The password issue hasn’t gone away – an annual worst password listing still features 123456, batman and superman among the most common choices. Worse, users are now using a proliferation of mobile devices beyond the walls of your workplace – and securing them still falls to you.
Part of the challenge is that users are bringing their own devices to work – and while this has proven productivity gains, it also has serious security implications. You’ve also got to protect the traditional environment – oh, and there’s the Internet of Things (IoT) as well. It is no longer easy to track who, what, how and why your network is being accessed – so it pays to get smart.
Not surprisingly, cyber-criminals have been quick to grasp the opportunity that this changing scenery brings. They’ve accessed networks via connected security cameras, point of sale equipment and hand-held scanners. But targeting users with malware – via unsafe websites and increasingly convincing emails – is still the preferred route.
Training is still important, but why risk security in the hands of people who think nobody will ever guess qwerty, letmein or allblacks as a password? Network security experts say their Fortiguard Labs neutralise 95,000 malware programs every minute of every day, targeting traditional, mobile and IoT platforms. They recommend strong endpoint security for mobile users, with set-and-forget functionality that is not dependent on busy employees to perform updates.
There are many options for endpoint security. This can be as much a challenge as an advantage, in that if you end up with disparate systems that do not share intelligence, there may be a window of opportunity for targeted attacks. Even small and mid-sized businesses are a target for cyber-criminals – and one of the common lapses we see is where it is assumed an organisation would fly under the radar. In fact, that is what makes smaller organisations so attractive to those seeking easy cyber-crime wins.
An integrated, information-sharing security fabric such as Fortinet’s harnesses security across endpoints, wireless environments and the core of your business, which gives you one of the most important defences: visibility. When you can see what is going on and take the onus to some extent from your 123456 users, you make yourself far less attractive a proposition. Most attackers look for the least effort to gain a result, and you have just made it very hard work.