Connect with us

Tech & Innovation

Next generation businesses require security-driven network

As Big Data, hyperscale architectures, SD-WAN, 5G, Edge networking, and smart systems (such as cars, cities, and infrastructures) become mainstream, these networks will be forced to change even further. The current generation of security solutions now in place simply can’t keep up.

Published

on

Photo by Steve Halama from Unsplash.com

Today’s networks are distributed across so many devices and environments, many of them temporary and all of them in a constant state of flux, that the notion of a perimeter has been almost completely abandoned. This transition has largely been the result of an application-based business model. Users—both employees and consumers—require immediate and reliable access to critical applications and streaming services at any time, from any location, on any device. 

To achieve this, most organizations have transformed their networks to a collection of edges. In addition to the LAN edge, there is the new WAN edge, the multi-cloud edge, the distributed datacenter edge, the mobile edge, and most recently due to the rapid shift to work-from-home, a huge surge in the home office edge. And multi-edge computing (MEC)—a distributed, open IT architecture that features decentralized processing power and a virtualized network platform—is right around the corner. Powered by 5G-enabled devices and infrastructure, MEC leverages mobile computing and Internet of Things (IoT) technologies to process data locally rather than being transmitted to a datacenter. 

This level of innovation has transformed networks so thoroughly and so rapidly that traditional security tools are no longer able provide the consistent security that networks require. Traditional security solutions, often deployed after a network was in place, were designed to secure fixed perimeters and monitor predictable levels of traffic and workflows moving between static network servers and devices. 

Those days are gone. Today’s collection of edge environments are in a constant state of flux. They are not only continually adding and dropping physical and virtual devices, they also create temporary networks and are constantly fine-tuning connections. And as Big Data, hyperscale architectures, SD-WAN5G, Edge networking, and smart systems (such as cars, cities, and infrastructures) become mainstream, these networks will be forced to change even further. The current generation of security solutions now in place simply can’t keep up. 

Security-driven Networks are Designed for Today’s Digital Business 

Fortunately, there is a new generation of security designed for today’s complex, distributed, and dynamic environments. It starts with Security-driven Networking, an approach that tightly integrates an organization’s network infrastructure and security architecture into a single solution. Weaving security deep into the network in this way is essential for effectively defending today’s highly dynamic environments. And by deploying Security-driven Networking solutions across all of their edge environments, organizations can ensure consistent policy orchestration and enforcement across today’s highly flexible perimeters. This enables the network to reroute traffic, replace connections, move resources from one domain to another, and dynamically scale up and out without ever compromising the ability of security systems to track workflows, transactions, users, data, or devices. 

Achieving this requires implementing a security solution strategy designed to encompass the entire network development and deployment life cycle, allowing security to function as the central consideration for all business-driven infrastructure decisions. With security at the core, networks can evolve, expand, and adapt without concerns that an expanded attack surface or security gap could compromise the organization. 

Three Critical Steps for Implementing a Security-driven Network: 

Secure PDIO: A Security-driven Networking strategy must be part of the entire network Planning, Design, Implementation, and Optimization lifecycle. But it starts in the planning stages, before everyone agrees on what new infrastructures and applications and devices are needed. And that requires everyone to agree that all development must support a central security fabric strategy—an approach for ensuring consistent visibility, orchestration, response, and enforcement across the entire network. 

Want a new cloud infrastructure? It doesn’t just need to include security. It needs to use a security platform that can function as part of the central security fabric. Building and deploying a new application? The security fabric not only needs to be able to see and inspect the application and its traffic, but it should also be built using the exact same security tools used to protect the rest of the network. And when virtual devices need to spin up or out, or when connections between a branch office and business applications in the cloud need to roll over, the Security Fabric needs to literally be part of that process, ensuring that security is always watching, always sharing, and always ready to respond. 

Access Control and Segmentation: When new devices are added to the network, the integrated security system needs to automatically identify them and apply rules before granting access to network resources. That includes automatically assigning devices to secured network segments that have been enhanced with authentication for increased control and flexibility. These network segments are then monitored by the security fabric to prevent unauthorized behaviors, inspect applications, and secure workflows, driving access security deep into the distributed network. And because security and networking are tied together, any changes to the network infrastructure automatically include changes to security. 

Consistent Protection Everywhere: Data never stays in one place. It gets shared, cross-referenced, mined, and processed. Security-driven Networking protects data, applications, and workflows along their entire data path through the implementation of a single, integrated Security Fabric, ensuring that the secure handoff of data and workflows between network domains is seamless. Achieving this requires integrated security platforms deployed across the network to consistently secure that traffic even as it passes across and between different network segments, dynamic multi-cloud environments, data centers, and devices.  

