IT Brief New Zealand logo
Technology news for New Zealand's largest enterprises
Story image

New security approach needed as corporations evolve

Mon 21 Dec 2015
FYI, this story is more than a year old

By Don Liew, Asia Pacific Security Director, AT&T

New technologies are changing the way multinationals in Asia Pacific do business, and opening the door to a wider range of cyberthreats. Corporate leaders need to now adopt a new approach by accepting the inevitability of attack and taking early action to increase security and build network resilience.

Your corporate data is highly valuable and, most likely, entirely digital. Cloud computing adoption is accelerating on a global scale, led by Software-as-a-Service (SaaS) applications that give employees anywhere-anytime access to an expanding array of essential business tools. This is complemented – and complicated – by the widespread growth of corporate bring-your-own-device (BYOD) programs and the rapid consumerization of mobile and tablet platforms. Blurring the line between devices and tools for business and personal use, these developments create multiple points of access to your critical business applications and services.

But just as corporate technologies are expanding, so too are those available to cybercriminals. Today’s online threats are pervasive and evolving. AT&T has seen a 62% increase in distributed denial of service (DDoS) attacks across its global network over the past two years, along with a 458% increase in Internet of Things (IoT) vulnerability scans, where an adversary probes IoT devices for a weakness in network defenses.

These escalating threats, and the increasing deployment of malware, ransomware and targeted attacks against corporate sites, now pose tremendous security challenges to businesses in every industry. What’s more, the pressure of regulatory security compliance is also rising as new and stricter standards are introduced to protect consumers and help mitigate economic and political risk.

Even though media reports of highly visible breaches have made it impossible to ignore these threats and challenges in recent months, many companies remain unprepared to tackle them.

A first step to rectifying this is to accept that a traditional perimeter approach to security, relying on passwords to safeguard access to business-critical infrastructure and services, is no longer enough in risk mitigation. The threats facing every organization today are now so sophisticated and prevalent that you must expect to be attacked. To minimize business impact, it is therefore necessary to prepare for this eventuality and be ready to detect and respond to breaches when they occur.

Here are three security aspects to consider:

Authenticate and authorize users and applications.

Two-factor authentication (2FA) can be installed to create an extra barrier between potential attackers and your data. It requires the user to provide two means of verifiable identification: typically a physical token, such as a smartcard or a one-off device-specific code, and their memorized username and password. This helps protect the business in case of weak user passwords, lost passwords, stolen devices and even brute force attacks. It helps to improve both business confidence and accountability. Corporations should only provide access to important information to those who need it to minimize risks. Fewer people having access to your most important information helps reduce the risk. With the availability of token authentication as a service in the cloud, it is now easier for businesses to implement 2FA. This model is replacing traditional on-premise 2FA solutions, offering rapid implementation at a much lower total cost of ownership, with high availability and scalability.

Protect critical web applications

Websites and mission-critical web applications are prime targets for attack because they are readily accessible and offer an easy entry point to valuable data. Traditional network- and host-based security systems will not stop today’s hackers. We can combat this vulnerability with application-layer security measures that help protect web applications as well as the underlying servers and databases that support them, without affecting application performance or uptime. A web application firewall service, deployed at your premises or in any hosting environment, can provide a high degree of protection without interrupting legitimate traffic. It should be based on an extensive analysis of your web application traffic and include tightly tailored policies and constant updates to keep pace with evolving threats. One advantage of a web application firewall service is that it allows “virtual patching”. This is useful when a known security vulnerability threatens web applications, but shutting them down to patch them would significantly impact the business. This capability is becoming an increasingly important security tool. It was used to great effect to combat Heartbleed, a severe security bug discovered in April 2014. Operations teams around the world used such web application firewalls to provide interim protection for their servers and minimize business exposure while they implemented a suitable Heartbleed security patch. When it comes to DDoS attacks, which seek to overwhelm your servers and bring your business to a halt, a separate anti-DDoS solution is required. The most effective solution will identify a DDoS attack at the underlying network and re-route traffic to a network scrubbing facility where malicious DDoS packets can be dropped before legitimate traffic is sent on to your server. This requires highly sophisticated predictive and early warning capabilities on the core provider’s backbone network.

Boost your cloud security

Public cloud computing is now standard practice for many companies moving business functions into the cloud to access cost-effective and scalable computing power. However, this model forces you to rely on third-party providers for data security, even as the explosion of mobility and BYOD further increases the risk. It is thus vital to verify that all links to cloud storage, including email and web applications, connect over secure and managed networks. Good cloud security practices include multiple layers of security across applications, devices, networks and platforms. It is also worth considering a solution that uses a virtual private network to take your cloud traffic off the public Internet and isolate it to reduce exposure to security risks.

