It’s been impossible to miss the widespread news of cyberattacks targeting companies across the world – including high profile cases that have been plastered across our news feeds over the last few years.
The reality is that cyberattacks have become an epidemic and show no signs of slowing down. In fact, 2017 was particularly bad! It is no longer a question of if, but when, a company will be hit. In this day and age, it’s critical to have a security strategy that effectively combines technological defenses with user awareness and training.
At a Security Roundtable event at CrossRealms in September, CEO Usama Houlila provided an overview of CrossRealms’ IT Security Strategy and Roadmap for 2018. We wanted to share with you the strategy he presented and some of the tools we will be using to better detect and mitigate threats, respond quickly when they do occur, and proactively avoid risk.
- Asset Discovery & Inventory: Know what’s connected to your network and what instances are running in your cloud environments.
- Vulnerability Assessment: find the weak spots in your critical assets and take corrective action before attackers exploit them to sabotage your business or steal your confidential data.
- Intrusion Detection: host intrusion detection (HIDS), network intrusion detection (NIDS), as well as cloud intrusion detection for public cloud environments including AWS and Microsoft Azure, enabling you to detect threats as they emerge in your critical cloud and on-premises infrastructure
- Behavioral Analysis: Behavioral monitoring for your network & systems is essential for spotting unknown threats. It’s also useful in investigating suspicious behavior and policy violations
- SIEM (Security Information Event Management): Unified collector for Log Management, Event Management, Event Correlation and Reporting
These new tools are currently in beta testing and will be ready for general deployment in mid-January. If you’re interested in being part of our beta testers, please reach out directly to Usama Houlila at uhoulila@crossrealms.ca
User Awareness and Training
Hand in hand with technological defenses that can be deployed, we need to address the biggest vulnerability to an organization’s security. Unfortunately, and usually unwittingly, it’s the very people who work there. Hackers often use different techniques to exploit an organization’s workforce in order to gain access to its critical systems and information. Known as human engineering, attackers can use phishing scams, spoofing attacks, and ransomware to trick users into divulging sensitive information or downloading dangerous files. Human engineering is often used by attackers because it doesn’t require the technical knowledge of hacking techniques and computer coding. All that is required is simply tricking someone within the organization to be naively complicit with the attacker’s goals.
We have connected several of our clients with Knowbe4, an integrated Security Awareness Training company specializing in educating organizations and their staff to recognize security threats and avoid the costly consequences. Knowbe4 offers several different training programs focusing on various areas of security – phishing security test, automated security training, email exposure check, and social engineering indicators to name a few. With regular security tests, our clients can ensure that their staff is always prepared to recognize incoming threats.
Please stay tuned for further news and roundtable events about CrossRealms security services.
Written By:
Miryam Rashid (Director- Project Management Office)
Matt Thomas (Project Manager)