Security in the age of growing "hacktivism"
In today's increasingly interconnected world, where data is shared in new and often unanticipated ways, security is a constant concern. xForce, IBM's R&D organization for security, is focused on understanding threats and developing new tools and technologies to manage and defeat them. In this interview, xForce Senior Operations Manager Clinton McFadden discusses how midsized companies can safeguard themselves against the latest threats.
Read excerpts from the interview below and listen to the podcast for the full interview.
ForwardView: Are you seeing any new security threats emerge this year that should concern midsize businesses?
McFadden: One of the interesting trends is the introduction of hacktivism and attacks that are not just trying to obtain financial gains over a company, but also looking at ways in which to deface, discredit and expose.
ForwardView: And which persistent threats deserve the most attention?
McFadden: There are basics that you must have in place: access policies, simple configuration management, patch management, before some of the new and more complicated threats should be managed, especially with a controlled budget like a midsized business would likely have. It's clear now that attacks are becoming more and more targeted exactly at the data and information that you have, and the liabilities that make your company the most money or have the most value. The targeted attacks deserve a lot of attention right now, possibly with some investments on some new capabilities.
ForwardView: Are you surprised by any of the activities or trends you're seeing?
McFadden I think that one of the things that is surprising is the sheer size of the breaches that have been successful so far this year. They are also much more public. It's now becoming a board room conversation whether you're going to be the next company that has all of its e-mails put on the internet, or worse, compromise your core business like your customer information . As these breaches become more public and become, obviously, more enormous, the result is also equally large. So the compromise to your credibility with your customers is making a change in the way people are approaching breeches proactively to insure they have the tools in place, to insure that the result of a breach is small and, hopefully, manageable.
ForwardView: With security threats coming from so many angles, how can companies safeguard themselves?
McFadden: We certainly want people to realize that though the threat is changing, a lot of the traditional tools are very, very important: border defenses, strong policies around access to critical systems, patch management systems and configuration management systems. You have to have a baseline of control and insight and visibility into what's going on in your network. Then you must start to bring in other gateway devices, URL filtering, to insure that you have control over what your employees are accessing; IPS [intrusion protection systems] against threats that are going at some of your critical data. It starts to layer on top of that. You can talk about outsourcing for instant response, having policies in place to insure that you know exactly how to react if you were to have a breach say, a denial of service.
ForwardView: How can midsize companies calculate the tradeoffs they need to make for security's sake, both in terms of budget dollars and also performance?
McFadden: It's important that you understand the liabilities and value within your business, whether it's the employees' information, your customer data or financial information that is the most critical. Now, you establish what it is that might be valuable to somebody else. Maybe it's your credibility. Possibly it's, again, financial information. You must then take a look at exposures to the internet, exposures internally, and make decisions on the tools that you want to use based on the liabilities that you've isolated. If you try and patch every single security concern on your network, you'll run out of money and you won't be focused enough on exactly what you're trying to handle. There's also a lot of value in industry sharing from IT security standpoint. Say that you're a small bank or a financial institution. To understand what other banks are doing based on the current threats, can give you insight into something that you don't understand about your own network.
ForwardView: Are there special security concerns associated with moving IT off-site or to the cloud?
McFadden: Absolutely. It's going to be more and more important that you understand the security policies of the Cloud offering, whether it's for your data or actual computing power, or services that you're consuming. Generally, you think about the cost savings. But you must understand that they may not have the same security policies that you have on your network. Are you responsible for incidence response, for example? Or are they going to provide incident response? And then you have to take into account whether that service is actually worth investing in, because you then start to equate exactly what the cost savings is or the benefit to your business is against the actual risks.
ForwardView: Are there special security issues related to smart phones?
McFadden: There's a growing push to have all of your data on mobile devices. And as data becomes mobile, not only is it subject to the same security concerns that it was when you had control over it on your environment, but it now has new concerns. You use new tools in protecting those data, but we're often seeing that companies are not applying the same security practices of access control, patch management, and other mainstream tools for protecting these devices. And so moving critical data into these environments for business need can open a very large liability. And we're seeing that a lot of our customers and even internally, we're making very, very hard decisions on mobility, specifically to insure that we are not creating a new way to lose data to somebody that finds it valuable for financial gain.
More from ForwardView
Join the conversation
Is your organization ready to go mobile first?
Modernizing data protection for SMBs