Reviewing your cyber security strategy
By Richard Cassidy, Technical Director, UK & EMEA at Alert Logic
Cyberattacks are daily news, and yet advanced security and compliance are often not considered as a fundamental requirement when moving critical applications to cloud and hosted environments. Many companies deploy point technologies, such as firewalls, but stop there. This lack of security planning and strategy would halt any bricks and mortar business (e.g. a retail store wouldn’t open without windows, doors, locks, security guards, CCTV, burglar alarms etc) but yet generally fails to make it onto the agenda in a virtual world (e.g network monitoring, log management, vulnerability assessment, application firewalls, threat intelligence), where the threat landscape is constantly evolving and the methods of hackers are becoming increasingly bold.
And the challenge with it not being on the agenda is that the security threats and risks to your business are not on your radar, therefore no-one is evaluating them or weighing them up against business-critical priorities (such as maximising uptime and availability of your apps), and no-one is taking ownership or responsibility for figuring out and implementing a strategy that mitigates those risks for your business.
In a cloud environment this goes a step further, with many customers believing they don’t need to understand the security threats to their business as they expect their cloud or hosting provider to be responsible for the security & compliance of their applications and business critical data. This an incorrect assumption, with potentially devastating impacts:
- Europe is the top cyber-crime region in the world
- 76% of breaches occurred from intrusions exploiting weak or stolen credentials (Verizon Data Breach Report, 2015)
- 65% of compromises remain undiscovered a month after they occur (Verizon DBR 2015)
Taking a proactive, strategic approach to evaluating your cyber security strategy is critical, and starts with understanding what the impact would be on your business if you were the victim of a cyberattack, and how you would be able to bounce back from it. Only then can you determine what risks you are happy to accept, and identify people, processes, and technologies that are needed to plug the gaps for any that you aren’t. Upon evaluating this in depth, many Rackspace customers come to the conclusion that they would also like to leverage the Rackspace cyber security managed services portfolio rather than trying to do it themselves.
Rackspace managed security services offer intrusion detection, vulnerability assessments and log management, coupled with deep security content, and 24×7 continuous monitoring to help customers reduce their risk of cyberattack, increase application availability and reduce the cost of running in-house teams and technologies to manage their security and compliance outcomes.
Additional Resources:
On-Demand Webinar: Are You Next? Cyber Threats Landscape and Best Practices in Security
Blog: Why people matter: Observations from Rackspace Solve
Blog: The Evolution of Cyber Crime
To get the latest on threats and vulnerabilities delivered to your inbox, sign up for the Weekly Threat Report.