Last week I was at my neighbor’s house for dinner and we got onto the subject of cybersecurity. My neighbor was pretty convinced that he had good protection on his home network, but armed with nothing more than my laptop and a cold beer, I got access within 5 minutes – I could see all the machines on his network and his password too.
It’s easy. Anyone can do it. The tools are available for free on the internet and there are countless YouTube videos telling you how to use those tools to infiltrate company networks – where customer data ripe for the picking.
Corporate cybersecurity is a problem that is not going away. Hackers and malicious fraudsters are getting smarter and quicker. In fact, any hacking tools and instructions that are on the internet are already out of date. Something new and better is already out there.
Meanwhile however, organizations are following a series of steps in order to become ‘compliant’ – but does this translate to having a secure network? The answer is no. These standards are meant as a minimum and they will not safeguard everyone. Each organization needs to look at their own level of risk in order to safeguard adequately.
It also seems a bit suspect that often, those setting the compliance standards are the ones selling the tools needed for protection – ie firewalls etc. And if these tools are so great, why do companies keep getting attacked and are continually leaking information?
At Cywest we believe that the only answer is for organizations to have the best security out there – this will limit the amount of attacks. Unfortunately, they are impossible to safeguard against entirely, but with the right counter measures in place you can make sure your network is as secure as possible and be prepared for what to do when an attack occurs, which will limit the damage. We offer functionality, service and support in this area that no other provider can offer.
We recommend that you monitor your network in real time by using Layer 1 devices, such as taps, which can then relay the information that is sniffed to efficient sensors which have no presence on a data network from a Layer 3, or higher perspective. These types of devices are never heard or noticed by hackers, and thus, they simply do not know that they are there. Nor do they have any mechanisms for circumventing such devices.
You should also process data immediately - this requires a mix of both algorithms to prevent false positives, and a dedicated team of security experts that are specifically trained to recognize the signatures, patterns and behaviors of malicious activity. These types of teams should be contracted outside of a company’s organization so that a more dedicated and unbiased research of the realtime data being obtained can be accomplished.
Network security is something you can’t ignore. Companies must put adequate checks in place to safeguard their clients’ data as threats and malicious activity become more prevalent.
You can contact Cyrus for advice or a chat about your network requirements at firstname.lastname@example.org.