Casting out ‘demons’ within for holistic security awareness

 Smart enterprises have always invested much effort in cultivating strong security awareness among its employees to reduce cyber risks. However, security awareness on its own may not be effective in helping their employees adopt the desired values and behaviors.

Leading research and advisory company, Gartner, has suggested that more than just being ‘aware’, employees “need to possess certain value frameworks, critical thinking skills and behaviors that are in-line with the organization’s security policies”.

Angela Sasse, director of the UK Research Institute in Science and Cyber Security at University College London (UCL), has been involved in the Security Behavior Transformation Framework based on psychology and organizational behavior research by UCL academics and practitioners from HP and CESG. She has argued that most security awareness programs have been misguided in encouraging staff to follow security rules that put them in conflict with their main work goals and productivity.

“If security systems are not providing actionable alerts, or employees are struggling to comply with policies, it is vital that organizations sort these things out before even thinking about changing people’s behavior,” Sasse said at the Infosecurity Europe 2016 in London earlier this year.

Presence within

Dr Chase Cunningham, A10 Networks’ director of Cyber Operations , likens cybersecurity not done correctly to a horror movie. “The poor CSO who ignores the warning signs of a ‘demonic presence’ in their systems is doomed to suffer through waves of ongoing attacks that will likely result in their ‘spiritual’ surrender, as they will end up being the one who is exorcised – from their company, that is,” he wrote in his blog post.

The ‘demonic presence’ would include rootkits, viruses and botnet command and control callouts that lay dormant in the network waiting to be summoned by distant evil forces bent on degrading the system. Cunningham also highlighted the growing number of massive distributed denial of service (DDoS) attacks that have disrupted services from widely popular web sites, security blogs and service providers to internet infrastructure companies. These ‘demons’ cannot be cast out with just technology alone.

“It’s easy to continually throw new boxes and solutions at the problem, and hope that Frankensteining a security solution together will give you the well-rounded and thorough protection your network needs,” Cunningham said. “But that can introduce weaknesses and additional points of failure. And adding more and more disjointed technology to an ill formed strategy will never tip the balance of power towards the good guys.”

Instead, he suggests a cultural shift in network security where policies are created and enforced to ensure employees do not introduce malware to the network – something as simple as enforcing strong password rules, requiring two-factor authentication, and installing tools that catch malware.

Demon busters

To align security rules with employees’ main work goals and productivity, A10 has melded technology with the human aspects of security and addressed the lack of cybersecurity expertise experienced by many organizations.

A10 has enhanced the agile, efficient and network-wide protection offered by its Thunder TPS product line with assistance from its DDoS Security Incident Response Team (DSIRT) of mitigation experts, and subscription to the real-time threat feeds and dynamic updates of the A10 Threat Intelligence Service.

ISACA- and CSX Cybersecurity-certified, A10’s specialized DSIRT is trained to provide 24/7 emergency response to mitigate a variety of DDoS attacks and restore service to applications and business. Knowledge from these external attack events is shared globally amongst DSIRT to help mitigate new attack types and protect all A10 customers.

The DSIRT service also utilizes data from the A10 Threat Intelligence Service, as well as dynamically generated entries of black/white lists, to prevent data theft, reduce network load and minimize risk against the latest 1 Tbps-plus DDoS attacks.

The DSIRT security experts continuously discover threats, using 50-plus threat intelligence sources, including the A10 Threat Intelligence Service feeds that are automatically shared as policy updates to the A10 platform.

Complementing an organization’s security awareness program, the DSIRT service allows granular control of outbound traffic with various automated blocking and response options when an endpoint attempts to connect with a threat actor. Policies are automatically updated to block new threats and free access to locations that have been remediated.

With A10’s best-of-breed tools and the DSIRT, organizations can develop a holistic security plan that not only prevents networks from being ‘possessed’, but also ‘exorcises the demons’ that do get through. And while security awareness programs continue to foster desired security behavior among employees that align with security policies, organizations can call on the threat-busters of A10’s DSIRT who are ever-ready for cyber battle.

This is a QuestexAsia feature commissioned by A10 Networks.