October is National Cyber Security Awareness Month (NCSAM), an annual campaign sponsored by the National Cyber Security Alliance (NCSA). The overall goal, according to the Department of Homeland Security, which participates in NCSAM, is to “increase the resiliency of the Nation in the event of a cyber incident.”
Security threats are vast and constantly evolving, as should your businesses security strategy.
Today, security isn’t just about basic protection. Companies have far more to consider than they once did. Now, a security strategy is a holistic approach to protection, prevention, detection and response—and it needs to encompass all aspects of an adaptive security architecture.
Top Business Security Threats
Here’s an overview of what you need to consider when implementing, updating, and enforcing your security strategy.
According to Cisco's Annual Security report, 100% of multinational companies show evidence that suspicious traffic was emanating from their networks and attempting to connect to questionable sites.
The speed at which external threats are increasing is exponential. There are millions of malware variations that enterprises must defend against, but it’s difficult for signature-based malware to keep up. There are more distributed denial-of-services (DDoS) attacks than ever before, and they vary widely; they can be highly targeted or generic, long in duration or short. And they mutate; there’s a new breed of DDoS attacks that use Web servers as payload carrying bots, which makes them even more lethal because of exponential performance increases. And then there are application attacks—25% of all DDoS attacks—which are often targeted at financial systems.
Insider threats are caused by a wide range of offenders who either maliciously or accidentally put an organization and its data at risk. Unless properly controlled, internal threats can lead to huge liability risks, resulting in both financial repercussions and damage to a business's reputation. Controlling employee's level of access by implementing role-based access control (RBAC), is an easy step towards strengthening your businesses internal security.
Most companies have standard security policies in place, outlining what employees can do with company information, how they can access it, what applications they can download, and managing bring your own device (BYOD) scenarios.
However, according to a recent survey by DataMotion, 44% of respondents only moderately enforce their internal security policies.
A key question to ask when reviewing a security strategy is knowing if your business could pass an audit for governmental compliance with security policies? The surprising news is that a large number of companies are not confident that they would. Another recent survey demonstrated that nearly 60% of IT business-decision makers in North America are only moderately confident that their organizations would be compliant with requirements for protection across a wide variety of industries. To learn more about balancing compliance with threat-based security programs, watch this on-demand security webinar.
Physical security is the protection of people, hardware, programs, networks, and data from any damage that might occur. In other words, it’s having a data center that is highly protected from fire, natural disasters, burglary, terrorism, etc. Physical security is one of the most overlooked aspects of a security strategy.
The physical management of data centers includes all aspects of the physical security, including security policies and procedures, security officer staffing, access control systems, video surveillance systems, standards compliance, and physical security designs and improvements within the data centers. Make sure the data center you choose complies with standards—and that you get annual audit reports.
Choosing the Right Partners
More organizations are choosing to outsource their security operations. But when it comes to outsourcing security, the buyer must beware. It is important to understand exactly what your business needs to protect devices, networks, applications, and data and then determine what components of these to consider outsourcing. The second step is to choose the right partner, or partners, for your specific needs. Keep in mind that the more your business can consolidate vendors, the more efficient your strategy will be. Another part of choosing the right partner comes down to understanding the balance between risk and spending. To ensure that your strategy is as robust and comprehensive as possible, choose a vendor who can help you make the right decisions around balancing your risk with your allocation of resources including your budget and staffing.
Security in the Cloud
In the past, cyber security was the biggest roadblock to public cloud adoption. The potential lack of control over proprietary information was enough to deter any organization from moving sensitive data to the cloud. To that end, recent, innovative advances to cloud infrastructures – such as two-factor authentication via LDAP and Intrusion Detection Systems (IDS)applied directly into CenturyLink Cloud – means some of that risk is reduced.
Aligning with the right service provider for managed security in the cloud, on-premise, and hybrid IT environments is key to a successful security strategy. You want to choose a provider who can help protect your business against the latest threats and ensure your company's compliance mandates are in place. Companies like CenturyLink have extensive track-records of doing just that – helping customers across all sectors guard against the most prevalent security risks.
Security remains an important consideration for any cloud deployment. As you build your security strategy, partner with your cloud vendor to discuss whether they have a robust, comprehensive security plan that addresses the current threat landscape while preparing you for the future.
Getting Started with Your Security Strategy
Governments and financial giants across the globe trust CenturyLink to deliver comprehensive security solutions. You can, too. Talk to one of our cyber security experts today. Designed for your business needs today and tomorrow, the CenturyLink Cloud® is reliable, secure, robust, and global.
We’re a different kind of cloud provider – let us show you why.