Page 51 - Cyber Warnings
P. 51
Similarly, administrators who have traditionally worked in silos of expertise (SysAdmins,
NetAdmins, VirtAdmins, DBAs) typically will not have enough knowledge about the
interconnected nature of their infrastructure to proactively identify security holes and
vulnerabilities.
This lack of available security experts, coupled with the rise in data hacks and ransomware
attacks, has given rise to an alarming trend that will continue to proliferate in 2017: businesses
now feel compelled to weigh the implications of potential data loss against the expense of hiring
security experts.
In many cases, businesses in the next year will choose to take a calculated risk regarding what
they can “afford to lose” rather than what it costs to prevent data loss entirely.
So, as the industry looks to prepare itself for the year ahead, I’d like to share a few systems
security essentials that today’s IT professionals can implement to further defend their data
centers:
1. Invest in compliance software. This is the best way to maintain accountability.
Integrating compliance software such as security information and event management
(SIEM) into an environment allows IT professionals to ensure that vulnerabilities are
being taken care of by leveraging an easy interface within which one can handle things
like patches and log event management.
This type of software acts as a safety net of sorts, proactively monitoring for security
vulnerabilities and configuration problems and alerting when an issue needs to be
addressed.
It’s especially useful for organizations without a formal security team or process, and that
are particularly susceptible to low-hanging vulnerabilities like late patches, leaving things
at default settings or not requiring regular username and password updates from their
end-users.
2. Create a security team. Attackers have automated network searches in place to find
things to breach and steal, and as a result, IT professionals must be more vigilant than
ever when monitoring applications with the most sensitive, and therefore valuable,
information.
Even if a complete team of security experts isn’t feasible, organizations should at least
look to create a basic level security team that can work together to create a security
framework and evaluate it on an ongoing basis to best prevent attacks.
Remember: the security landscape is constantly changing. This should not be a “set it
and forget it” plan. Rather, it should be reassessed every six to nine months to ensure
51 Cyber Warnings E-Magazine November 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
