The modern security landscape is anything but simple, with threats becoming more complex every day. That’s why we’d like to introduce a fresh way of looking at big picture cybersecurity. Our technology partner, Fortinet, refers to these best practices as the “4 Ts.” We agree they’re an effective means of better understanding the cybersecurity landscape.
1. Timeliness: Never push until tomorrow what can be done today.
Threats evolve faster than our defenses, and cybersecurity measures must keep pace. Not only do companies need current, comprehensive security tools and strategies, but they must regularly maintain them with a schedule of patches, maintenance and updates – all designed to protect business in real time.
2. Training: Most threats come from within.
When it comes to a business’s cybersecurity strategy, humans are often the weakest link. By providing training and education about the types of threats, employees can be more vigilant and aware of vulnerabilities they may inadvertently introduce. Education regarding password best practices, personal device (BYON/BYOD) protocols, and the dangers of introducing ransomware from phishing attacks will help to manage one of the single largest vulnerabilities in your network: your people.
3. Technology: You cannot firewall everything.
Vulnerabilities are everywhere, with so many entry points ranging from cloud applications to mobile devices to IoT devices. This means organizations need to think far beyond the basic firewall when developing a cybersecurity platform. While firewalls still serve as perimeter protection, they must now integrate and share direct threat intelligence with additional layers of threat detection and incident prevention tools. That way, threats that get past the first line of defense can be detected and stopped, or at least slowed to the point where they can be mitigated in subsequent layers. The most effective cybersecurity solutions integrate tools and functions into a cohesive fabric of protection. Fortinet’s security fabric, for example, enables multiple security tools to automatically share and log actionable threat intelligence on traffic coming from endpoints, data centers, and the cloud.
4. Testing: Don’t just hope the system works, prove it.
With new threats and malware variants emerging regularly, optimized cybersecurity does not stay optimized for long. Along with constant patching, regular testing is a must for catching and plugging vulnerabilities in real time. Three basic types of tests include:
- Network vulnerability scans seek out known vulnerabilities, pinpoint their location and categorize them by threat level.
- Application vulnerability scans inspect for undocumented vulnerabilities via application functionality tests.
- Penetration testing by ethical hackers is an effective way to think like a threat, where real people work to pinpoint vulnerabilities by simulating attacks.
So, as you can see, by keeping the four “Ts” top of mind, you will be better equipped to map out a comprehensive security strategy to protect your business. NCA’s experienced consultants can help by implementing enterprise grade solutions to achieve a fortified security strategy that encompasses each of the 4 T’s. Contact us.
Network Computing Architects, Inc. is a premier provider of high quality sustainable and secure networking, information security solutions and unified communications. We partner with our clients to provide answers to business initiatives where leading technologies converge.
NCA achieved ISO 27001:2005 certification in December 2007 and is currently ISO 27001:2013 certified. The scope of NCA's ISMS is client confidential information within NCA Professional Services Practice.