This requires a solution designed to function natively in all public and private cloud environments and comes in form factors ranging from powerful datacenter edge devices, to small desktop footprints, to virtual solutions running in cloud environments, to cloud-based solutions designed to secure devices and data off-network, to software running on endpoint devices, to versions designed to run in a container or be added to an application to secure data and transactions. All of these must function as a powerful security solution within their own sphere, track and adapt as the environment changes, and work as a single, integrated system that spans all environments to add a level of visibility, control, and response previously unavailable. 

Digital Innovation Demands Security-driven Networking 

Security-driven Networking is an essential next step for securing today’s dynamic and evolving digital infrastructures. Security platforms integrated into a unified security fabric and woven into the network infrastructure enable organizations to embrace digital innovation and expand their digital footprint without exposing critical resources to new risks compounded by the loss of visibility and control—often due to the complexity of trying to secure an evolving network using traditionally isolated products. Security-driven Networking is designed to expand and adapt in sync with the network, providing the flexible protections and controls that today’s digital businesses require. 

Tech & Innovation

Why small businesses need both a domain name and hosting to create their digital presence

GoDaddy shares the difference between a domain name and hosting, and how they work together to help get a business online.

Published

on

The opportunity to launch your own website and join the ranks as a small business owner is an exciting new venture.  Before you begin to take a business online, it is helpful to understand that getting started means choosing both a domain name and a hosting provider.

GoDaddy shares the difference between a domain name and hosting, and how they work together to help get a business online.

What is a domain name?

A domain name is considered your business home and piece of real estate on the internet. Choosing and registering a domain name is critical to getting your business or idea online with increased visibility.  Most business owners try to choose a domain name that matches their business name, or one that aligns closely. 

A domain name needs to be memorable and different from other domain names on the internet.  With many names already taken on the internet, you may need to be creative, however, choose a name that is easy to remember and easily spelled. Many domain providers, including GoDaddy, have an online search tool on their website to help find domain names that are available.

If your desired domain name is already taken, you can consider choosing your business name with a different name extension.  For example, many websites have a .com extension at the end of their business name, however there are many other domain name extensions available today.  These can include sector based name extensions like .shop, .accountant, .plumbing, and .tv, which can help consumers know the business of your company.  Or you can consider a geography-based name extension like .ph or .sg, which tells your customers where you are located, as more consumers look to shop locally.

What is web hosting?

Web hosting is a service that allows you to rent space on a server for your website and its contents. Think of your website as a collection of digital files that includes information; photos; videos; design elements and other types of content.  You need a space to store all these files, so people can visit your website, browse your pages, and make purchases day or night, by people from around the world.

This space is considered hosting and is offered by a variety of hosting providers. Hosting services are available in a variety of plans. It is important to choose a hosting plan that meets the needs of your business and can grow with you as your business grows.

It is important to keep your hosting plans up to date to help ensure that your domain name registration stays current.  You can consider automatic renewals for your domain name to help keep your business domain name registered to your business, and not picked up by the competition.

How do domain names and web hosting work together?

Knowing the difference between domain names and hosting is where many people get confused, but it isn’t complicated.  Think of your domain as a street address, guiding people to where your website lives online.  Hosting allows you to store the files that make up your site at that location (your domain name), so visitors have something to see.

If you’re new to domains and hosting, both are important and work together, so you may want to consider purchasing them together for the easiest user experience. Setting up with one provider can feel more streamlined, since everything is with one company, helping you reach audiences that can help your business grow.

To help make it easier, annual GoDaddy Hosting plans includes a custom domain name, and security protections.

What to look for in a hosting provider?

  • Storage: For most small- to medium-sized business websites, a few gigabytes of storage may be sufficient. 
  • Bandwidth: People with large websites who expect to attract many visitors require more bandwidth.
  • Scalability: The option of having an automatic increase in storage/bandwidth in case of a large traffic spike on your site.
  • Reliability: Look for a 99.9% uptime guarantee or better. A website that is frequently down can negatively impact your business growth.
  • Security: options available for website SSL Certificate protections and for security monitoring for malware/virus protections.
  • Backups: Some providers offer scheduled backups of your website content and store them as a part of the hosting plan chosen.
  • Support: 24/7 customer support availability, so you can call for help at a time that works for you.
  • Analytics tools for gathering information about your marketing efforts and your website use.
  • Tools that allow you to integrate your website with your social media pages.

Now that you have a deeper understanding of what domain names and web hosting are, and how they work, you are better equipped to lay the foundations of your digital strategy, launch, and grow your business on the internet.

