The Little Book of Network Security and
The Little Book of Network Security and
The Little Book of Network Security and
Network Security
and Data Protection
Charlie Trumpess
The Little Book of
Network Security
and Data Protection
Charlie Trumpess
© MN Press 2017. Charlie Trumpess has asserted his right to be identified as the author of this work, in accordance with the Copyright, Designs and Patents Act,
1988. All rights reserved. No part of this publication may be reproduced, in any form or by any means, without permission from the publisher.
Contents
6 16
Chapter Three:
Patch Management
Introduction: Half of all successful
The uncomfortable truth about network cyberatacks exploit known,
vulnerabiliies and data breaches. patchable vulnerabiliies.
8 20
Chapter One:
The Human Factor of Cybersecurity Chapter Four:
Why your own employees are Always Have a Backup Plan
oten the greatest threat to your Disaster waiing to happen, a third
network security. of businesses never backup their data.
13 24
Chapter Two:
Segmented Networks Chapter Five:
& User Privileges Bring Shadow IT into the Light
Minimise the atack surface 80% of employees admit to
by sub-dividing your network and beter using unapproved, unsecured
managing user privileges. applicaions for work.
4
The Little Book of Network Security and Data Protection
28 40
Chapter Nine:
Chapter Six: Captain Crunch to Artificial Intelligence
Cybersecurity and GDPR Readiness A brave new world of autonomous
Data protecion for the digital age, systems and interconnected devices
are you prepared for the new promises opportuniies for some and
regulaions? threats to others.
32 44
Summary
Chapter Seven: Today’s businesses can only prosper
Anti-virus Endpoint Security with the right IT infrastructure in
Good old-fashioned ani-virus place, and yet many fail to take even
sill has a role to play in defending rudimentary precauions to protect one
your network. of their most valuable assets.
5
Introduction
An Uncomfortable Truth
Ransomware is a hot topic right now. Recent high proile malware atacks like WannaCry show
just how vulnerable organisaions are to cybercrime. Designed to take your corporate data
hostage, ransomware is a growing problem, and no one is safe. Globally, it’s esimated that
ransomware afects another company every 40 seconds. Ransomware atacks doubled during
2016. Overall, cybercrime cost UK irms £34.1bn last year. The staisics are alarming, but also
hide an uncomfortable truth. Many organisaions fail to take the most basic precauions to
protect themselves.
For the remainder of this book, we look at the three core elements of improved network
security: people, processes and soluions.
6
The Little Book of Network Security and Data Protection
Human Error
While the mulitude of threats from malware and hackers might cause sleepless nights, the
real danger to your corporate data is probably closer to home. According to the Informaion
Commissioner’s Oice (ICO), human error remains the main cause of data breaches in the UK.
Staf need much beter training and greater awareness of everything from opening suspicious
emails to using unsecured ile-sharing apps. We will take a closer look at user awareness and
training in chapter one.
Backup Plans
Regretably, bad things happen, even to the most prepared organisaions. Human error,
hardware failures, malware atacks, power outages and natural disasters. When the worst
happens it pays to have a backup plan. That means muliple secure backups of all your
company data, so everything is recoverable at a moment’s noice.
See Chapter Four: Always Have a Backup Plan.
Anti-Virus
Although WannaCry caught many irms of guard and caused a nice media storm, the fact is
that most enterprise-grade ani-virus applicaions, such as Webroot, can stop malware at the
point of atack. It is vitally important to have robust endpoint security policies and oversite
of all the devices that connect to your network. How’s your BYOD (Bring Your Own Device)
policies? Do you know which employees use personal devices on your network? Naturally,
ani-virus is only as good as the latest update, the consistency of its deployment, and your
irm having an integrated approach to network security.
See Chapter Seven: Ani-Virus Endpoint Security.
Advanced Security
In the popular video game, Resident Evil the shadowy Umbrella Corporaion creates a highly
advanced, self-aware and homicidal security system called the Red Queen. The Red Queen
adapts, evolves and anicipates new security threats, making her a formidable adversary.
Today’s advanced security systems might not be up to Red Queen standards yet, thank
goodness, but they are evolving fast. Soluions such as Cisco’s Umbrella gives organisaions
greater visibility and control of all Internet connected devices, over all ports, even when the
users are of the corporate network. Umbrella does some clever stuf, learning from Internet
acivity to spot the telltale signs of a potenial atack before it ever happens. Advanced
network security is a big subject, which is why we will dedicate an enire chapter to it.
See Chapter Eight: Advanced Soluions.
7
Chapter One
The Human Factor of Cybersecurity
8
The Little Book of Network Security and Data Protection
Human Error
Public awareness of high proile cyber-crimes seems to have litle efect
on our workplace behaviour, but does inhibit personal online aciviies,
such as banking and shopping. Research by AXELOS found that most UK
organisaions signiicantly underesimate the human element of cyber risk.
