In the early days of the internet, cybersecurity was fairly straightforward, with all solutions and strategies geared toward prevention. However, the rapid acceleration of technology, including the advent of cloud computing and the Internet of Things, has also hastened an increase and advancement of cyber-attacks. While prevention remains critical, cybersecurity has also had to evolve. Success is now found when an organization layers its defenses and regularly evaluates the status of their safeguards to adapt to change—whether those be organizational or within the wider cybersecurity sphere.
Widening the Perimeter
With the number of data breaches continuing to increase year over year, complete fortification is no longer realistic. In fact, new attack vectors continue to emerge. For example, some areas of the IT environment once thought to be completely secure—like IBM i servers—have become vulnerable with the incorporation of internet connectivity. It is widely accepted that any available perimeters are being, and will continue to be, breached.
This doesn’t mean that every breached organization will suffer the extreme consequences—merely that a layered approach is necessary, implementing different types of cybersecurity solutions throughout an organization’s environment. Now, businesses must consider solutions in the areas of prevention, detection, monitoring, encryption, assessment, and more. In today’s world, the key to creating a successful cybersecurity strategy for an organization involves building a dynamic security stack tailored to meet the needs of that business.
Though a layered approach to security may be the standard for many years to come, that doesn’t mean the world of cybersecurity has remained or will become stagnant. Instead, evolution is now continuously seen in every area of security, as new innovations are constantly needed to rise to the challenge of the latest cyber threats, as demonstrated in the following examples.
Endpoint Antivirus for Holistic Protection
Antivirus is still a foundation of any good cybersecurity portfolio. However, it has come a long way from exclusively scanning workstation PCs. Now, endpoint antivirus is considered equally important, ensuring that mission-critical servers are also safe, and don’t serve as attack vectors with a direct path to your organization’s most sensitive information.
Additionally, cybersecurity experts recommend going beyond Windows-based scanning. Most businesses have varied technology stacks, like servers running Linux, AIX, and/or IBM i, so it’s essential to have native scanning capabilities for each operating system. Non-native scanning can create stability issues, isn’t as reliable, and can even cause new security concerns.
Faster Detection on Any Device
Industries have both upgraded existing technologies or incorporated new devices that have improved and advanced their businesses. HVAC systems can be operated from a mobile device, MRIs produce results faster, and remote communication is easier than ever. Unfortunately, antivirus solutions specific to those devices has not yet caught up to it. This makes those HVAC systems, and MRIs—as well as security cameras, video conference units, CT machines, ATMs, SCADA systems, and countless other devices—a dangerous attack vector.
However, once an attacker is inside, their efforts can still be thwarted. While these devices may provide a way into your network, threat detection solutions can observe traffic, look for and confirm malicious activity which ensures that swift action can be taken the moment it is identified. These solutions have only gotten faster over time, using years of network traffic analysis, automation, and integrations with other tools to uncover threats sooner and provide instant notifications to minimize dwell time as much as possible.
Automating Encryption and Protection for Safer File Transfer
Data in transit used to be a perilous journey, and an opportune time for threat actors to strike and steal sensitive information. The secure transfer of files between any two parties is now a cornerstone of business operations in many industries, not to mention a requirement for many compliance regulations, like HIPAA, PCI DSS, and GDPR.
However, this has not always been an easy task. Secure transfer has often been clunky, as it had to be manually completed using a combination of products and custom scripts. This was inefficient to send, time consuming to receive, and often unreliable—complete protection could not always be guaranteed, and data loss was common. Now, Managed File Transfer (MFT) solutions have both centralized and automated this process, which provides reliable encryption and is far more usable.
Additionally, there are now Adaptive Data Loss Prevention (A-DLP) solutions that can work with MFT tools to further enhance security by inspecting content inside file transfers. A-DLP solutions take action based on an organization’s policies, and can block, encrypt, or remove critical data to ensure the acceptable level of information is being shared and received. These tools can also provide inbound threat protection, reducing the risk of malware or suspicious content entering the network.
Putting Your Security to the Test
Pen testing has been around for many years, and has become a fundamental part of building defenses for an organization’s most important resources and understanding security weaknesses through the lens of an attacker. Pen tests don't only expose vulnerabilities. They also serve as quality assurance checks, revealing what policies are most effective, and what tools are providing the highest ROI.
However, even the way pen testers evaluate security has evolved. In order to be effective, pen testing has to keep pace with attackers, so they can better prepare organizations against potential threats. Pen testing has also continually become more formalized, with official, reputable certificates available, continuing education courses regularly offered, and the General Services Administration (GSA) has even standardized pen testing services as a subcategory of Highly Adaptive Cybersecurity Services (HACS).
Ultimately, the only thing constant in cybersecurity is the need to evolve. With today’s ever-increasing and shifting threat landscape, organizations must remain agile and work to develop and refine security strategies that are as multi-faceted as the infrastructures they protect.