developed specifically to prioritise data security. This platform is designed to prevent and reduce the level of exposure to attacks. It also supports the teams in the event of a problem, by providing visibility, traceability and auditability of transactions and movements using integrated logs and dashboards.
Put the focus on users
It is important that users do not perceive protection from attacks as an obstacle course. If they don’t adopt the implemented system, the risk of failure increases – the development of shadow IT, for example. Against this backdrop, we can define two types of user.
The first type comprises the IT teams who, thanks to the chosen platform, will consolidate the security requirements. Having a single centralised solution saves time and resources for IT departments and operational IT staff.
This is reflected in the integration of the platform into the existing information system and its subsequent operation. They will ensure that it is easy to implement and operate, but above all that it is compatible with all types of deployment (on premise, cloud, multi-cloud, hybrid) and with their technology partners such as Google or Microsoft, to name but two.
They will also check with their provider that it includes a bug bounty programme along with regular and systematic pentests in its product development cycle. It should be noted that the validation of each version must be carried out by a certified CISO.
The second type are the users within the organisation who need simple access, ease of use and smooth operation. The platform must therefore be accessible from any browser, while the implementation of plugins for the most popular software and applications is a real additional asset to make the user experience intuitive.
In the same way, to address all the needs of the company, the platform must be able to offer the user a space to send emails securely or to share files directly using the browser deployed in the company.
Given the exponential increase in attacks and the importance of protecting against them, companies must now shift their paradigm and move to an offensive security strategy. Most of the applications they use were secure and reliable when they were implemented but do not necessarily remain so in the long term. Any system is vulnerable and hackers know this better than anyone.
Security must therefore be integrated into the entire lifecycle of a solution, from design to development – even if it means imposing specific training on the dedicated teams – right up to its production launch, and then be maintained in the ongoing monitoring of vulnerabilities. The main objective is to thwart zero-day attacks, which exploit unpatched vulnerabilities, as early as possible.
Scott Chenery is Regional Manager UK & Ireland at Kiteworks
Main image courtesy of iStockPhoto.com