In fact, half of the UK’s worst data breaches during 2015 were caused by
human error. Internaional standard for informaion security ISO 27001 and
some insurance policies require irms implement cybersecurity training.
However, most companies only provide training to senior managers and
the IT department. Typically, end user awareness training is a far more
casual, ad hoc afair for everyone else.
Security Strategy
A cybersecurity strategy can only be efecive where you have clear policies
and procedures that everyone understands and follows. Otherwise,
your own staf will constantly undermine your IT security regardless of
what countermeasures you put in place. First, you need to assess the
potenial risks to your IT infrastructure, and decide what to prioriise.
Next, ensure senior management advocate IT security as a business
imperaive. Finally, implement a clear informaion management regime
with the appropriate checks and balances. User educaion will play a criical
role in raising awareness of cybersecurity risks and changing behaviours.
9
Raising Awareness
Changing how people think and behave isn’t easy. You might need some expert help.
According to research from AXELOS, “The one-dimensional and outdated cybersecurity
awareness training provided by most UK organisaions is not it for purpose and is limiing
employees’ ability to understand what good cyber behaviours look like.” Before you do
anything, you will need to establish a base level of cybersecurity awareness. Next, rather than
bombard staf with masses of informaion, focus on your top three threats. In the UK, this
might be raising awareness of fraudulent email phishing atacks, password protecion and use
of unsecured ile sharing applicaions, for example.
Audiences Segmentation
When building your end-user awareness programme it is important to consider your diferent
audience groups, and how best to communicate with them. Educaional research suggests
that interacive rather than passive learning tools and techniques produce the best results in
terms of engagement and retenion. Remember, there are diferent types of learners. Some
people respond beter to visual simulus while others prefer auditory, text or a kinaestheic
approach (learning by doing).
Games
The more interacive, group-based, relevant and fun you can make your awareness
programme the beter. Developed by PwC, Game of Threats™ is a cyber-threat simulaion
designed to test criical thinking and decision-making. The game rewards good decisions and
penalises teams for making poor choices in criical situaions. Ulimately, players come away
with a beter understanding of what steps they must take to improve cybersecurity across
their organisaion.
10
The Little Book of Network Security and Data Protection
Assessment
Having created your cybersecurity policies and introduced awareness training, you will
want to measure the efeciveness of your scheme. As phishing atacks are so prevalent,
you might send a fake fraudulent email to all employees as a test. You can then measure the
number of people who click on a potenially malicious link and the number of people who
report the email as suspicious. You could then repeat this exercise randomly as part
of a phishing assessment of end user awareness. Alternaively, you can run a full network
and security assessment in secret. Use this assessment as a baseline before your users
start their awareness training, and then run a comparaive check ater your people have
completed the course.
Penalties of Inaction
Incredibly, most cyberatacks and data breaches go unreported. Many irms simply lack
an awareness of who to report to, why to report breaches, and what reporing achieves.
Nevertheless, failing to take the most basic cybersecurity precauions, not reporing accidental
data loss and malicious aciviies can prove costly. The 2015 hack of telecoms provider
TalkTalk cost the company an esimated £60m and 100,000 lost customers. They also received
a £400,000 ine as the regulator found the cyberatack was completely preventable. New
General Data Protecion Regulaions or GDPR will require every organisaion to report data
breaches to the Informaion Commissioner’s Oice from May 2018. Penalies for failing
to comply with GDPR will be severe. Learn more on Chapter Six: GDPR and Cybersecurity
Readiness.
Top Tips
1. Raising user awareness of 2. Changing human behaviour 3. Assess the state of your
cybercrime and data security isn’t easy. Use different network security before
starts at the top. types of media tailored to training starts so you can
your target audiences for measure results effectively.
best training results.
11
Chapter Two
Segmented Networks & User Privileges
12
The Little Book of Network Security and Data Protection
Third Parties
Depending on the nature of your business, you might need to provide
network access to third paries such as suppliers and partners. First, you
should have a policy in place to vet third paries before you give them access
to your systems. Next, ensure that they have segmented access, restricing
their aciviies to essenials only. Any data iles transferred to third paries
should be done using a secure protocol, encrypted in transit and at rest.
Finally, you will want to have an incident plan in place should a security
breach occur.
Need to Know
Operaing on a “need to know” basis is something common to intelligence
services, the police and military around the world. The idea is simple
and efecive, you only tell your ield agents enough about an on-going
operaion for them to perform their assigned tasks. Should an agent
be compromised, captured and interrogated they can only reveal a
small piece of the overall operaional plan. Similarly, resistance ighters,
acivists, criminal gangs and terrorist groups oten adopt a cell structure,
which restricts a member’s knowledge of the organisaion to just a few
individuals. This helps protect the group from informers and undercover
law enforcement. In the IT world, user privileges determine what you
can and cannot do on the network, a bit like operaing on a need to
know basis. However, many organisaions fail to apply the concept of
least privilege, whereby the majority of staf are limited to a standard
user account. Only a select few have super user or administraive rights. By
limiing user access you reduce the risk of malicious acivity and human error
causing major disrupion.
