1 Security: 3 key areas to lock down now Ebook
2 The situation today The current landscape is hyperconnected and always on, with more and more devices continually being added to the global network. As of 2017, there were 27 billion connected devices globally, with this number expected to grow to 125 billion by 2030¹. As more devices are added to the network, so the number of security threats continues to grow. Hackers are also becoming more sophisticated and attacks more frequent. In 2017, the number of cyber-attacks increased by 164% worldwide, compared to 2016². According to Gartner, ransomware will increase as a significant and real threat to enterprises throughout 2018. Ransomware is now a favoured weapon for malicious actors, with statistics showing a remarkable increase in the amount of ransomware activity throughout the world. One agency tracked a massive increase in ransomware families with over 700% growth since 2016. Particularly vulnerable are those using legacy technology, which is typically found in Public Sector organisations. These organisations hold sensitive and personal data, which is of great value to cyber criminals. Despite working with limited IT budgets, security needs to be on top of the agenda. Regardless of the advancement in network security tools and policies, many companies still struggle to effectively protect their networks and environment from attacks. Because technology has developed so rapidly, as security threats increase, organisations are scrambling to find the right security solutions they need to keep their assets safe. In 2017, 67% of all businesses in the UK invested in cyber security, highlighting how companies are becoming increasingly aware of the dangers they face. The number of security threats continue to increase exponentially, so a proactive approach to security is vital for the survival of small and big businesses alike. 48% of UK enterprises, government and education organisations have experienced multi vector attacks Local authorities receive on average 37 attacks per minute Cyber-crime accounted for almost 30% of all crimes recorded in the UK from July 2016 to July 2017 On average, it takes 120 days for a business to realise that its data has been compromised
3 The challenge Skilled cyber criminals are capable of bypassing perimeter defenses, and no single security solution can sufficiently shield a network from every type of attack. New forms of malware and ransomware continue to be developed, with ransomware growth in 2017 topping 2,500% globally³. How real is the risk of Cyber Security? Businesses continue to suffer from cyber security breaches with significant financial implications, but the reporting of breaches remains uncommon. Just under half (46%) of all UK businesses identified at least one cyber security breach or attack in the last 12 months. This rises to two-thirds among medium firms (66%) and large firms (68%). Overall, businesses that hold electronic personal data on customers are more likely than average to have had breaches (51% versus 46%). Nonetheless, breaches are still prevalent among organisations whose senior managers consider cyber security a low priority (35%), and in firms where online services are not at all seen as core to the business (41%)⁴. Bring Your Own Device (BYOD), cloud network innovation and IT consumerisation have made network security more complex. As the network grows, so does the perimeter and with more and more data shifting to and from the cloud, more points of vulnerability are exposed. All data and assets must be secure both in and out of the cloud all of the time. The pressure to have robust safeguards in place to prevent cyber-attacks and critical data breaches is paramount. The UK s implementation of European Commission s Network and Information Systems (NIS) directive imposes fines of up to 17m to leaders of Britain s most critical industries if they leave themselves vulnerable to cyber-attacks⁵. What is the NIS Directive? The Networks and Information Systems (NIS) Directive aims to raise levels of the overall security and resilience of network and information systems across the EU. Network and information systems and the essential services they support play a vital role in society, from ensuring the supply of electricity and water, to the provision of healthcare and passenger and freight transport. Their reliability and security are essential to everyday activities. The UK will be implementing the NIS Directive. Its implementation is an opportunity to put mechanisms in place that drive real improvements to national cyber security. The deadline for member states transposing the Directive into domestic legislation is 9 May 2018. Confronting large, highly interconnected networks, complex computing environments and an unpredictable threat landscape, it s no wonder many IT departments struggle to secure the expertise and resources necessary to safeguard their networks.
