What are some key learning points for enterprises based on the findings of the study; and what can enterprises do to protect themselves?
The traffic and associated threat patterns discussed within this report exemplify how cyber criminals are opportunistically hiding in plain sight, yet there are some fairly straightforward steps that organisations can take to minimise or eliminate the hiding places within the network.
Our advice to business leaders and security practitioners in light of the AUTR data is as follows:
- Deploy a balanced safe enablement policy for common sharing applications. First determine which applications are in use and by whom. Then in collaboration with the business groups, determine the business use case, and establish security policies that enable the required applications while blocking others. Key to the success of this recommendation is documentation of the policies, education of your users, and periodically reviewing and updating the policy.
- Control unknown traffic, isolate and segment business services and applications. Every network has unknown traffic. It is small in volume, averaging roughly 10 percent the bandwidth observed, but it is high in risk. Controlling unknown UDP/TCP will allow you to quickly eliminate a significant volume of malware. As an extension of controlling unknown traffic, your business applications and services should be isolated, applying zero-trust principles based on the applications and users that require access.
- Determine and selectively decrypt the applications that use SSL. The use of SSL is a double-edged sword. You get privacy and protection on one hand, but masking threats and exfiltration of data either directly or indirectly via exploits like Heartbleed on the other. Selective decryption, in conjunction with enablement policies outlined above can help you uncover and eliminate potential hiding places for cyber threats.
What do enterprises have to do to ensure that their customers are protected?
Enterprises owe it to their customers to ensure that all data, including credit card information, mailing lists and personal information, are protected. The recent eBay data breach exemplifies the importance of this responsibility, and it is imperative for governments, organisations and enterprises alike to have software in place that will provide fool-proof protection to the network, which will in turn ensure peace of mind when it comes to customer protection.
In order for this to succeed, collaboration between the business and government sector is critical in order to protect infrastructure and customer data that sustain businesses everywhere.
The good news is that we are already seeing such collaborations in the region, such as the Asia Pacific Computer Emergency Response Team (APCERT), which provides technical assistance and best-practice sharing and training amongst its members.
We can expect to see more of such initiatives in the future, led by the respective governments in the region.
Sign up for Computerworld eNewsletters.