13
User Privileges
Out of the box, Windows PC users login with an administrator account. It’s easy enough to
create a standard account, but how many people do? Subsequently, any hacker or malware
can quickly take full control of your device, change seings, access any ile and monitor your
acivity, usually without your knowledge. The computer you are on right now might be part
of a botnet performing a denial of service atack or sending spam. Of course, organisaions
have to worry about more than just external threats. Disgruntled or negligent employees
with the wrong user privileges and full network access can easily cause mayhem. Finally,
organisaions must consider what user rights they assign to IoT or smart devices that are
being used everywhere from environmental controls to alarm systems. Many of these devices
are inherently unsecure. A recent Forrester report on idenity management found that
80% of breaches involved the misuse of elevated privileges, such as those used by systems
administrators, super users, and those with root access.
14
The Little Book of Network Security and Data Protection
A few years ago, I worked for an internaional IT company as a contractor. Ater my contract
ended, quite amicably, I discovered I sill had access to the company’s website CMS and
analyics. I retained these privileges for some years unil the company was the subject
of a takeover. This simple oversight meant I could have easily changed or deleted website
content. Clearly, failing to disable or delete the network user accounts of former employees
represents a major security risk. Inacive user accounts enabled in Acive Directory are also
temping targets for outside atackers. Ater all, it’s a valid account so less likely to be noiced
when accessing the organisaion’s private data and applicaions, depending on privileges.
Because the account is inacive, the original owner is no longer around to alert anyone that
something is wrong.
Every organisaion must ind the right balance between the operaional needs, IT and security.
Next, an organisaion must develop efecive procedures for managing ideniies and user
privileges. Wherever possible, only grant minimal user privileges to carry out required tasks.
Idenify and review all those with privileged user status. Don’t allow passwords to be shared,
and establish processes to monitor and manage any shared accounts. Ensure you have
processes in place to disable or delete inacive accounts in Acive Directory ater an agreed
period. By 2018, it’s esimated that 60% of insider misuse and data thet will be the result of
poor user access management and suicient controls.
Top Tips
1. Segmenting your network 2. Apply the concept of least 3. Ensure you have a process
into subnetworks or zones privilege, whereby users in place to disable or delete
can help prevent the spread only have enough network inactive user accounts from
of malicious applications and access to perform their the Active Directory.
insider misuse. specific roles.
15
Chapter Three
Patch Management
16
The Little Book of Network Security and Data Protection
Erroneous Task
So, what does good patch management look like and how do you
manage it? The key objecive of a patch management program is to
create a consistently conigured environment that is secure against
known vulnerabiliies in all systems and applicaions. This sounds simple
enough. However, in reality patch management can become a complicated,
ime-consuming and erroneous task, even for smaller businesses with
limited IT infrastructure.
17
Where Are You Now?
At this point, many organisaions turn to IT frameworks such as ITIL (Informaion Technology
Infrastructure Library) to provide a structure and best pracice for execuing efecive
patch management. We would recommend you review your patch management strategy.
Does it include the right components of people, process and technology? If not, then
this is something you should tackle quickly before it becomes a bigger issue.
IT Audit
It might seem obvious, but a good place to start is by conducing an audit of all your
IT systems and endpoints. You can only manage IT assets you know are part of your
network, so understand what you have, where it’s located, what operaing systems
and applicaions are running.
18
The Little Book of Network Security and Data Protection
Rationalisation
You might want to think about standardising hardware and sotware choices, making
everything easier to manage. You will also want a list of all the security controls you have in
place. In this way, you’ll know what requires atenion when alerted of a vulnerability. You
might also want to think about doing a risk assessment, so you can prioriise your workload.
Raionalising your IT will help make it more manageable, but replacing kit or applicaions
because they’re going end of life is seldom immediately necessary. Vendors typically coninue
support, security upgrades and patches for years. Once again, having the right people and
processes in place will help you make informed decisions that support your business.
Patch Staging
When a patch becomes available, you should resist the urge to push it out across your
network immediately. Someimes, patching a system can have unforeseen consequences
and cause problems. Doing a quick Google search and checking IT forums, for example, can
provide an early warning that something is wrong with a patch and ofer possible soluions.
We would recommend you adopt a patch staging process, whereby patches are applied
gradually across your organisaion rather than in one go.
Top Tips
1. Focus your patch 2.Conduct an IT audit so 3. Patch staging will reduce
management strategy on you have a clear picture of the likelihood of a new patch
people, processes and then everything on your network. causing unforeseen problems.
technology.
