It can take 6 months or more for an organization to realize a data breach has occurred. Meanwhile, malware has entered your network and is waiting for the command to attack. Intrusions happen all over the world, but you can prevent an attack if you know what not to do. Here are five common pitfalls you should avoid to reduce your risk.
1. Using a default-allow architecture
For years, organizations have deployed solutions with a default allow security posture with varying degrees of success. With a default-allow security posture, organizations are allowing in all traffic that has not shown immediate bad behavior. However, an unknown threat that has not shown immediate bad behavior can enter the network and perform malicious actions after a period of time, damaging the network.
On the flip side, organizations have deployed solutions with a default-deny security posture. Organizations will block any traffic not recognized as safe. Although this is a better method of protection than default allow, organizations may limit productivity.
Instead, if you adopt a zero trust architecture, you never trust and always verify all traffic without limiting productivity. This, in turn, will protect your business from zero-day threats without user interruption.”
2. Relying on AI to protect you
While artificial intelligence and machine learning hold great promise for many areas of technology, it can be dangerous to rely too heavily on them for endpoint security. Having access to a virtual mountain of data, without being able to understand the context of it, can increase your security risk.
Machine learning can only detect threats that it is has been trained to recognize. When new versions of malware or other types of attacks occur that the algorithm has not been trained on, it is possible that it will be able to get past the algorithms. Machine learning is still better than traditional signatures, but there is concern over whether it will be able to prevent an unknown attack.
3. Relying on detection vs prevention
Detection is not enough; you need prevention. And, you need prevention without user interruption. Traditional antivirus solutions rely on detection to protect you, potentially allowing in malicious threats that are not detected as bad; and organizations need an endpoint solution that prevents damage and doesn’t even need to detect what the file is to protect you. Containment technology will contain all executed unknown files and allow the user to remain productive but prevent the file from causing damage until the file is proven to be safe.
The good news is prevention and detection do not have to be mutually exclusive but can actually complement each other. Adding detection and response technologies to your stack allows you to detect threats that have already gotten past your defenses and then allows you to plan a response to deal with them.
4. Underestimating the malware already in your system
It’s easy to underestimate the malware that may already be in your system. After all, it has existed dormant in your systems waiting silently for the command to spring to life and wreak havoc on your network. You can’t afford to underestimate this type of malware. You need to have detection along with prevention as a part of your stack so you can detect and respond to malware that has already made it into your system.
Combining detection on top of prevention will enhance network visibility for organizations to prevent damage as soon as possible.
5. Threats from internal sources/people
Threats from internal sources may come from employees who don’t know the latest security best practices. They respond to an email or open an attachment which can have unintended consequences that can be very costly for businesses. This is the biggest group of internal threats and they don’t mean any harm. They just may not be fully aware of the cybersecurity consequences associated with their actions.
On the other side, there are individuals who may seek to harm an organization intentionally. Thankfully, this group is smaller but can lead to insider attacks from unhappy or former employees seeking financial reward or other harm to the organization.