Security Monitoring: Walls Aren't Enough

Once again, we are reminded the importance of cybersecurity on multiple levels. The news that big tech companies have intercepted not only Russian, but Iranian influence campaigns, should make all executives question the security monitoring of their own companies.

Regardless if the company is large or small, IoT and mobility has continued to flood servers with data. Data is money, regardless if a government or hacker is interested in the information.

So, is traditional security methods enough for protecting employee, business, and consumer data?

The short answer is no.

Traditional security methods

Most businesses are familiar with the larger security software companies. Each year, the enterprise purchases the licenses, installs the updates, and assumes the data is secure.

Although enterprises would like to think security is as simple as installing software, it is not. In most cases, the software is designed to set up a perimeter defense. In essence, the firewall and virus detection aspects prevent a threat from entering into the server.

Unfortunately, this traditional method of large impenetrable walls and a moat surrounding a business server does not stop threats. In fact, it can cause more harm than good.

According to Accenture’s 2017 security study, the average Mean Time to Identify (MTTI) is 206 days. Just to break it down, there are 365 calendar days in a year, and 260 working days in a year (assuming 5 days a week).

It takes nearly a year to discover a breach has occurred.

The reason for such a long time of exposure is due to companies piling security resources on the wall and forgetting the rest of the castle.

Security monitoring

So, what’s an enterprise to do to secure their data? Very simply, accept that at some point there will be a breach into the company server. It’s not a matter of if, but when.

Once an enterprise accepts the inevitability of a breach, they can begin proactive measures. Rather than trusting the perimeter, focusing efforts into monitoring systems can reduce the MTTI.

Reducing the MTTI reduces the overall cost of the breach.

But wait, isn’t the software installed running security monitoring processes? In truth, the software runs on a scheduled basis to verify if there are any threats existing within the system. This is based on known viruses and threats and relies on the software’s updates of newest available information.

Continuous security monitoring is when systems and people monitor activity on the server in real-time. They watch when someone accesses the system, what risks are associated with the access, and for how long the access occurred.

Most importantly, continuous security monitoring sees an unauthorized attempt at access the moment it occurs, assisting with threats such as bots and compromised IoT devices.

However, just watching the system might not be enough.

Security Testing

One of the biggest risks to business is not knowing what risks the business is confronting. This is no different in security. Trusting software to keep threats out and monitoring to catch unauthorized access is not enough to ensure risks are avoided.

After all, a certain level of risk is inherent and cannot be avoided.

The most proactive approach is having analysts or systems regularly deep-dive the system, testing from all angles to understand where risks are located. A proactive enterprise understands where the risks are, as well as what is an acceptable risk.

Businesses can control a known risk.

Staffing concerns

Unfortunately, regardless the monitoring or testing performed on a system, staffing will be a risk for any enterprise. Currently, cybercriminals outnumber cybersecurity staff with an estimated 300k open positions right now.

So, how does a business contend with not being able to find people to perform the monitoring or testing?

There are two options available to businesses. The first, which has found popularity in internet focused businesses such as AirBNB, is to hire “white hat” hackers to consistently hit the system looking for weaknesses. A quick tutorial, white hat refers to individuals who break into protected systems and assess security.

In other words, they are hackers who are considered trustworthy.

Companies pay these hackers each time they discover a threat or risk. Businesses only pay when an individual discovers a threat, and sometimes glory is payment enough.

The second is to partner with a vendor who offers security monitoring, testing, as well as strategic assistance in regard to all matters security. Often partnering with an expert in security can reduce costs of breaches, as well as save money in staffing.

MobileWare offers not only full enterprise mobility management, but we offer full security monitoring, testing, and data storage as well. For more information on how MobileWare can help you, read here.

Say goodbye to downtime and hello to new opportunities.