19
Chapter Four
Always Have a Backup Plan
20
The Little Book of Network Security and Data Protection
Strategy
Whatever your industry, data backup, archiving and recovery are criically
important. You must develop a clear strategy. First, you will want to think
about just how much data you’re going to generate, it’s probably a lot
more than you would imagine. On the plus side, the costs of storage have
fallen dramaically.
Redundancy
Next, you need to plan for redundancy. What happens if you backup fails?
An on-premise server can instantly restore lost or corrupt data to the local
network, but not if the building burns down, loods or collapses due to an
earthquake. Then you will be glad of your Cloud backup. It means you can
ind a temporary oice, recover your data and be back in business.
Compliance
You will certainly want to think about your legal and regulatory obligaions
around data storage, backup and recovery. Highly regulated industries, for
example, have rules around data handling, retenion, disposal and audiing.
Not all data is created equal, so you might want to adopt diferent backup
and retenion policies for business criical and non-criical data.
21
Remote Workers
Over 30% of a company’s data resides locally, on PCs, laptops and mobile devices. However,
laptops are vulnerable to thet, damage, human error, mechanical failure and malware.
Adoping an automated, secure Cloud backup ensures the integrity of your data, wherever it
resides, even outside the corporate irewall, making it the perfect soluion for remote workers.
Cloud-to-Cloud
Finally, some irms rely heavily on Cloud-based applicaions such as Oice 365 and Salesforce.
Certainly, these services are highly resilient and secure. However, many Cloud-based
applicaions have limited data retenion periods, which is no good if you are a regulated
industry that must retain every email and document for 7 years. Some vendors ofer very
limited liability when it comes to compensaing you for lost, stolen or corrupt data. Only you
know the true value of your data to your business. Of course, having all your data reside with
one vendor gives them a lot of power and makes it harder for you to go elsewhere. Having a
backup gives you some leverage, and makes migraing to another service easier.
22
The Little Book of Network Security and Data Protection
The reputaional and inancial cost of a high-proile cybersecurity or data breach can be
immense. A study by the Briish Chambers of Commerce found that 93% of businesses that
sufered a data loss for 10 days or more iled for bankruptcy within a year. Half of them went
out of business almost immediately. At Modern Networks, we understand the importance of
having a secure, fully integrated data backup, storage and recovery strategy. We are always
happy to discuss your business needs, provide expert advice and pracical soluions.
Top Tips
1. Have a clear backup and 2. Keep multiple copies 3. Backup frequently.
recovery strategy. of your data.
23
Chapter Five
Bring Shadow IT into the Light
24
The Little Book of Network Security and Data Protection
We’ve all done it, used our personal email, a popular ile sharing app or
something similar to get the job done. In fact, around 80% of employees
admit to using unapproved, oten unsecured sotware applicaions for
work purposes. On the other hand, only 8% of organisaions have any
idea what shadow IT applicaions staf are using. Shadow or stealth IT
might sound a litle creepy or threatening, but in reality it’s just
a catchall term for any applicaion not oicially sancioned for use by
your organisaion.
Cyber Threats
The problem is that every ime someone uses an unsancioned
applicaion to get something done, it exposes your organisaion to
cybercrime and accidental data loss. Of course, work completed using
shadow applicaions might not be compaible with internal systems, and
valuable data cannot be backed up or recovered if it never resides on your
network in the irst place. By 2020, Gartner predicts that a third of all
successful cyberatacks will be achieved via shadow IT resources.
The more technologies we all use in our work and everyday lives the
greater the risks. According to a report by the UK’s Naional Cyber
Security Centre, a range of fake business-enabling mobile apps appeared
in 2016 designed to steal users’ login credenials. Cybercriminals have
also started to exploit social media sites knowing that many employees
regularly check Facebook and Twiter feeds throughout the day, and
especially at lunchime, using company devices. Clicking a link on a
hilarious cat video while at work can prove just as damaging as
opening a malicious email.
The IT Bypass
Shadow IT has become something of a double-edged sword for many
organisaions and IT departments. Ater all, shadow applicaions clearly
meet important business needs otherwise they wouldn’t be so widely
used. However, the IT department simply cannot do its job if it’s bypassed
and let in the dark about what applicaions people are using. Most
employees adopt shadow applicaions without considering the security
risks or compliance issues. When data resides on a third party applicaion,
outside of the knowledge or control of an organisaion’s IT department,
it is quite clearly at risk. Ignorance is no defence when sensiive client
or personal data leaks out of your organisaion and ends up on the Dark
Web for sale. Failing to meet regulatory obligaions about how sensiive
data is handled, stored and shared can lead to prosecuion, big ines and
negaive publicity.
