Recent high profile attacks have shown that traditional security measures are no longer a match for the complex threats of today.
So says Jayson O'Reilly, director of sales and innovation at DRS, who notes that while anti-virus (AV) is still a must-have and is great for preventing known threats through its database of digital signatures, the sophisticated threats of today write code that would never have been used before, and, therefore, no AV product would be effective.
A combined approach is needed, says O'Reilly. "Advanced threats will evade signature-based AV like a hot knife through butter. Most anti-malware products today feature not only signature-based components, but heuristic and behavioural components too, aimed at picking up on any anomalous behaviour."
However, O'Reilly says even with these elements, AV is insufficient. "It is easy for a hacker to find out whether or not his malware will be detected by these products. It's as simple as running the threat on his own machine that has the AV installed. If the malware is detected, he can easily amend the code until it is not."
He notes that AV still has a role to play. "It can detect known threats, pinpoint suspicious behaviour, and see whether a file has been blacklisted."
On its own, though, it is not enough, he points out. "A combined or layered approach to security is the most effective way to discourage cyber crooks from seeing your organisation as their next pay day."
He cites encryption as being a very effective extra measure. "Encryption is the process of encoding data to ensure it can only be read by authorised parties. While it cannot prevent a company from being hacked, it can ensure that the hackers can't read any of the encrypted data, rendering the data pretty much useless to them."
According to O'Reilly, data leakage prevention (DLP) is another valuable weapon in the fight against cyber crime.
"DLP solutions are designed to detect potential data breach or data ex-filtration transmissions. The solutions also prevent sensitive data from leaving the organisation by monitoring and detecting this information while it is being used, moved around, or stored. Too often, sensitive data is leaked to unauthorised users, either by mistake, or through malicious activity, and DLP prevents this from happening."
He says enterprises should also consider using password managers. "Password manager software helps businesses organise their PIN codes and passwords, particularly useful in a world where each individual has to remember too many passwords in order to access their accounts, programmes, profiles and suchlike.
O'Reilly notes that typically, password managers have their own database or file that contains the encrypted password data that allows for secure logon onto PCs, networks, application data files, and Web sites. "Often, password managers work as form fillers, filling in user and password data automatically onto forms."
In addition, O'Reilly says to ensure that all operating systems and application software is kept up-to-date, and regularly patched as cyber criminals are notorious for exploiting vulnerabilities in operating systems and application software. To O'Reilly, the only way to prevent this is to stay a step ahead, and make sure that these are updated soon as an update or patch is released. Update management software regularly runs an inventory of all a businesses' software and installs updates and patches as soon as possible.
According to O'Reilly, educating employees about social engineering and phishing tricks is possibly the best way to reduce the likelihood of a breach.
"If cyber criminals are determined enough, it is more than likely that they will eventually succeed. However, like most criminals, they go for the low hanging fruit, and will look for an easier target, so adding as many security layers as possible will go a long way towards preventing an organisation from being seen as one."
Share