Continue Reading

Tech & Innovation

7 Tips on mitigating cyber risks to your corporate social media in 2023

As many businesses use social media to promote their products and services, these threats are relevant to an extremely large number of companies. To help them stay safe, Kaspersky experts are offering the following advice to mitigate the cyber risks associated with social media in 2023. 

Published

on

Anna Larkina, Web content analysis expert, Kaspersky
and
Roman Dedenok, Spam analysis expert, Kaspersky 

Threats to corporate social media are evolving along with perpetrators’ social engineering skills at a blistering pace. Sometimes their techniques reach such a high level that even the tech-savvy administrator of a corporate network can’t tell the difference between a scam and the truth. 

As many businesses use social media to promote their products and services, these threats are relevant to an extremely large number of companies. To help them stay safe, Kaspersky experts are offering the following advice to mitigate the cyber risks associated with social media in 2023. 

Use caution with direct messages and drafts folder, delete old irrelevant information  

Companies should be careful about keeping sensitive information in direct messages – it can pose cyber risks. 

People often use corporate social media to write directly to brands, asking for help, using the account holder’s product or service. Also, some partnerships, such as those with bloggers, can be negotiated in direct messages. Sometimes personal or financial information is shared during these conversations, which could remain in the messages folder long after the interaction. If there is a breach allowing cyber criminals to gain unauthorized access to the account, sensitive data may be leaked or used to organize an attack.

To avoid this risk, make it a useful habit to delete irrelevant messages when the dialog is finished and the information it contains is no longer relevant. The same applies to posts – It is worth carefully reviewing what is saved in the drafts folder from time to time.

Review old posts to minimize reputational risks  

The power of reputation is growing: every word, action, and decision can either help or harm the company’s image. 

Everything published online is of great importance in terms of cyber security as well: when sensitive information (re)appears in public, it almost always ends up hurting a company’s reputation and could incur financial losses.

To be on the safe side, spend some time reviewing already published posts, as they might contain information that doesn’t fit into the current reality – that might be anything from inappropriate jokes to controversial advertising campaigns.

What was normal yesterday, can cause a negative public reaction today. A review of publications made over the past few years largely reduces related reputational risks.

Be careful posting your success stories 

Having signed a lucrative contract or reached a deal, we want to post it on social media to tell as many people as possible about our success. But we really need to be aware of unwanted cybercriminals’ attention. If a potential attacker knows who your suppliers or contractors are, they could try to conduct an attack impersonating them or breaching their accounts and acting on their behalf. 

Moreover, the clearer you reflect your company’s structure and working methods on social media, the easier it is for perpetrators to organize an attack. For example, if it is possible to trace who is responsible for finance, an attacker can pretend to be this person’s supervisor and try to lure them into urgently transferring a large sum of money to a fake account to “close a deal” or “purchase necessary equipment”. Exercising various social engineering techniques, a perpetrator can convincingly impersonate another person, and a victim would hardly notice the fraud.

Warn newcomers about risks associated with “new job” posts on social media

After getting a new job, newcomers usually share the news on social media, but they do not yet understand how cybersecurity processes are built in this company: for example, how identification works or with whom they can share sensitive information. Therefore, a newcomer is more vulnerable to cyberattacks.

Imagine: a perpetrator tracks this person in social media and collects information about them. Then the criminal writes the new employee a malicious letter on behalf of the company’s IT administrator asking to share the password to set up a technical account.  It is highly likely that a newcomer will share the password because they do not know that the administrators would never write such a letter. Moreover, new employees are usually shy, and they might hesitate to ask their colleagues if the letter is authentic. A tiny little post on social media might turn the employee into an entry point for cybercriminals. 

To mitigate the risk, offer newcomers a course on information security immediately, and tell them to be extremely careful when posting about a new job. 

Control account access (and don’t forget to change the password when an employee leaves) 

Logins, passwords, and access to the email address used to create a social media account are just as valuable as other internal corporate documents. 

If an employee who has access to accounts and authentication data leaves the company, it is useful to apply the same rules as when blocking their access to the corporate network. 

To begin with, change the password for the e-mail account linked to the corporate social network; then unlink the ex-employee’s mobile phone number and check other authentication methods – for example, a spare mailbox.

Do not ignore two-factor authentication 

Any account on a social network, not to mention a corporate one, must be securely protected. Two-factor authentication is an absolutely necessary setting for any type of account.

The email address linked to the account should be as protected as the social media account itself. Often the attack begins with an initial access to email. After breaching an account, an attacker can configure filters in the mailbox settings to delete all support emails from the social network. Therefore, a user will not be able to restore access to their account, because all emails will be deleted automatically. Not to mention that in a stressful situation we won’t be checking which filters are currently configured in our mailbox. 