4 3 key areas to lock down No matter what your business goals are, as your business grows, so does its perimeter. Securing all data and assets is a must. We ve identified 3 key security areas that you need to lock down to keep your data and assets safe: Endpoints Endpoint security is all about migrating the risk and the potential reach of any intrusion. Endpoint security protects all endpoints such as servers, desktops, laptops, smartphones and other Internet of Things (IoT) devices that your organisation is connected to. These endpoints are critical components and capturing audit information on what is occurring at any one time is key to early identification of an attack. Effective endpoint security requires 24x7 visibility of all activity taking place on all endpoints in order to detect any malicious activity. New endpoint detection and response, or EDR technology, offers greater capability and more comprehensive assessment of the endpoint as well as being able to provide automated responses to threats such as endpoint isolation and ransomware detection. Enhanced endpoint security can also provide in depth analytics and forensic data, so investigators can determine how the attack occurred once a breach has been detected. By knowing how and where in the environment the attack started, which devices were impacted, and if any data has been stolen, this valuable information can help speed up the incident response and remediation.
5 Networks Network security protects the usability and integrity of your network. Reliable and effective network security will manage all access to your network resources, while targeting threats and preventing them from gaining entry or spreading throughout your entire network. Network security combines multiple layers of security measures at both the perimeter and within the network. Each individual layer has its very own controls, allowing those authorised to gain access to the network resources, whilst recognising and blocking cyber criminals from carrying out malicious attacks. There are various types of network security, including access control, threat prevention, email security, web security and firewalls, to protect your employees, your data and ultimately your reputation.
6 Cloud Cloud computing continues to transform the way organisations use, store, and share data, applications and workloads. As more and more organisations store data and applications in the cloud, a whole host of security threats and challenges are created. With so much data going into the cloud particularly into public cloud services these resources become ideal targets for hackers. From data leakage, account hacking, or Distributed Denial of Service (DDoS), a security breach which restricts access to these critical applications could disable a range of different services, leave users without legitimate access and even bring your business to a halt. By extending your security wrap into the cloud and cloud firewall appliances, you can monitor the performance, behaviors and events in the cloud and react accordingly to uphold the security of your data and applications.
7 Best practices As a security specialist, we provide a fully managed security service that includes products at multiple layers from the access network, through the core and out to the perimeter. This includes securing data in transit through encryption services, the identification and classification of attacks, intrusion detection and prevention, through to the protection of users data in filtering and SPAM services. A case study Background Operationally, this Capita customer was highly dependent on their integrated Financial Management and eprocurement applications that were developed in-house and used daily by approximately 900 employees. The software had been continually enhanced over time with each update fully tested with their Microsoft Windows Server 2003 and XP 32-Bit environment. Security challenge As Service Pack support and therefore security patching were no longer available for their Microsoft Windows Server 2003 and XP operating systems, there was an elevated risk that these systems could be compromised by malicious cyber-attacks, such as WannaCry or Petya ransomware, or susceptible to electronic data loss. Upgrading the Windows Server and XP machines would require the wholesale redevelopment of their in-house applications, enabling them to run on a 64-bit operating system. However, in the near to medium term, this was deemed not to be a feasible option. Solution To mitigate the risk of using non-supported Windows operating systems, an Advanced Endpoint Protection service (Traps ) was implemented through Capita and rolled out to over 1200 endpoints, 800 desktop PC s, 100 laptops and 310 servers. A successful attack must complete a sequence of events to steal information or run ransomware and nearly every attack relies on compromising an endpoint. Traps disrupts an attack before it can infect an endpoint. By combining multiple methods of prevention, Traps blocks security breaches and successful ransomware attacks that leverage malware and exploits, known or unknown, before they can compromise the endpoints. It automatically isolates infected endpoints, prevents malicious use and mitigates the risk of cyber breaches. Our client is not only extremely satisfied that they have successfully mitigated the risk of cyber-attacks, but they have estimated a 1.2 million saving by not having to immediately redevelop their in-house applications.
