Whether it’s an organisation’s go-to-market strategy, its internal processes, or its customer outreach and support – everything is now underpinned by technology.
This has caused huge upheaval in the risk and security landscape: as more critical systems run across IT, organisations have unwittingly increased their attack-surface, becoming more vulnerable to cyber security threats. And as these attacks become more frequent and more sophisticated the implications of falling victim are becoming all the more severe.
Something must be done to combat these threats. Knowing your enemy is crucial: Klaus Oxdal, Cyber Security Leader at VMware partner Atea Denmark, shares his thoughts on how customers are drawing new battle lines in the fight against hackers…
Cyber security threats have risen to another level in recent years. While previously your average hacker was likely to be a bored teenager in their bedroom or parent’s basement doing it for a thrill, today’s hackers are more likely to be career criminals. For them it is a job, not a hobby – we even see activity decrease during weekends and public holidays! Working as part of a wider criminal network, they have access to increasingly sophisticated tools and methods through which they will probe your business for an access point in order to steal data or disrupt your infrastructure, holding the organisation to ransom.
And as hackers adopt a more professional approach we have also seen the volume of these attacks rise. So not only are threats more advanced, they are happening more frequently.
Eliminating the risk of cyber-attacks is near impossible – all a business can hope to do is to lower that risk. This means improving the speed of threat detection, closing down as many avenues into the system as possible, and ensuring that should the worst happen and a breach occur then systems and safeguards are in place to help limit the damage a hacker can inflict.
Understanding risk is crucial. It’s different for every organisation. Take the Associated Press for example: the news agency’s Twitter account was hacked in 2013, with the culprits posting tweets reporting on ‘two explosions in the Whitehouse’. The report was, as we now know, completely fake. For any other organisation this sort of attack would merely be a nuisance, for AP, a respected wire service for whom success rests on the accuracy of its reporting, it was potentially devastating. While the problem was rectified quickly, its repercussions would have a much longer impact, damaging the trust the organisation had built with its customers.
What we can learn from this is that there is no single method, or one-size-fits-all, approach to risk management. Attacks will all have a different impact depending on what has been compromised and in what organisation.
At Atea Denmark we have advised numerous Danish organisations, from both the public and private sector, on how they can overcome these threats. To our mind, solving new threats needs a new perspective. The launch of VMware NSX has been critical in helping us respond to these customer concerns. It’s a new era in security; bringing everything into the software level offers an approach we’ve never seen before. By adding automation to security processes, NSX allows organisations to take a holistic, end-to-end approach to their cyber security.
Microsegmentation is particularly important, ensuring that should there be a breach into the organisation – a case of when, not if – then any impact is restricted as the hacker will be unable to move between environments, whether that is public or private cloud, an on-premise server, or hosted data centre.
Critically, NSX may be able to secure all organisations, but it is not a one-size fits all solution. By using software to automate the security policies, NSX adds individual protection at the hypervisor level which is then specifically adapted to the workload’s needs. Ultimately, it means that information is only accessible to those with the right permissions – keeping it out of the hands of those who shouldn’t be accessing it.
Security is a big topic for today’s organisation, something that affects the whole business and not simply the CIO or IT department. Everything is connected, so isolating one thing and trying to secure it doesn’t work. Organisations need to look at the whole picture: and this means looking at security as part of the DNA of your business not just bolting it on.
To better understand some the threats now facing organisations, check out VMware’s Risk and Security research here. It’s also worth revisiting the blog regularly where we will be providing more views from our partner network, including Intel and MTI…
For more information on the VMware Partner Programme, visit: http://www.vmware.com/uk/partners.html