Defending the corporate network from cybercrime

Cybercrime is on the rise, and it is costing businesses millions of dollars in lost productivity, system rebuild time, breach of confidential records, theft and damage to reputation.

Make no mistake about it – cybercrime is big business and getting bigger every day as traditional crime organizations realize that there is a lot of money to be made and little risk when compared to traditional crime.

Cybercrime does not discriminate on size or organization type. If you have something of value, then you are a potential target. Every week our security operations team reviews news of damaging malware attacks that have compromised networks or infected a considerable number of desktops, laptops or mobile devices. Thousands of new malware variants surface daily, and their eradication has become increasingly difficult.

Gone are the days when a firewall and anti-virus software were enough to thwart malicious attacks. Not only have cybercriminals become ever more sophisticated, the rise in mobile device use, cloud services and social media has also dramatically increased vulnerability.

Consequently, the corporate network is increasingly being exposed to malware, Trojans, advanced persistent threats, fake anti-virus software, and other attacks that have the potential to lead to a data breach, network disruption, compromise of sensitive data or theft.

The reality is that most attacks are not all that sophisticated or glamorous. Most resemble back-alley muggings more than elaborately designed robberies, and cybercriminals most often take the path of least resistance.

Does your network resemble “an old lady with a loosely tethered purse” or does it look like a well-fortified castle complete with moat and drawbridge?

Layered security

Network protection begins by making the network less attractive to a predator by implementing a layered approach to security. With a layered approach, organizations take a systematic approach to blocking security threats at each step of the way into your network, including:

1. Developing a comprehensive set of security policies along with end-user security awareness training is the first step in securing your network. Does your company have a security and acceptable use policies? Does it address new threats to the network such as the use of mobile devices, cloud services and social media? Does it include annual employee education?

2. A robust perimeter defense which features a next-generation firewall with threat protection features including an intrusion prevention system, a botnet/malware filter and context awareness. Additionally, you need a regular vulnerability assessment to assure your perimeter is not at risk due to exposed servers, services or newly discovered software vulnerabilities.

3. Core network protection, which includes security patching, network monitoring, server anti-virus and configuration standards to protect your applications and data. Are you addressing these core threats?

4. Endpoints such as desktops, laptops and mobile devices are often the entry point for malware. Does your current security strategy include security patching, anti-virus, encryption and remote wipe for these devices?

5. Web content and email filtering addresses the cybercriminals’ preferred method for delivery of malware to gain network and data access – the Internet. Has your organization taken the necessary steps to block unsecure websites and content as well as email spam and phishing?

Succeeding in business today is difficult enough without having to cope with disruption and losses due to cybercriminal activity. Take the necessary steps to fortify your network with a proactive, layered approach to network security.

Douglas Sax is a senior network engineer and team leader for SE EventWatch, a managed security service, at Portland, Maine-based Systems Engineering.