25
Let’s get Visible
There is no-one-size-its-all soluion to the shadow IT conundrum. However, a prety good
place to start is visibility. How can you manage anything if you’re in the dark about what Cloud
applicaions are being used in your organisaion? A small business with extremely limited IT
resources might simply ask employees and departments what applicaions they are using. You
might not get a completely truthful answer, but it’s a start. Medium and larger irms might
look at a Cloud access security broker (CASB) such as Cisco Cloudlock. Essenially, a CASB sits
between an organisaion’s IT infrastructure and the Cloud service providers. It then enables
you to see which Cloud applicaions people use, and any data being transferred or shared.
What’s more, CASBs can provide risk assessments of the apps used. The organisaion can then
deine rules, procedures and restricions to ensure data compliance and security. Similarly,
data loss prevenion (DLP) soluions like Cisco Stealthwatch give you complete visibility of your
enire network out to the Cloud, and provide valuable insights and early detecion of security
vulnerabiliies and potenial threats.
Crime Report
Lastly, reporing cybercrime and data breaches is vital to idenifying vulnerabiliies and
combaing threats. A survey by Barclays Bank and Insitute of Directors (IoD) found that
nearly ¾ of data breaches and cyberatacks go unreported by business. Clearly, the fear of a
hety ine from the Informaion Commissioner’s Oice (ICO), which has the power to impose
monetary penalies of up to £500,000 for breaches of the UK Data Protecion Act, is one
deterrent to reporing. However, many irms do not report breaches simply because there
was no material loss or damage caused. Nevertheless, those same irms spend more ime and
money on improving cybersecurity. Of course, bad publicity and potenial loss of business is a
powerful deterrent to reporing.
26
The Little Book of Network Security and Data Protection
Top Tips
1. To better manage your 2. Technology can help you 3. The laws on data protection
network and data, first, you need better manage your network, are getting much tougher. The
visibility of who and what are but don’t forget processes and consequences of failing to
accessing your systems. people are just as important in comply with regulations, already
maintaining data security. severe, could put many more
firms out of business.
27
Chapter Six
Cybersecurity and GDPR Readiness
28
The Little Book of Network Security and Data Protection
Data Protection
In reality, GDPR isn’t that much diferent from current data protecion legislaion. It’s simply
being brought up to date. The main personal data protecion principles remain the same.
Personal data should be:
Individual Rights
Some of the new rights for individuals include the “right to be forgoten” and data portability
(the right of individuals to obtain and reuse their personal data for their own purposes
across diferent services). There will be new provisions to increase the protecion of
children’s data such as parental consent for under sixteens waning to sign-up for online
services and a stronger “right to be forgoten”. Under the new regulaions, you must also
be able to demonstrate compliance. That means clear processes, procedures and metadata
management. The new legislaion further disinguishes between general personal data
(contact details) and sensiive data (medical records, religious beliefs and unique biometric
ideniiers, for example).
29
Naturally, the regulaions require you keep personal data securely. However, the direcive is
not speciic or prescripive about how you secure the data you hold. Data controllers must
report personal data breaches to their supervisory authority and, in some cases, the afected
individuals. This must be done within 72 hours where feasible.
The Informaion Commissioner’s Oice (ICO) provides plenty of informaion on what steps you
can take now to prepare for GDPR compliance. Visit the ICO’s website for their handy 12-step
checklist.
Cybercrime
Today, all organisaions should consider themselves targets of cybercrime. No one is immune.
The new regulaions build on what is required by exising data protecion legislaion. Firstly,
you should take appropriate organisaional and technical measures to protect your systems
and the data that resides on them. Although not a mandatory obligaion, it is recommended
that personal data is always encrypted.
Your IT systems should be secure, resilient and backed up. In the event of a physical or
technical incident, you should be able to recover all personal data records in a imely manner.
You should also have a process in place to regularly check the efeciveness of your data
security. As well as meeing new obligaions on data breach reporing, organisaions must
keep their own internal records of all data breaches and similar incidents.
All scaremongering aside, the truth is that having an IT security strategy in place will help
miigate the risks from cybercrime while ensuring you meet many of your data protecion
obligaions.
User Awareness
Firstly, as we have already seen, the majority of data breaches are caused by human error,
not technical failings. It is important that everyone across your organisaion is aware of
cybersecurity threats, and assumes their share of the responsibility to keep your corporate
data safe. Your staf should be properly educated about risk miigaion through good pracices
and procedures.
See chapter one for more informaion on user awareness and training.
Cybersecurity Audit
Next, you’ll want to determine the current state of your cybersecurity and deine where
you need it to be. This process can be broken down into policy, employee and technical
assessments. You will probably ind a mix of easily ixed vulnerabiliies and those that will
require a more planned, long-term response. Naturally, any business criical operaions
assessed as vulnerable should take priority in your remediaion plan.
