Cyber Security Update
The Bad News:
More and more information continues to circulate regarding fresh cases of schools and businesses being heavily impacted by cyber security incidents. In the last month alone we have heard (or been directly involved through remediation) of four clients crippled by ransomware causing extreme disruption and financial costs to either pay the ransom or restore services.
“the sheer scale and rising likelihood of major cyber-attacks made them the most pressing threat a country like Australia faces.”
A warning from Alastair MacGibbon, who has held the twin roles of national cyber security adviser and head of the Australian Cyber Security Centre since 2017.
The Good News:
The traditional protective elements of a full security platform such as firewall, endpoint AV, cloud security, etc are all still relevant within a multi-layer, multi-vendor approach to network security protection.
However, new technology solutions focusing on preventative cyber security strategies are being used to bolster a school’s holistic approach to data and network security. Three such preventative solutions covering different aspects of the threat continuum are Deep-learning Endpoint protection, User and Entity Behaviour Analytics (UEBA) and Security Awareness Training.
Deep-learning endpoint security with SOPHOS Intercept-X
SOPHOS Intercept-X runs as a standalone agent, alongside your existing antivirus or combined with Sophos Endpoint Protection. Intercept X gives you next-generation anti-exploit, deep learning malware detection, anti-ransomware, root cause analysis, and advanced system clean technology. By combining cutting-edge technologies, such as deep learning and endpoint detection and response, Intercept X delivers unmatched protection against unknown malware, exploits, and ransomware.
SOPHOS Intercept-X uses a deep learning neural network that works like the human brain to make the solution smarter, more scaleable and lighter on systems to stop the widest range of endpoint threats.
For more information on the SOPHOS Intercept-X solution solution contact your Trident Account Manager for a free trial.
UEBA – User and Entity Behaviour Analytics
User and entity behaviour analytics, or UEBA, is a type of cyber security process that takes note of the normal conduct of users. In turn, they detect any anomalous behaviour or instances when there are deviations from these “normal” patterns. For example, if a particular user regularly downloads 10 MB of files every day but suddenly downloads gigabytes of files, the system would be able to detect this anomaly and alert the IT Security team immediately. UEBA uses machine learning, algorithms, and statistical analyses to know when there is a deviation from established patterns, showing which of these anomalies could result in a potential, real threat. UEBA can also aggregate the data you have in your reports and logs, as well as analyse file, flow, and packet information. In UEBA, you do not track security events or monitor devices; instead, you track all the users and entities in your system. As such, UEBA focuses on insider threats, such as employees who have gone rogue, employees who have already been compromised, and people who already have access to your system and then carry out targeted attacks and fraud attempts, as well as servers, applications, and devices that are working within your system.
Talk to your Trident Account Manager about our UEBA solution available via the Security Operations Centre powered by Neptune Cyber Security. More information about the Trident SOC is available via this link.
Security Awareness Training
95% of all security breaches are due to human error, whether that be through weak passwords, phishing attacks or other credential harvesting methods, workforce awareness should be a key component of your overall security strategy. The latest report from the Office of the Australian Information Commissioner highlighting the insights from 12-months of Notifiable Data Breaches shows that since the legislation started 964 eligible data breaches have been recorded. Health and Education were ranked 1st and 4th respectively in number of breaches associated with industry sector with a large number of the breaches based on the use of email phishing to compromise user's credentials.
The Trident Team