It is best to register a social media account using a corporate email address. To begin with, it is better protected (assuming the company cares about cybersecurity). Furthermore, in-house security specialists can block access to this mailbox along with all access to the corporate network.

Provide your employees with anti-phishing training 

To mitigate cyber risks in social media networks, it is not enough to protect your company’s account technically, it is equally important to conduct special training for employees on information security, various types of phishing, and other threats.

According to user statistics on the Kaspersky Gamified Assessment Tool, designed to educate workers and to assist managers in measuring their cyber skills, just 11% of nearly 4000 employees demonstrated a high level of cybersecurity awareness in 2022, while 28% could not prove sufficient cybersecurity proficiency.

Attackers use sophisticated methods of social engineering. Even the most advanced representatives of Gen Z can succumb to them. The human factor cannot be reduced to zero, but it can be minimized as much as possible with the help of dedicated training.

Continue Reading

Tech & Innovation

Fear can inspire remote workers to protect IT resources

Basically, the more workers felt that their organization’s resources were their own, the more likely they were to respond in the desired way.

Published

on

Fear of what could go wrong is the greatest motivator when it comes to getting remote workers to protect their employer’s information technology security, according to a recent study in Computers & Security. But it tends to work best when employees also have a solid understanding of the severity of potential security threats, including the knowledge of what to do when the worst happens. 

As millions of people continue to work remotely, the research provides employers with key insights to keep their valuable information safe. 

“Employees need to feel this is a big deal if it happens, so the number one thing employers can do is to clearly communicate what the threats are and how serious they could be,” said Robert Crossler, corresponding author for the study and associate professor in the Carson College of Business at Washington State University. “Because for most people this is not their job. Their job is to make something or sell something, not to make good security choices, even if it is critical for their organization.” 

For the study, the researchers examined and compared two approaches for motivating security compliance behaviors in a changing work environment. 

Protection motivation theory posits that organizations can encourage secure behaviors through fear appeals, threat messages and promoting self-efficacy, or the ability to respond to a particular threat. The practice, which often utilizes surveillance to monitor employee actions, has been used effectively for decades to deter people from engaging in risky behaviors at work and to discourage unhealthy practices such as smoking or having unsafe sex. 

The second approach Crossler and his collaborators examined is stewardship theory. Stewardship theory is a form of reciprocal agreement that tries to motivate the employee’s behavior through a sense of moral responsibility that is not forced. In this approach, management attempts to get the employee to buy into the organization’s overall vision while giving them organizational support to act independently when confronted with a security threat. 

For the analysis, 339 people who worked at companies with IT security policies were recruited to answer a scenario-based survey. The three survey scenarios describe common policy violations that are relevant to remote work situations, such as the use of unauthorized storage devices, logging off a sensitive account when it is not in use and refraining from sharing one’s password with others. 

Each respondent randomly read one of three of the scenarios and then indicated their likelihood to act in a certain way based on various protection motivation and stewardship theory factors. Although working from home would seem to require relying on concepts more consistent with stewardship theory, the study showed that an approach that relied on the fear and threats emphasized in protection motivation theory was far more effective at preventing employees from violating security policy than a strictly stewardship-based approach.

One novel aspect of the study was that Crossler and his collaborators also considered a security approach that integrated factors of the two theories together. 

The researchers found that promoting a sense of collectivism, a concept from stewardship theory that emphasizes the mutual benefits of good behavior for both the employee and the employer, helped increased the efficacy of protection motivation theory-based methods.

“Basically, what we found was that the more workers felt that their organization’s resources were their own, the more likely they were to respond in the desired way,” Crossler said. “Instilling a sense of collectivism in employees is only going to help enhance people’s likelihood of protecting security policies.” 

The study, which was conducted in collaboration with researchers at the University of North Texas and Oklahoma State University, also showed that in some cases, a protection motivation theory approach to IT security would back-fire and result in security misbehaviors. As a result of their analysis, the authors recommend that companies should consider removing or reducing surveillance practices that are a common aspect of protection motivation theory. Where such removal is impracticable, employers should consider providing employees with contextual reasons for performing such monitoring. 

“This is really the first study that brings stewardship theory and protection motivation theory together in the context of IT security for people working from home,” Crossler said. “While stewardship theory did not work as well as protection motivation, our results suggest that managerial decisions informed by a stewardship perspective can help to provide a further understanding of security policy violations that motivates employees to make the right decision.”

Continue Reading
Advertisement
Advertisement

Like us on Facebook

Trending