Security threats are so pervasive these days you need protection against assaults at every layer of your network. With the changing nature of the workforce, combatting these ever-present security threats is an ever-evolving battle.
At the MSP Cybersecurity Theater on the Exhibit Hall Floor of ITEXPO held in Fort Lauderdale, FL, on Feb. 13, Daniel Deneke, Channel Manager at Contronex, discuss the need for layered security in today’s cloud environment. His talk was titled, “What is Layered Security and How Does It Protect Against Evolving Attacks.”
Cyberattacks are getting more sophisticated, but hackers’ main objectives haven’t changed much over the years. According to Deneke, cyberthieves’ main goals are to:
- Steal your financial information;
- Steal your personal information;
- Use you as a tool;
- Commit corporate espionage;
- Expose your information.
The number one threat to your security remains the improper application of passwords. “People keep using the same passwords over and over again,” Deneke says, “It’s our biggest problem.”
Even with the advent of password management solutions, the increase in multi-factor identification and the introduction of biometric tools, bad passwords continue to plague IT managers. Other potential threats to the wellbeing of your system include:
- Missing or poor encryption. Qualified staff is hard to find these days.
- Web traffic. Attempts to penetrate your system continue to evolve.
- Email. Phishing is alive and well, even thriving, Deneke says.
- Cloud infrastructure. Plenty of security gaps in new construction.
- IoT. The devices themselves are vulnerable, he says.
Potential threats develop from the inside as well as the outside, he says. With high-quality talent expensive and difficult to obtain, some security routines get pushed to the side. As part of his discussion, Deneke listed the major vulnerabilities faced by cloud-network users:
- Zero-day exploits;
- System misconfigurations;
- Poor inhouse development;
- Inadequate auditing.
More than 70 million phones were lost last year, Deneke says. Only 7% were recovered. Lost laptops, lost notebooks – with the mobile workforce now fully entrenched, the need is ever increasing for encrypting not just your network, but also your company’s mobile devices, he says.
Deneke says the solutions are out there, it’s just a matter of applying them. Solutions for maintaining your layered security include:
- Attention to patch management;
- Increased use of application controls;
- Introduction of advanced anti-exploit software (ERD);
- Imposition of regular system auditing.
“You don’t find out that someone has been crypto mining on your network until you receive the bill,” Deneke says. Better to continually monitor all your IT layers all the time, rather than pay that bill when it comes due.
Edited by
Maurice Nagle
