​Network Security in 2016: Let’s be Prepared

Author: Mav Turner, Director of Business Strategy, Security, SolarWinds

There will be one million cybersecurity job vacancies globally in 2016, according to a recent report from Cisco. In Australia specifically there has been 5% growth in the number of ICT professionals in 2015, and demand peaking at a further 100,000 workers over the next six years.Though this is good news for all those seasoned IT security experts, and upcoming network and security professionals, this increase in opportunity shows us that more businesses are planning to take network security seriously in 2016.

Whether ensuring IT security is your main concern or not, the last thing you would want to hear about is that your network’s security has been compromised. According to PwC, some 71% of incidents go undetected[2], possibly due to a lack resources and implementation of best practice security policies. Let’s look at some key security aspects that may help you tide over 2016 without any discrediting cyber-attacks:

  • Prepare/improvise the security framework: What does your current security framework look like? If you haven’t got one, start with a comprehensive audit of the available inventory, the user accounts, type of accounts, the type of transactions (public/internal), the sensitivity of the data being handled, account roles/responsibilities, BYOD policies and change management policies, to name a few.
  • Automate threat detection and response: Users, devices and applications generate a large number of network connections, data transactions and application requests. Manually detecting threats in this cacophony is literally impossible, considering how sophisticated hackers and malware have become. Centralizing syslogs and events from network devices, servers, applications, databases and users via a SIEM software is a must-have. This way, it’s easier to automate threat detection as and when it happens, and provide corrective responses to mitigate the risks.

  • Implement data-driven analysis: Can you detect suspicious network activities? Yes, if you have access to real-time data showing that there’s an increase in Web traffic activity on a critical router or firewall, or suspicious connection requests to assets from an unknown source outside the network. When an attack happens, data-driven analysis will help you with forensics and root-cause analysis to better understand how the attack happened, where it all started and it propagated into the network.
  • Monitor end-point devices: Suppose you are a payroll processing company, potentially containing confidential data of your clients. Any user in your company can save this sensitive data on to a USB device, and you may not even know. Ideally, you must be monitoring all end-point devices, be it a laptop or an USB. In this case, as soon as the user plugs in the USB device, the device should be ejected/blocked automatically and a corrective action (warning message or account blocking) implemented.
  • Demonstrate PCI DSS and Australian Government Protective Security Policy Framework compliances: Payment card and healthcare industries are more prone to data breaches than any other. The scenario mentioned in the prior point is just one possibility of data theft. In this case, if an attack happens, it could compromise millions of credit card data or patient records. The best practice is to automate and demonstrate these compliance standards, and avoid regulatory fines or criminal proceedings. Protect your servers and databases.
  • Identify insider threat: The easiest and the most damaging security compromise may happen from the inside. You must be alerted immediately on suspicious user activities. For example, when an employee logs on to a business critical server or core router, on a weekend. Or, gets his credentials enhanced or added to the admin user group without prior approval.
  • Enable threat intelligence: Most common attacks such as malware, DDoS attacks and botnets are spread by bad hosts on the Internet. Collective intelligence on these bad actors can be utilized to proactively pinpoint security concerns like potential phishing attempts and infections, by monitoring suspicious traffic that might be going to the command and control servers.
  • Practice knowledge sharing: Knowledge sharing among your peers, and also educating the users on common attack types, phishing sites and malware infections can fortify your security framework to a great extent. The threat landscape is constantly evolving, and collective knowledge helps in proactively avoiding common threat types.

In short, 2016, with the ever increasing number of users, data and network connections, is going to be more challenging than ever from a cybersecurity perspective. However, the right security strategy when combined with the key aspects listed above can be seen as a step forward in being prepared to tackle security threats.

Join the CSO newsletter!

Error: Please check your email address.

Tags cybersecurity​Network Securitydata-driven analysisPwC​CSO Australia

More about Cisco

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Mav Turner

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts