Mitigating Risk for Distributed Enterprises Requires Comprehensive Approach
The ever-rising prevalence of network attacks on distributed enterprises — evidenced by many high-profile data breaches at large companies — has IT managers researching a wide variety of ways to mitigate security risk.
Well-publicized security tools such as Security Information and Event Managers (SIEMs) and data loss prevention solutions can be beneficial, but don’t forget about the foundation of your network security. Before anything else, it’s vital to ensure your organization’s network is designed to keep customer and company data secure.
In Part 1 of our three-part security series — in recognition of National Cyber Security Awareness Month — let’s talk about the foundations of network security.
The best-case scenario is to prevent intruders from reaching your companies most valuable data, such as Point-of-Sale (POS), in the first place. Network segmentation is a fundamental building block in your network architecture.
Many high-profile data breaches in recent years were pivot attacks, where hackers breached an easily accessible part of the network, then moved from there into an area where sensitive data was stored. If you have been using mobile POS devices as well as offering guest WiFi and running digital signage, consider isolating these applications onto their own devoted networks. We call this Parallel Networking, or “air-gapping.”
Perhaps the most pressing need in network security is better detection. Consider the infamous network hacks that have occurred in the past year. One thing stands out: The intrusions were first reported by fraud systems, not by the companies that were breached.
While it may have been said too many times, it’s not a question of if your network will be threatened, but when. Because of this, many companies are working to develop an environment in which network attacks can be detected and responded to as quickly as possible.
Proactive efforts such as penetration testing are highly beneficial, but only if there’s follow-up. As a security consultant reminded the audience at a recent event, “If you're not ready to mitigate the breaches, you might as well not look for them.” It’s not enough to know your network has vulnerabilities. You have to dedicate the resources to fix what is broken.
A simple but valuable component of network security in the distributed enterprise is quick, easy access to your company’s security team.
Many branch locations don’t employ onsite IT professionals. Employees at these sites don’t usually receive extensive IT training, so providing basic knowledge of how to recognize abnormal emails and malicious documents can help, especially when you provide easy access to the security team. The more swiftly a team member can notify the IT team at headquarters about inappropriate activity, the faster an attack can be thwarted before causing significant problems.
Another proactive security tool is annual (or more frequent) penetration testing or simulated attacks, which also is a requirement for PCI compliance.
Network threats come from a vast array of directions these days — everything from phishing attacks to employees plugging USB drives into their laptops. At both the corporate and branch level, robust pen testing shine an internal spotlight on system weaknesses.
Pen tests don't eliminate all threats, but they do help IT departments determine next steps for strengthening network security controls.
With the increasing value of usernames and passwords on the black market, two-factor authentication is an underrated end-user security strategy. By requiring users to present two pieces of identification — ranging from tokens to security codes — at each login, two-factor authentication provides an added layer of safety.
Two-factor authentication is less convenient than other access methods, but as cyber intrusions via supposedly password-protected devices persist, it very well could be worth the effort.
From network architecture to end-user caution, it takes a variety of diligent efforts to keep a distributed enterprise network secure. In my next post, I’ll talk about some of the major network on-ramps to monitor and protect.
To learn more about Cradlepoint’s 4G LTE routing solutions with best-in-breed security, click here.