Constant Monitoring
Running a cybersecurity audit gives you a snapshot of your strengths and vulnerabiliies.
However, once you’ve conducted the remedial work necessary to close any ideniied gaps,
you sill have work to do. The cybersecurity landscape is constantly changing and new threats
emerge all the ime. Subsequently, you will need to establish a regime of constant monitoring.
30
The Little Book of Network Security and Data Protection
According to the Naional Cyber Security Centre (NCSC), “Good monitoring is essenial in order
to efecively respond to atacks. In addiion, monitoring allows you to ensure that systems are
being used appropriately in accordance with organisaional policies. Monitoring is oten a key
capability needed to comply with legal or regulatory requirements.” The NCSC provides a 10-
step checklist for cybersecurity monitoring.
Remediation
Unfortunately, you can take every conceivable precauion and sill be the vicim of cybercrime,
so it will pay you to be prepared should the worst happen. It’s important you have the right
skills and technical resources to quickly idenify, isolate and deal with threats while minimising
their impact on your business operaions. Building resilience into your systems, ensuring
business criical data is backed up and establishing a coherent disaster recovery plan will make
a signiicant diference to your organisaion’s survivability ater a cyberatack.
Cyber Essentials
The UK government has a Cyber Essenials scheme that you can refer to in order to help
address important cybersecurity concerns. You can use this as the foundaion stage of your
cybersecurity strategy before looking at the iner details. Once completed you can then self-
cerify for Cyber Essenials.
See: UK government’s 10-steps to Cybersecurity
Top Tips
1. GDPR becomes law across the 2. Main personal data protection 3. Having an IT security strategy
EU including the UK in May, 2018. principles remain the same in place will help mitigate the
as Data Protection Act (1998) risks from cybercrime while
with some new additions such helping you meet many of your
as right to be forgotten, data data protection obligations.
portability and child protection.
31
Chapter Seven
Anti-virus Endpoint Security
32
The Little Book of Network Security and Data Protection
Ransomware
The enormous global press coverage of recent ransomware atacks
put cybersecurity front of mind for many organisaions. The term
“ransomware” was probably new to many people unil May 2017.
However, ransomware is not a new issue, but is a muli-billion dollar
problem.
Damaging Fallout
Besides the immediate monetary loss, the longer-term fallout from
a malware atack can be devastaing. There’s the public relaions
nightmare and reputaional damage done to the brand. Other
consequences include regulatory compliance issues, legal acion,
operaional disrupion, lost customers, cancelled contracts, raised
insurance premiums and diiculty obtaining credit. In a 2017 global
study, over 30% of irms reported a loss of revenue and nearly 25%
lost customers as a result of a data breach.
33
Question the Status Quo
If you already have ani-virus, it is sill worth asking the quesion: does it give your
organisaion the right level of protecion you need? Do you regularly audit your systems to
ensure that all your endpoints (PCs, tablets and mobiles) have ani-virus sotware installed,
and are they running the latest deiniions? This is a criical point, as many organisaions
deploy ani-virus sotware as a ‘set and forget’ soluion but fail to monitor the endpoints and
ensure they are coninually protected.
Central Administration
It is crucial that you choose a soluion that can be centrally managed by an administrator.
Ani-virus providers regularly release new updates for new threats as they are detected. If
your sotware isn’t centrally managed or requires the user to update the sotware ‘at their
convenience’ it may not happen at all, and leave your network vulnerable.
34
The Little Book of Network Security and Data Protection
Top Tips
1. Choose an anti-virus solution 2. Choose an anti-virus that 3. Choose your anti-virus
that’s been independently tested. can be centrally managed. based on business needs.
35
Chapter Eight
Advanced Solutions
36
The Little Book of Network Security and Data Protection
Umbrella Roaming
Umbrella Roaming is a Cloud delivered service that protects all your
employees’ devices, even when they are not connected to your network. It
works by blocking user requests to malicious domains at the Internet DNS
layer, which means a connecion is never made.
Working across both wired and wireless, corporate and guest networks you
can control the devices connecing, and make sure they meet your speciied
criteria for access. For example, what operaing system is a device running?
Is it patched suiciently? Does it have enterprise ani-virus installed and
is it up to date? If not, you can quaranine the device, and give the user
limited or no access unil they have addressed the problem. This can
signiicantly increase your level of control over devices that have the
potenial to threaten or infect your network.
37
Before, During and After an Attack
Advanced Malware Protecion (AMP) for endpoints provides protecion against the most
advanced cyberatacks, will prevent breaches and block malware at the point of entry. It will
also rapidly detect, contain, and remediate advanced threats if they evade front-line defences,
such as irewalls, and get inside your network. As we have said in previous chapters, no
prevenion method will catch every threat. However, AMP will help you be prepared when
advanced malware does get inside. AMP enables you to see executable ile acivity across all
of your endpoints, so you can spot threats quickly and ix them.
