Large Organizations Not Yet Able to Secure their Complex IT Environments

by Michael Fimin

Although we still see targeted attacks that aim to steal specific data or cause service disruption, more and more attacks are broad and automated, affecting hundreds or thousands of organizations (the WannaCry malware is one example). Large enterprises typically have the resources for strong cyber security — but how well equipped are they in reality?

In light of the recent breaches of such giants as Deutsche Bahn, NHS, Honda, Anthem and Sony, serious questions must be asked about whether enterprises are agile and flexible enough to deal with not only long-known threats, but new ones as well. Enterprises may have cyber risks insurance and be legally covered, but risks are not limited to financial losses. Who wants their stock prices drop, even for a while? Who wants their reputation damaged? Moreover, disruption of critical public services or data compromise can cost people their privacy, their livelihoods and sometimes even their lives.

What IT security threats do enterprises have to deal with today? Here are some of the most common tendencies for large enterprises around the world:

  • Protection of customer data and intellectual property tops the agenda of large enterprises. Data protection is not only something organizations owe to employees, customers and authorities; now it’s also a condition of business success. While enterprises have long collected personal information, such as names, financial data and Social Security numbers, more and more organizations today build their entire businesses around intellectual property and therefore collect huge amounts of data about customer preferences and behavior to launch new products or services or to provide customized offerings. The Verizon 2017 Data Breach Investigations Report (DBIR) finds 289 data breaches attributed to cyber-espionage, which affected many verticals. Content theft hit the entertainment industry hard — for example, the recent HBO and Netflix breaches. Incidents like this can negate months of work and prevent financial investments from ever turning a profit. Therefore, the entire future of many enterprises now depends on data securityNo insurance can cover and no investor will turn a blind eye to the damage data losses can cause to competitive advantage, revenue and market valuation. Probably as a result of fatigue from dreading both known and unknown threats, the majority of large organizations are eager to invest in protecting customer data and intellectual property from breach, theft and other illegal use, says the Netwrix 2017 IT Risks Report.
  • Addressing the human factor is essential for overall security. Even though complete elimination of human factors — errors, intentional misuse and falling prey to adversaries — is probably not possible, there is a clear need to gain control over user activity. According to the Netwrix Report, 59% of large organizations consider employees to be their biggest security risk. This perception is supported by actual incidents that affected security and business continuity; Verizon’s 2017 DBIR found that 25% of all breaches over the past year involved internal actors. Since enterprises can no longer limit protection to certain systems or data, they have a strong need to monitor and analyze user activity, even when their users have no malicious intentions. Identity theft has become incredibly common, which helps explain the growing popularity of user and entity behavior analytics (UEBA) and machine learning aimed at mitigating the human factor across the environment. However, few enterprises have complete visibility into user activity across their IT infrastructure yet, revealed the Netwrix report.
  • Integrating processes with customers and partners poses a serious cyber risk. Granting suppliers, contractors, vendors or customers even very restricted access to internal systems can benefit relationships and speed up certain processes, but it also opens doorways for adversaries. There is no way of knowing how strong the security of third parties is and what policies they enforce. Again, hackers can and do steal external users’ credentials, so being unable to track and analyze third-party activity exposes enterprises to significant risk. There are numerous real-life examples, including the Target, Home Depot and CVS Photo breaches, of contractor credentials being compromised. Yet the risk of third-party access is commonly neglected. Organizations need to recognize that if employees can cause them serious trouble, so can third parties.
  • Connectivity and disappearing borders of the IT infrastructure add to the security challenge. The growing complexity of IT infrastructures and data assets has been a headache for large organizations for a long time. It got much worse with the growing popularity of mobile devices and cloud technologies. IT cannot ignore the need for employees to stay connected to corporate systems and choose the best applications for their work. But adding technology, devices and interconnections opens new doors to the IT environment. Therefore, security efforts can no longer be limited by the borders of the on-premises systems. McAfee’s recent Building Trust in a Cloudy Sky report says that “more than half of the professionals surveyed report that they have tracked malware incidents to a SaaS application.” Visibility into the cloud, mobile devices and shadow IT is as vital for maintaining control over the IT infrastructure as visibility into other parts of it.
  • Complying with data protection standards is particularly important for international businesses. Though large enterprises typically have a better security posture than SMBs, they still struggle with compliance. The Netwrix report states 59% of enterprises that have to comply with regulatory standards either had problems during IT audits or could not pass them on the first try. Most often, they weren’t able to provide complete evidence of compliance or relevant evidence within a reasonable time frame. This suggests unsatisfactory internal IT auditing processes for their complex IT infrastructures. Meanwhile, regulatory requirements for data protection have been tightening around the globe. Organizations have to meet not only domestic standards, but those of all the countries they operate in and collaborate with. The much discussed General Data Protection Regulation (GDPR), for example, now applies to any organization that handles the personal data of EU citizens. Thus, effective internal IT auditing is critical for organizations that want to expand or do business abroad.

Securing and monitoring a complex and distributed IT infrastructure is essential for business continuity and business growth. But it can be a challenge. It requires involvement of employees at all levels and constant enhancements and investments to adapt to emerging threats. Though there is no silver bullet, investors, customers, employees and suppliers alike will appreciate a readiness to combat a wide range of threats.

To be ready to pass compliance audits and beat security risks, including those posed by human factors and new technologies, enterprises are looking to gain more visibility across the IT environment. By providing control over what is happening across all systems and identifying threat patterns, such visibility can significantly facilitate detection, investigation and response to old and emerging IT threats, regardless of how complex and distributed the IT infrastructure is.

Michael Fimin is the CEO and co-founder of Netwrix.


Leave a Reply

WWPI – Covering the best in IT since 1980