Recently, we’ve talked about the security threats, high-profile breaches, and the vulnerabilities that impacted various industries and a number of users in 2014. As we look forward to the rest of 2015, enterprises must be reminded about the importance of security when it comes to protecting their organization's crown jewels.
With enterprises moving towards virtualization and cloud computing, adopting these technologies can help optimize resources and minimize costs. However, this could also mean more open windows of exposure and potential threats that can be leveraged in several attacks. New trends like Bring Your Own Device (BYOD)/consumerization and social media bring with them new threats that attackers can set their sights on. Hence, businesses are driven to boost their information security services and data protection. But based on the current landscape where high profile cyber-attacks and data breaches regularly happen, what can enterprises really do to help turn the tide?
Last year, Trend Micro’s Chief Technology Officer, Raimund Genes, advised enterprises to protect their core data. Following the past security issues that unfolded, this year’s best practices for enterprises doesn’t vary much from the previous advice, however, looking at our predictions for 2015, here are the best security practices that enterprises should apply:
Develop and implement an overall risk management strategy
The loss of trade secrets, research and development intelligence, partner information, and customer data could represent millions of dollars not just in monetary value but in terms of confidence and trust as well. As such, enterprises must employ a custom defense against targeted attacks. Today’s most damaging attacks use a number of techniques that include social engineering, hacking, insider threats, and others to infiltrate organizations, government sectors, and nations. Because traditional and conventional security technologies are no longer sufficient, enterprises should adopt network visualization and heuristic or behavior detection to avoid becoming victims. A custom defense is a defense strategy tailored to protect against targeted attacks, utilizing a specific approach and relevant intelligence that is uniquely adapted to each organization and its potential attackers.
Secure and regularly maintain Web infrastructure
Vulnerabilities like Bash (Shellshock) and OpenSSL (Heartbleed) that remain undetected for years were exploited last year, each leading to significant repercussions. This should serve as a reminder to organizations that systems and software should be regularly patched and updated. Additionally, we strongly recommend IT admins to implement more intelligence-based security solutions that are backed by trusted global threat information sources. This can help thwart attempts to exploit vulnerabilities before patches are released. Heuristic scanning and sandbox protection are effective and efficient ways of identifying unknown threats.
Enforce stricter mobile device and data management policies
Security should be the top concern for enterprises, and with the implementation of Bring Your Own Device (BYOD), there are many issues about control and data protection that arise when defining the lines between corporate and personal data. Additionally, there are other risks involved such as lost or stolen devices, and data breaches via employee-owned devices. IT administrators must address mobile device management concerns to protect work-related apps and data. IT admins should be able to centrally manage all users from a single console, allowing for ease and visibility. As employees become increasingly dependent on mobile devices for gathering information and social interaction, mobile malware have become a bigger threat and as such, employees should adhere to mobile safety policies.
Like it? Add this infographic to your site: 1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).