One area where AMP difers from other soluions is it coninues to monitor and record acivity
ater a ile is on the endpoint. It coninues to watch, analyse and record ile acivity, regardless
of the ile’s disposiion. When malicious behaviour is detected, AMP shows you the recorded
history of the malware’s behaviour over ime: where it came from, where it’s been, and what
it’s doing. The malicious ile is then quaranined automaically, any damage done is ixed and
further harm prevented across all endpoints on your network.
38
The Little Book of Network Security and Data Protection
Stealthwatch can help you spot a compromised device talking to an external command
and control server, detect abnormal traic and idenify data exiltraion, if unusual ile
transfers are taking place. Without an applicaion like Stealthwatch, the irst ime you
learn there’s been a data breach is when your customers’ data goes on sale or is splashed
across social media.
Choose Wisely
These are just a handful of advanced cybersecurity soluions available to you. They vary
in complexity and costs. Naturally, we would recommend you evaluate your current levels
of protecion; check they are adequate for your needs and compliant with your industry
standards. However, before you rush out and spend a shed load of cash because the Board
have been reading the newspapers; take a moment to consider your security needs and
opions.
First, you need to agree what are your security prioriies. Next, shortlist vendors and
applicaions that meet your requirements now and for the near future. Get some independent
advice and look at what exising customers have to say about applicaions. Look at total cost
of ownership (TCO) and any hidden fees. You will also want to think about support and service
levels. Take the applicaions out for a test drive, and give your IT people a chance to look
under the bonnet.
Top Tips
1. Assess your current IT 2. Agree security priorities. 3. Evaluate different
network security. applications based on
your needs, budget, TCO
before purchasing.
39
Chapter Nine
Captain Crunch to Artificial Intelligence
40
The Little Book of Network Security and Data Protection
Back in 1971, the makers of Cap’n Crunch breakfast cereal had no idea what they had done
when they included a seemingly harmless toy whistle in every box as a promoional git.
Just one of many people who enjoyed a bowl of Cap’n Crunch cereal was a young computer
enthusiast named John Draper. John found that the Cap’n Crunch toy whistle produced
exactly the same 2600-hertz audio tone needed to open a telephone line and allowed
him to make free long-distance calls. Nicknamed “Captain Crunch”, John had successfully
hacked the US telephone system. John went onto share his discovery with two enterprising
Berkeley college students, who saw a business opportunity in being able to hack the
telephone network and make free calls. Someime later, the two Berkeley students, Steve
Jobs and Steve Wozniak, would go onto found a litle computer company called Apple.
Open Doors
Our every increasing dependence on digital technologies and poor
digital hygiene have created the perfect storm of cybercrime. Weak
password policies, leaving ex-employees on your Acive Directory,
failing to patch or replace for known vulnerabiliies, using
shadowy IT applicaions for business purposes, and opening
suspicious emails and text messages are some of the most
common reasons businesses and individuals fall vicim to
cybercrime. These are crimes of opportunity, like leaving
the doors and windows of your building wide-open.
41
Simple Solutions
Creaing, communicaing and enforcing some simple, common sense IT security policies could
save you a world of pain. Disable and then remove dormant user accounts from your Acive
Directory ater 30 days. Once manufacturers stop producing criical security updates for end of
life hardware and sotware, you need to replace it. You keep it running at your own peril. The
majority of data breaches are the result of human error such as losing paperwork, emailing
data to the wrong person, mistakenly uploading conidenial or sensiive informaion to public
websites, gossiping and being indiscreet on social media. A lot of this stuf might seem trivial,
but brute force atacks, ransomware and spyware are successful because people use weak
passwords and don’t patch or replace their systems when they’re clearly vulnerable.
As our computer networks become more complex, dispersed and interconnected so the atack
surface grows proporionally. Every smart device you hook-up to your network represents an
opportunity and a threat. The environmental sensors that control your eco-friendly building,
for example, might be just the gap in your IT security perimeter that a hacker has been
waiing to exploit. A recent survey by the Electrical Contractors’ Associaion (ECA) and Scoish
electrical trade body SELECT found that some four in ten smart buildings in the UK do not
currently take any steps to counter cyber threats. To take maximum advantage of mobility, big
data or the Internet-of-things (IoT) requires you have a network infrastructure that’s resilient,
scalable and secure.
Robots
There will be tens of billions of connected devices jostling for bandwidth by 2020. Keeping
tabs on all those devices will be no easy task, let alone ensuring they’re secure. Predicing
the future is a notoriously tricky task. For decades, roboics and ariicial intelligence (AI)
have been the stuf of science icion and horror movies. However, today we are seeing
the irst widespread and successful use of these technologies. We see robots deployed in
manufacturing, logisics, uiliies, scieniic research, law enforcement and the military.
