07 Nov 2016

Network security: how to protect your organisation in the face of increasing cyber-attacks

By Lyncoln De Mello

The Australian Census was interrupted in August this year by a distributed denial of service (DDoS) attack, bringing the website down and creating significant negative publicity for the Census. In mid-October a number of Australian websites were also impacted by a global DDoS attack.[1] While Australia escaped much of the severity of the attack, it provides a timely reminder for all businesses with an online presence to review their security policies, tools and systems.

Cyber-attacks now occur with greater frequency and intensity. Many of these go unreported or underreported. In addition, the growth of Internet of Things (IoT)-connected devices and wearable technology in the workplace provides more susceptible network end-points through which organisations can be targeted.

Organisations need to have the right security measures in place, including staff training, to reduce the likelihood of attack. Too many organisations rely on security measures that kick in after an attack has breached their architecture. Instead, it’s better to focus security efforts on finding ways to prevent attacks from happening at all.

Protecting against cyber-attacks

Effective threat mitigation requires strong network protection. Most network security solutions can be readily purchased from an Internet Service provider. It is best to work with an IT provider that can deliver the solution in an as-a-service format, as these solutions can be scaled as and when required, to best meet changing organisational needs. If your organisation’s current provider does not offer as-a-service security it may be beneficial to move to a provider that can deliver this flexibility.    

With the majority of DDoS attacks now originating outside of Australia it is also important to consider using geo-blocking at your business’ Internet Perimeter firewall. Increasingly, organisations with ecommerce facilities are hosting websites, and the databases serving their ecommerce websites, with a capable service provider that uses strong network level protection against DDoS attacks and advanced threats.

Many security incidences occur as a result of human error, i.e. employees opening phishing or whaling emails. Advanced email based threats require advanced email security to protect users mailboxes, irrespective of the device they use to access their email. Providers like Mimecast, for example, offer leading edge, cloud-based email protection at a compelling price point, to help protect against these cyber-attack formats.

Developing security resilience

In addition to the above tips, Brennan IT has identified three areas that most businesses can improve and should invest in, for greater security resilience:

  1. Cyber defences

It’s important to conduct regular health checks around where and how data is stored, which applications are in use on the network or are taking up valuable network availability. They should keep track of all users and what parts of the network each person has access to, and potential threats that may exist. Protecting and maintaining systems and devices, and taking an inventory of the environment can help to identify potential issues before they are exploited by cybercriminals or internal malfeasance.

  1. Staff training

Human error accounts for the majority of security issues in businesses. It’s therefore essential to educate employees on how to identify and protect the business from end-user focused threats, like phishing attacks.

At Brennan IT’s recent CloudConnect event in Melbourne, Mimecast spoke on email threats, which are responsible for of the majority of all data breach incidents.[2] With 30 per cent of phishing messages being opened by the targeted person, Mimecast highlighted that legacy anti-spam and anti-virus solutions are no longer adequate to protect businesses from these styles of attacks. Without the appropriate training, staff cannot recognise these attacks. While employee education is key, it’s also important for organisations to use advanced protection layers to automatically filter spam and provide email security. 

  1. Integrated platform

Businesses will fight best against cyber-attacks if they adopt technology that acts seamlessly behind the scenes. This means integrating a smart platform that can take pre-emptive action, with minimal manual effort required from IT or security teams. By automating the organisation’s defences and using intelligent security tools, your business can monitor the network in real-time, to deliver the most effective results.

The increasing prevalence of cyber-attacks, like the DDoS incidences experienced in October, provide an excellent opportunity for Australian organisations to review their entire security structure to identify areas for improvement. Looking holistically at how the business stores and backs up data, protects and filters emails, manages its cloud or on-premise IT infrastructure, and keeps staff educated in matters of cybersecurity, will highlight ways to modernise and increase the efficiency of the organisation’s security architecture.

To find out more about Brennan IT’s security solutions, and how Brennan IT can help your business, please visit http://www.brennanit.com.au or contact us on 1300 500 000.

[1] https://www.theguardian.com/technology/2016/oct/21/ddos-attack-dyn-internet-denial-service

[2] http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/

Top