8 A case study Background A local County Council website was targeted by a DDoS attack with the source emanating from China, Russian Federation, USA, Germany and Japan. The attack was an NTP amplification, a type of Distributed Denial of Service (DDoS) attack in which the attacker exploits publically-accessible Network Time Protocol (NTP) servers to overwhelm the target with User Datagram Protocol (UDP) traffic. Security challenge This resulted in their Internet circuit (1Gbps) and firewall being overwhelmed with UDP traffic volumes that reached 13 Gbps, which not only prevented public access to their website but also stopped their staff from accessing the Internet. The attacks were intermittent lasting up to 10 minutes throughout a 24 hour period, which made it difficult to track down the root cause of the outages. Solution Once the root cause was determined to be an external attack, within a matter of days Capita was able to configure their network to utilise their DDoS Mitigation Service, which subsequently stopped future DDoS attacks that occurred over a 7 day period.
9 Detection vs Prevention: A balancing act From classic attacks such as data theft, to denial of service, data destruction and ransomware, we re under no illusion that security attacks are on the increase. These sophisticated threats, incessantly targeting organisations around the globe, are pressuring IT departments, both in the public and private sectors, to strike a balance between detection and prevention to keep their businesses safe. As IT infrastructure gets more complex and moves into the cloud, into business units and shadow IT, vulnerability management must evolve from a merely repetitive process to one that quickly adapts with IT changes. Through the use of industry-leading technology to combat threats, we help security and risk management leaders find the balance between threat detection and prevention, with a 360 degree view to threats against the business. This real-time early warning enables us to deploy a rapid response to manage the threat and minimise the reputational and financial impact to your organisation. From patch-orientated security practices and system hardening, to 24x7x365 monitoring and incident response, our accredited Security Operations Centre (SOC) ensures complete risk mitigation against large scale attacks, to ensure your public facing services remain available and your reputation intact.
10 Our network security services Endpoint Advanced Endpoint Protection Service - disrupts an attack before it can infect an endpoint. By combining multiple methods of prevention, Traps blocks security breaches and successful ransomware attacks that leverage malware and exploits, known or unknown, before they can compromise the endpoints. It automatically isolates infected endpoints, prevents malicious use and mitigates the risk of cyber breaches Networks DDoS Mitigation Service - mitigates DDoS attacks targeting online presence or other Internet reachable assets Advanced esafety Services - including perimeter application aware firewall, threat prevention (including 0 Day) and URL filtering/ policy control Firewall Assurance Service - collects and analyses firewall rules and configurations and compares them against a defined local security policy template, regulatory compliance requirements and best practice policies Vulnerability Scanning Service - provides a cost-efficient way to deliver security assurance testing through a vulnerability assessment of the Infrastructure and assets Cloud Advanced Endpoint Protection Service - disrupts an attack before it can infect an endpoint. By combining multiple methods of prevention, Traps blocks security breaches and successful ransomware attacks that leverage malware and exploits, known or unknown, before they can compromise the endpoints. It automatically isolates infected endpoints, prevents malicious use and mitigates the risk of cyber breaches Advanced esafety Services - including perimeter application aware firewall, threat prevention (including 0 Day) and url filtering/ policy control SIEM Service - The SIEM Service, managed by our central Security Operational Centre (SOC), identifies and responds to customer security incidents. Whether it is network traffic, user activity, or application use, any variation from normal activity could indicate that a threat is imminent and or the customer s data or infrastructure is at risk
11 How our security services protect your organisation
12 The world is not a safe place. But we re making it safer. We offer a premium security service and threat intelligence with unrivalled support. It s time to get secure. For more information, or to take part in a security self-assessment to fully understand your strengths and weaknesses, contact us at: networks@capita.co.uk
13 Security: 5 strategies 3 key to build areas faster to lock and down better nowconnectivity in the UK Capita IT and Networks 30 Berners Street, London W1T 3LR +44(0)117 311 5757 www.capita-it.co.uk Sources 1. https://technology.ihs.com/596542/number-of-connected-iot-devices-will-surge-to-125-billion-by-2030- ihs-markit-says 2. https://www.cnbc.com/2017/09/20/cyberattacks-are-surging-and-more-data-records-are-stolen.html 3. https://www.carbonblack.com/2017/10/11/dark-web-ransomware-economy-growing-annual-rate-2500/ 4. Department for Culture Media and Sport, Cyber security breaches survey 2017 5. https://www.gov.uk/government/news/government-acts-to-protect-essential-services-from-cyber-attack