Finally, keep security on your boardroom agenda. Cybersecurity is all too often perceived as an IT issue and kept in a silo. This creates a gap between the C-suite and the security team that needs to be bridged if your business is to make effective security decisions and execute them decisively. Clear leadership and closer communications will help allow your key leaders to understand the threats and mobilize resources to make security the responsibility of every executive, employee and board member. 

By Don Liew, Asia Pacific Security Director, AT&T

Related stories
Top stories
Story image
Cybersecurity
Hard numbers: Why ambiguity in cybersecurity no longer adds up
As cybersecurity costs and risks continue to escalate, CEOs continue to struggle with what their investment in cyber protection buys. Getting rid of ambiguity becomes necessary.
Story image
Cybersecurity
Managed service providers: effective scoping to avoid costly vendor pitfalls
Managed security services are outsourced services focusing on the security and resilience of business networks.
Story image
Remote Working
How zero trust and SD-WANs can support productive remote working
The way people connect with applications and data has changed, users are remotely accessing resources that could be stored anywhere from a corporate data center to the cloud.
Story image
Cybersecurity
The 'A-B-C' of effective application security
Software applications have been a key tool for businesses for decades, but the way they are designed and operated has changed during the past few years.
Story image
Microsoft
Microsoft unveils adaptive accessories for disability access
Microsoft is introducing an expansive Inclusive Tech Lab to give people with disabilities greater access to technology through new software features and adaptive accessories.
Story image
Mobility
Hands-on review: STM laptop bags
The advent of hybrid working has meant we need laptop bags. We got our hands on two of the most popular laptop bags from STM.
Story image
Phishing
Google reveals new safety and security measures for users
Google's new measures include automatic two step verification, virtual cards and making it easier to remove contact information on Google Search results.
Story image
Veryfi
Veryfi announces Mobile Receipt Capture for D2C marketing apps
Veryfi has announced a new enhancement to its portfolio, with Mobile Receipt Capture for direct-to-consumer marketing apps.
Story image
Sustainability
Power at the edge: the role of data centers in sustainability
The Singaporean moratorium on new data center projects was recently lifted, with one of the conditions being an increased focus on power efficiency and sustainability.
Story image
Artificial Intelligence
SAS launches human-focused responsible innovation initiative
SAS has launched a responsible innovation initiative, furthering its commitment to equity and putting people first.
Story image
Kodari Securities (KOSEC)
NFT trends and opportunities: expert reveals all
The NFT market is growing at an exponential rate, with unprecedented liquidity. Here we explore how businesses can profit.
Story image
Power / Energy
SmartCIC report reveals top five 5G carriers in the world
The Global Cellular Performance Survey also found that 5G networks are delivering high download speeds but lagging in upload speeds.
Story image
Ransomware
Ingram Micro Cloud adds Bitdefender solutions to marketplace
Ingram Micro Cloud has announced the expanded availability of Bitdefender solutions on the Ingram Micro Cloud Marketplace.
Story image
BeyondTrust
BeyondTrust integrates Password Safe solution with SailPoint
BeyondTrust has announced the integration of BeyondTrust Password Safe with SailPoint identity security offerings.
Story image
Artificial Intelligence
ANU and Seeing Machines to use AI to improve driver safety
The Australian National University and Seeing Machines have won a grant to develop AI systems monitor human behaviour while driving.
Story image
SAS
New SAS service overcomes subscription fatigue for media companies
SAS has launched SAS 360 Match which helps media companies move towards a AVOD model to generate revenue as subscribers cancel.
Story image
Data Center
Preventing downtime costs and damage with Distributed Infrastructure Management
Distributed Infrastructure Management (DIM) can often be a lifeline for many enterprises that work with highly critical ICT infrastructure and power sources.
Story image
Ivanti
Ivanti and Lookout bring zero trust security to hybrid work
Ivanti and Lookout have joined forces to help organisations accelerate cloud adoption and mature their zero trust security posture in the everywhere workplace.
Softiron
For every 10PB of storage run on HyperDrive vs. comparable alternatives, an estimated 6,656 tonnes of CO₂ are saved by reduced energy consumption alone over its lifespan. That’s the equivalent of taking nearly 1,500 cars off the road for a year.
Link image
Story image
PaaS
New digital traffic light system to tackle construction defects
Smarter Defects Management launches its PaaS digital system and says it will revolutionise managing defects in the construction industry.
Darktrace
Threat actors are exploiting weaknesses in interconnected IT/OT ecosystems. Darktrace illuminates your entire business and takes targeted action to stop emerging attacks.
Link image
Story image