Primarily used to ofer help and advice, chatbots are deployed everywhere from social
networks and ecommerce websites to call centres, banks and healthcare providers. Online
giants Amazon and Neflix use sophisicated, self-learning systems to study the shopping and
viewing habits of their customers, so they can beter serve them.
AI, machine learning (ML) and quantum compuing ofer the possibility of cybersecurity
systems capable of idenifying threats the moment they emerge anywhere in the world.
Automatous systems that can anicipate a cybercriminal’s next move based on previous
behaviours, and take acion without any human intervenion. Similarly, cybercriminals will
probably harness AI-based technologies to launch sophisicated atack agents designed to
avoid detecion and adapt to changing defence strategies.
42
The Little Book of Network Security and Data Protection
Ajay Arora, CEO and Co-founder of data security irm Vera suggests, “We need to adopt
intelligent and automated security systems. Automaion means invesing in tools that
automaically secure data based on locaion, context, the recipient, the user’s idenity, and
more importantly, tools that don’t require constant human interacion. We simply cannot rely
on employees or our partners to do the right thing.”
No Simple Answers
The cyber-threat landscape coninues to evolve, and no one security vendor can or will
ofer a complete soluion to the problem. Instead, organisaions will have to work with
security consultants and trusted partners such as Modern Networks to combine best-of-
breed soluions to meet their own unique set of requirements, challenges and risks. Today,
successfully changing employee aitudes and indiference towards cybersecurity will go a
long way to prevening many accidental data breaches, phishing and other social engineering
atacks.
The anicipated spread of smart, connected devices into every conceivable part of our work
and home lives will certainly pose major security challenges. A requirement of the new
European General Data Protecion Regulaion (GDPR) is data security by design. In other
words, manufacturers and sotware developers must build data security features into their
products. This paricular GDPR obligaion might prove an important weapon in the ongoing
ight against cybercrime in years to come.
Top Tips
1. The war of cybersecurity versus 2. Create, communicate and 3. The majority of cybercrimes
cybercrime has only just started enforce simple, common sense remain crimes of opportunity.
and will only intensify. IT security policies, and adopt You can mitigate many of these
defence in depth approach risks by taking simple remedial
to network security and data actions, such as patching known
protection. vulnerabilities, and raising
user awareness.
43
Summary
44
The Little Book of Network Security and Data Protection
In order for organisaions to get a beter grip on network security and data protecion, they
need to think about three things: people, processes and then soluions.
Backup
Unfortunately, there is no such thing as complete cybersecurity. Should the worse happen,
and you are the vicim of a cyberatack or data breach, it’s criically important you have a
reliable backup and recovery plan that can swing into acion.
45
Regulation
The full implicaions of new EU data protecion legislaion remain to be seen, but promise
to be far more stringent in certain areas, such as right to be forgoten, data portability and
breach reporing. Having a coherent IT security strategy will help miigate risks and ensure you
meet many of your data protecion obligaions.
Every human acivity comes with some level of risk. Good networks security can help miigate
many of the risks associated with doing business, ensure regulatory compliance, reduce
liabiliies and protect an organisaion’s reputaion.
46
The Little Book of Network Security and Data Protection
47
About Modern Networks
Established in 1999, Modern Networks is an IT and telecoms managed service provider
(MSP) helping clients across the UK maximise the value of their enire IT infrastructure.
The company has oices in Herfordshire, Cambridgeshire and Manchester. We
have considerable experise within commercial property management working with
over thirty managing agents and a thousand sites. Our clients include CBRE, Cushman and
Wakeield, Savills, JLL and Lee Baron. We are a corporate member of the Briish Insitute
of Faciliies Management (BIFM). We are also a Gold member of the Service Desk Insitute
and ofer ITIL best pracice standards of IT support.
48
The Little Book of Network Security and Data Protection
Enterprise
Modern Networks provides advanced, innovaive IT managed soluions for over 200 varied
enterprise clients from accountancy irms, travel agents and media companies to naional
chariies and not-for-proits. The company is a ceriied partner for Cisco, HP, Microsot,
VMware, NetApp and Pure.
RADD Telecoms
Our sister company, RADD Telecoms is one of the UK’s leading data cabling installers. They also
provide business WiFi, CCTV and secure access control systems.
49
About the Author
50
The Little Book of Network Security and Data Protection
Contacts
Modern Networks, Hitchin
18 Knowl Piece
Wilbury Way
Hitchin, Herts
SG4 0TY
01462 426 500
www.modern-networks.co.uk
51
modern-networks.co.uk
Email: info@modern-networks.co.uk Call: 01462 426 500
18 Knowl Piece, Wilbury Way, Hitchin, Herts, SG4 OTY
52