October 31, 2016
The recent DDoS attack against DYN’s DNS services on October 21st was a rude wake-up call to many organisations. The attack effectively crippled many large internet websites and social media services and caused large-scale disruption to thousands of small and mid-sized businesses across the eastern seaboard of the USA. In light of this, we’d like to explore what your business can do to reduce your exposure to cyber-attacks and what you can do to respond to them. Firstly, attempts to breach IT security are inevitable; they will continue to rise in frequency and severity. The people who engage in illicit cyber-activity, and the tools they use, are increasing in number and sophistication each year. Even organizations with large I.T. security budgets are unable to defend against all threat vectors. In fact, a well-carried-out intrusion may go unnoticed, even in cutting-edge security settings. Secondly, no security software or hardware alone can safeguard against all threat vectors. Note that almost 43% of reported security breaches, worldwide, occur internally – i.e. through disgruntled or disloyal employees. Thirdly, lack of cohesion between systems, processes and people, insufficient training and inadequate preparation create easily exploitable threat vectors. The security goals of an organisation today are no longer only about keeping cyber-threats at bay. They include measures to quickly and effectively respond if and when a breach occurs, to minimize damage. This is why we are advising clients not to rush out and buy the newest security gadget, but to first talk to your security or technology advisors. In the interim, there are some basic policy and procedural actions you should implement to harden your IT environment. The approach we recommend is one that we have adopted at Pathway. It considers three pillars of governance: the People you employ, the Parts you use in your technology solutions and the Processes that control your interactions with systems and data. These so-called 3-P’s of governance are essential in matters of IT security. A mindful approach that considers all three pillars will help you to not only identify security risks but also to limit their impact. The illustration, below, better explains how to consider risks when evaluating IT Security In addition to taking a holistic approach to IT security, here are some the methods and tools you can employ to secure your data from external, internal, accidental and intentional threats. We also indicate the potential level of complexity of implementation. As you can see, most of these important preventive and remedial measures can be deployed quite easily by an experienced IT team. Pathway’s Engineers are available to help you identify options and responses which will meet your specific needs. There is no charge for this consultation and you need not use our services to deploy your security solutions. We will simply help you consider all possible factors so that you can make a reasoned decision that fits your goals and budget. We can also recommend several simple and inexpensive tools and methods which will help, starting with an initial self-assessment questionnaire. WHAT PATHWAY IS ALREADY DOING FOR YOU This year we made the decision to deploy an additional set of managed security services for all our corporate connectivity and cloud customers, at no charge. Here is what we have in place for you:
- Enterprise firewalls are being included on most Fibre internet connections free of cost. This is the first step towards threat prevention. Our customer care team will be contacting eligible clients shortly.
- Every corporate customer now has access to a minimum of one free cloud-based server for disaster recovery of critical systems. This can be used for data backup. Set up your Cloud server today.
- An endpoint management and patch automation tool. Each customer receives a number of seats of the MySmartOffice suite at no additional cost. This allows you to perform critical IT functions including policy compliance enforcement, system resource tracking, remote access and to receive automated dashboards reports which provide a detailed view of your internal network. Register for your free MySmartOffice seats today.
- Penetration self-test services. These free tools will give you with a report on obvious gaps in your publicly exposed internet connections. The penetration test is available in your onepath account and our self-guided security test is available for download here.
- Audit and remediation services to identify and address risk exposure and security gaps.
- Access to hybrid / private cloud services located in Pathway’s Tier III data centre. Transparently connect your on-premises infrastructure to your private cloud.
- We also offer a full suite of commercial managed security and NOC as a Service options for high volume endpoints to larger businesses.