Artificial Intelligence
SAS unveils AI experience to improve kids' batting abilities
SAS has created The Batting Lab, an interactive experience using AI, computer vision and IoT analytics to help kids improve their baseball and softball swings.
Story image
Tech job moves
Tech job moves - Datacom, Micro Focus, SnapLogic and VMware
We round up all job appointments from May 6-12, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
SaaS
Absolute Software expands Secure Access product offering
Absolute Software is enhancing its Secure Access product portfolio, enabling minimised risk exposure and optimised user experiences in the hybrid working environment.
Story image
Talend
Talend introduces new data health solutions for businesses
Talend has announced its latest version of Talend Data Fabric, with the release of Talend Trust Score enabling data teams to establish a foundation for data health.
Story image
Artificial Intelligence
Updates from Google Workspace set to ease hybrid working troubles
Google Workspace has announced a variety of new features which will utilise Google AI capabilities to help make hybrid working situations more efficient and effective.
Story image
Wireless
SmartCIC, BICS partner to expand wireless service options
SmarCIC has partnered with BICS to increase choice for organisations using fixed wireless services, expanding existing carrier relationships for its CELLSMART division.
Story image
Digital Transformation
Unlocking the next digital frontier for educational institutions
Understanding where to invest in technology can be challenging for education institutions, especially after the COVID-19 disruptions.
Story image
Sustainability
Grasping the opportunity to rethink the metrics of a sustainable data centre
A data centre traditionally has two distinct operations teams: the Facility Operations team, and the IT Operations team. Collaboration between them is the key to defining, measuring, and delivering long-term efficiency and sustainability improvements.
Story image
Fortinet
Fortinet's Security Fabric hits new record for integrations
The Fortinet Security Fabric has surpassed 500 technology integrations with more than 300 Fabric-Ready Technology Alliance Partners.
Story image
Excel
Could your Excel practices be harming your business?
While Excel has been the de-facto standard for budgeting, planning, and forecasting, is it alone, enough to support organisations in the global marketplace that’s facing rapid changes due to digital transformation?
Story image
Ransomware
Cybersecurity starts with education
In 2021, 80% of Australian organisations responding to the Sophos State of Ransomware study reported being hit by ransomware. 
Story image
Sustainability
Siemens showcases new automated solutions for data centers
Siemens has implemented new automated solutions and AI in the Baltic region's largest data center, providing insight into the future of data center management.
Story image
Adyen
Adyen expands partnership with Afterpay as BNPL payments increase
Adyen has expanded its partnership with AfterPay allowing more of Adyen’s merchants in more countries worldwide to use the BNPL provider.
Story image
SaaS
Cloudflare launches instant serverless database for dev teams
"Today we’re announcing our first serverless database which we expect will quickly become one of the largest databases in the world."
Story image
Cybersecurity
A10 Networks finds over 15 million DDoS weapons in 2021
A10 Networks notes that in the 2H 2021 reporting period, its security research team tracked more than 15.4 million Distributed Denial-of-Service (DDoS) weapons.
Booster
Booster Innovation Fund. A fund of Kiwi ingenuity – for Kiwi investors.
Link image
Story image
Digital Transformation
Why enterprise records management should be part of any digital transformation strategy
Modern organisations create and rely upon an enormous volume of content, and digital records make up a significant proportion of that content.
Story image
Sift
Sift shares crucial advice for preventing serious ATO breaches
Are you or your business struggling with Account Takeover Fraud (ATO)? One of the latest ebooks from Sift can provide readers with the tools and expertise to help launch them into the new era of account security.
Story image
Microsoft
SAS Viya on Microsoft Azure to deliver 204% return - study
The Forrester Total Economic Impact study finds SAS Viya on Microsoft Azure brings a 204% return on investment over three years.
Story image
IT budget
$20m boost for digital technologies announced
The government is spending an extra $20m over four years on its plan to transform the digital technologies industry.
Story image
Remote Working
How organisations can meet employees' changing expectations
The global employment market has shifted dramatically in favour of employees, sparking the so-called great resignation, in which people are leaving unsatisfying roles in search of greener pastures.
Exabeam
Find out how a behavioural analytics-driven approach can transform security operations with the new Exabeam commissioned Forrester study.
Link image
Story image
Application Security
What are the DDoS attack trend predictions for 2022?
Mitigation and recovery are vital to ensuring brand reputation remains solid in the face of a Distributed Denial of Service (DDoS) attack and that business growth and innovation can continue.