One of the greatest challenges in the IT industry is staying ahead of the cybercriminal. This is no easy task. The 2019 Cost of a Data Breach Report, conducted by the Ponemon Institute and sponsored by IBM Security, indicates that the chances of experiencing a data breach have increased from 22.6 percent in 2014 to 29.6 percent in 2019. In other words, organizations are now one-third more likely to experience a breach in the next two years. The increased success that cybercriminals are achieving underscores the importance for IT organizations of ensuring they’re providing the proper measures for reducing cybersecurity risk.
The following are my recommendations for organizations seeking to significantly reduce cybersecurity risk in their business:
Many organizations deploy only a portion of the cybersecurity countermeasures that should be utilized. This can result in weak links in the chain of cybersecurity defenses. Even if most of an organization’s cybersecurity chain is strong, a cybercriminal can exploit the weak links, potentially causing a data breach that wouldn’t have been possible if a defense in depth approach was used.
A defense in depth approach consists of having many different layers of cybersecurity defense. If a layer is defeated by a hacker, there are still other security layers in place to thwart the attacker. An excellent example of such an approach to cybersecurity is found in the Center for Internet Security (CIS) Controls version 7.1.
Some cybersecurity defenses aren’t easy to implement, and some can be implemented in numerous different ways. The quality of your implementation could be the difference in whether or not you prevent a data breach. Some of the biggest data breaches in the last decade were due not to organizations failing to deploy the appropriate defenses but failing to deploy defenses properly.
Take as an example the reduction of unnecessary access. Reducing unnecessary access first requires understanding the subset of full access that’s needed for users to perform their jobs. Access is something that can vary from organization to organization depending on user requirements. Thus, you need to do your research in order to properly manage access. Depending upon the complexity of an organization, this could be something that could take weeks, if not months, to implement right.
An organization can be exposed to greater security risk if its security plan was created with a lack of synergy between security and systems administration teams. Achieving robust system security requires both teams to share knowledge and work together to define security policies specific to their IT environment.
The system administration team can offer substantial help to the security team since it has a thorough understanding of the operating systems and application groups in the organization. Once the security team has done its research, it should define a security plan that details the organization’s security policy requirements, and the system administration team’s job is to abide by it.
Since a security system is only as strong as its weakest link, make sure your defense in depth strategy includes security defenses for the firmware and the hypervisor.
Here I’ll get more brand-specific since IBM Power Systems is the server group I know best. IBM POWER9 servers come with firmware and hypervisor security features designed to bolster an organization’s security efforts. We’ll talk about specific operating system security features in upcoming blog posts, but there are important developments that fall under firmware and hypervisor security that I suggest you consider.
For example, IBM PowerVM Secure Boot, which I consider an important security defense feature, allows only appropriately signed firmware components to run on the system processors. Using digital signatures generated by IBM, Secure Boot verifies the authenticity of the following components of your firmware stack:
◉ Hostboot
◉ Power Hypervisor (PHYP)
◉ Partition firmware (PFW)
An included framework provides remote firmware attestation using a hardware Trusted Platform Module (TPM). The attestation supports Trusted Computing Group (TCG) 2.0 compliant trusted boot.
The following are my recommendations for organizations seeking to significantly reduce cybersecurity risk in their business:
1. Use a “defense in depth” approach
Many organizations deploy only a portion of the cybersecurity countermeasures that should be utilized. This can result in weak links in the chain of cybersecurity defenses. Even if most of an organization’s cybersecurity chain is strong, a cybercriminal can exploit the weak links, potentially causing a data breach that wouldn’t have been possible if a defense in depth approach was used.
A defense in depth approach consists of having many different layers of cybersecurity defense. If a layer is defeated by a hacker, there are still other security layers in place to thwart the attacker. An excellent example of such an approach to cybersecurity is found in the Center for Internet Security (CIS) Controls version 7.1.
2. If you’re going to deploy security defenses, do it right
Some cybersecurity defenses aren’t easy to implement, and some can be implemented in numerous different ways. The quality of your implementation could be the difference in whether or not you prevent a data breach. Some of the biggest data breaches in the last decade were due not to organizations failing to deploy the appropriate defenses but failing to deploy defenses properly.
Take as an example the reduction of unnecessary access. Reducing unnecessary access first requires understanding the subset of full access that’s needed for users to perform their jobs. Access is something that can vary from organization to organization depending on user requirements. Thus, you need to do your research in order to properly manage access. Depending upon the complexity of an organization, this could be something that could take weeks, if not months, to implement right.
3. Get your security and system administration teams working together
An organization can be exposed to greater security risk if its security plan was created with a lack of synergy between security and systems administration teams. Achieving robust system security requires both teams to share knowledge and work together to define security policies specific to their IT environment.
The system administration team can offer substantial help to the security team since it has a thorough understanding of the operating systems and application groups in the organization. Once the security team has done its research, it should define a security plan that details the organization’s security policy requirements, and the system administration team’s job is to abide by it.
4. Take advantage of firmware and hypervisor security features
Since a security system is only as strong as its weakest link, make sure your defense in depth strategy includes security defenses for the firmware and the hypervisor.
Here I’ll get more brand-specific since IBM Power Systems is the server group I know best. IBM POWER9 servers come with firmware and hypervisor security features designed to bolster an organization’s security efforts. We’ll talk about specific operating system security features in upcoming blog posts, but there are important developments that fall under firmware and hypervisor security that I suggest you consider.
For example, IBM PowerVM Secure Boot, which I consider an important security defense feature, allows only appropriately signed firmware components to run on the system processors. Using digital signatures generated by IBM, Secure Boot verifies the authenticity of the following components of your firmware stack:
◉ Hostboot
◉ Power Hypervisor (PHYP)
◉ Partition firmware (PFW)
An included framework provides remote firmware attestation using a hardware Trusted Platform Module (TPM). The attestation supports Trusted Computing Group (TCG) 2.0 compliant trusted boot.
0 comments:
Post a Comment