How to Protect your Business against Cyber Threats: Five Fundamental Best Practices for Enterprise Security

Authored By: Steve Hunter, Senior Director, System Engineering, APJ Forescout Technologies

It is no secret that we are living in the age of hyper-connectivity. What we don’t often appreciate, however, is the sheer scope of our connectedness. We access multiple accounts through multiple traditional and non-traditional devices – mobile phones, smart devices, laptops, or workplace systems – to accomplish a vast multitude of tasks during the day.

To truly understand the extent to which technology has penetrated into our lives today, and how its influence continues to grow at an explosive pace, consider this: at present, the world is home to 7.3 billion people and an estimated 31 billion connected devices. This gap is expected to become a chasm in the near future. By 2020, there will be 29 billion connected devices surrounding, enabling, and assisting us in our day-to-day lives, outnumbering the human population of 8.5 billion individuals.

The opportunity and the risk: How our connectedness presents a double-edged sword

Such interconnectivity, facilitated by today’s increasingly digitally-led landscape, has allowed modern-day organisations to achieve a level of optimisation and functionality that was hitherto unimaginable. Internet of Things (IoT) and operational technology (OT) are being used to power business operations across a diverse range of industries, such as logistics, manufacturing, IT/ITES, e-commerce, and healthcare.

For instance, many countries have adopted electronic health records (EHRs) as an integral component of healthcare delivery. Such real-time access to health-related data has significantly enhanced the speed, efficiency, and affordability of end-patient care. Data-driven insights also enable healthcare service providers to offer more proactive and accurate medical interventions to their customers.

But every coin has two sides. As in the case with IoT/OT, the very seamless interconnectivity that powers global business operations today has also given rise to a massive security challenge. Industry experts estimate that the global IoT/OT ecosystem is susceptible to more than 70,000(source) CVEs (Common Vulnerabilities and Exposures) at present, with more expected to be discovered as the adoption of IoT and smart devices increases.

With digital connectivity dissolving the traditional safety perimeter, the surface area available to threat actors and cybercriminals have increased exponentially – and, if recent trends are anything to go by, they are exploiting this opportunity eagerly.

Many large companies have been rocked by major attacks and breaches in the last two years, while smaller enterprises remain a perennial target for cyber-attacks. With the risk of financial damages, lost business opportunity, and a steep fall in market credibility that’s caused by security breaches on the rise, no company can consider itself immune from the threat landscape today, regardless of its size.

Security first: The need to adopt a security-led approach to business operations

Given the magnitude of security risk and the potential ramifications of failing to defend against a constantly-evolving threat landscape, it is critical for businesses to push enterprise security right to the top of their list of priorities. There is an urgent need to take another look at business operations and processes and to redefine them from a security-centric perspective.

Here, then, are five essential best practices for enterprise security to help create and implement a robust security strategy, thus protecting your business and customers from existing as well as emerging threats:

• Understanding your network

As mentioned above, the traditional approach of perimeter-based security has become a thing of the past. Your IT infrastructure is now a battlefield between your safety measures and sophisticated threats. Every node, every endpoint, every device is a point of vulnerability that can be used to compromise the entire network. Ensuring that your business remains secure against cyber-attacks requires a clear understanding of the cyber battlefield.

This is only possible if your security team has holistic, real-time visibility into and across the network. An in-depth analysis of your IT infrastructure can help discover several previously unidentified assets connected to your network. These insights can help you plug the gaps in your knowledge about your enterprise’s security posture and implement the appropriate response to address any vulnerability.

• Conducting constant vigilance

Many organisations find their IT infrastructure breached, even after conducting regular security sweeps. Why? Because time-based security monitoring only scans for threats at a single moment or for a predefined duration. This, in a day and age when cybercriminals are deploying advanced threats capable of masking themselves within the network traffic, is highly inadvisable.

An enterprise security solution needs to be constantly monitoring network traffic for suspicious activity or deviations from normal behaviour. This requires an ability to categorise devices, endpoints, processes, and users as per their levels of authorisation, identify if a particular action is routine or abnormal, and raise an alert for suspicious behaviour. Such constant access to real-time network behaviour allows safety teams to react more promptly to possible threats, limit their area of impact, and mitigate with all haste.

• Controlling the traffic with custom-defined security policies

Knowing is only half the battle; the other half is translating that knowledge into actionable insights. Gaining complete visibility into your network allows you to create customised security policies for each vulnerable node. Doing so manually, however, can be exhausting and comes with an inherent risk of human error. Tech-driven security solutions, such as those offered by ForeScout, allow you to enforce, control, and orchestrate policy-based security operations for more optimised threat response. Doing so can help you minimise risk across an exposed surface, as well as ensure that any breach is contained to the smallest possible area.

• Managing threats and risks in real-time

Risk management and mitigation is a factor of speed; the faster you respond to a security incident, the lower is the damage caused by it. Visibility is key here. Having a holistic, real-time overview of your network operations allows security teams to accurately define risk tolerances and establish scalable protection policies, enabling a swift reaction to threats and attacks. It can also help in identifying and isolating at-risk nodes from the larger flow of network traffic in order to patch up existing vulnerabilities.

• Deploying automated remediation measures

Last, but not least, you need to automate your security processes. Human security experts might be more skilled and capable than AI to make instinctive judgments with incomplete knowledge, but they are susceptible to fatigue and errors. It is also not possible for them to manage the massive volumes of security data generated by organisations today – at least, not in time to make a difference. Deploying security automation can help take some weight off the shoulders of your security teams, leaving them free to pursue more critical tasks. Automating your security processes can help you leverage machine capabilities to address known threats, at speed and scale, and coordinate more seamlessly across multiple security environments and applications. It can also help in identifying unknown threats, in addition to providing human responders with the most relevant and contextual insights into an ongoing breach for more accurate decision-making.