Five ways to enhance your organisation’s threat detection and response capabilities

 

With remote work practices likely to remain a feature of business life for an extended period, organisations are grappling with what this means for IT security.

Many are realising additional measures need to be urgently put in place to ensure critical systems and data remain protected from attack while staff continue to work outside traditional perimeter defences.

The issues come at time when cybersecurity threats are continuing to increase and evolve. Social engineering, phishing, and ransomware attacks are causing disruption and losses at unprecedented rates.

Innovation is key

Faced with these challenges, organisations are increasingly finding they need to take a more innovative approach when it comes to their IT security measures. This is because traditional preventative measures are no longer sufficient to counteract the evolving threats.

Challenges are also being encountered because of an ongoing shortage of skilled IT security professionals. Many organisations find they simply cannot attract and retain enough people to carry out the work that needs to be done.

As a result, security teams need to alter the way they operate. They need to improve their capabilities, automate their processes, and be far more innovative than has previously been the case.

Practical steps

Once a decision is made to improve an organisation’s security posture, there are five practical steps that can be undertaken. These steps are:

  1. Adopt a zero-trust strategy:
    Zero trust involves a shift away from a more traditional perimeter approach to IT security. Particularly at a time when many staff are working from home, zero trust provides a way to ensure core systems and data remain secure at all times. Zero trust operates on the premise of removing the inherent trust that previous network design methodology had placed on users. By placing more levels of authentication within the network, this provides security teams greater insights into what their users are doing. This then reduces the chances of unauthorised parties gaining access to resources.
  2. Combine authentication methods:
    Increasing numbers of organisations are improving their security measures by combining virtual authentication measures with physical ones. For example, logs of entry and exits from a building can be tallied with network logins to determine who has accessed systems and at what times. This makes unauthorised activity easier to spot.

 

  1. Automate your responses to phishing attacks:
    Phishing email attacks continue to increase in number and quality. In some cases, it can be almost impossible to recognise that a message has not come from a trusted source. To counteract this threat, security teams can deploy tools that automate the process of quarantining suspicious messages and resetting compromised user accounts. For example, teams can create a dynamic blacklist of domains based on phishing reports and trigger automated responses against that blacklist. Other tools can scan incoming messages using keyword analysis to proactively identify phishing attempts.
  2. Improve monitoring of remote workers:
    With many staff likely to remain in work-from-home mode for at least a portion of their time, having a way to remotely manage their IT security has become critical. Tools should be put in place that monitor activity and the resources that each staff member are accessing. Any unusual activity then sparks an alert that can be investigated by the security team. A zero trust strategy augments this by ensuring that employees are only accessing data that their role requires them to.
  3. Watch for Bitcoin mining:
    Usage of scripting tool PowerShell is increasing within many organisations as people come to understand how it can be used to improve efficiency through the automation of certain tasks. However, in some cases, the tool is also being used to enable activities such as Bitcoin mining. While this is more an operational than a security issue, it does mean that company resources are being used for personal gain. Putting in place the capability to monitor for unauthorised use of PowerShell can overcome this problem. A bonus tip is to think about the people and processes that you will need to have in place, when building new content in your security tool.

The challenges faced by security teams are almost certain to continue to increase in the months and years ahead. Cybercriminals will devise more sophisticated attack methods and the ongoing prevalence of remote working will make traditional defences far less effective.

By undertaking these five steps, however, an organisation can be much more prepared to deal with these threats. The goal of having a secure and reliable IT infrastructure will be closer to being reached.

Joanne Wong
Joanne Wong has more than 20 years’ experience in all aspects of marketing and business management. She is currently Vice President of International Marketing EMEA and Japan at LogRhythm, the company powering today’s security operations centres, where she holds responsibility for the company’s regional marketing strategy and execution. She previously worked at SAP as Director, Head of Marketing (Financial Services) for Asia Pacific and Japan, and in several positions at Microsoft including Business Group Lead for the company’s Windows Division Business. She holds an Honours degree in Legislative Law from the National University of Singapore.