Poor visibility is impacting organisations’ ability to detect breaches, with Gartner reporting that 92 percent of breaches go undetected until it’s too late. Is something as fundamental as network visibility exposing you to risk?
With the organisation’s network security under your remit, it is important you can demonstrate control over it.
You have followed best practice with regards to network security. You also know that, with targeted attacks on the rise, it’s only a matter of time before hackers break into the system. To this end, you have put together and tested an effective incident response plan.
Between paying close attention to publicised breaches and keeping track of the latest threats, you might feel like you have taken every relevant step to secure the organisation against an attack.
But have you considered that in order to respond to an attack, you first need to detect it?
Organisations are experiencing data breaches not because they haven’t prepared for a breach or protected against them, but because they don’t know their security has been compromised in the first place.
With the media shining spotlights on ransomware and other ‘noisy’ attacks, it’s easy to forget that not all security incidents are immediately disruptive.
‘Organisations are failing at early breach detection, with more than 92 percent of breaches undetected by the breached organisation.’
In fact, nine out of ten incidents go undetected, enabling an attacker to quietly steal private data from right underneath the IT department’s nose.
For larger businesses with complex infrastructures, these invisible attacks represent a particular risk.
Loss of confidence and reputational risk
The financial costs of a data breach are well documented, but of equal, if not greater, concern to progressive businesses is reputational damage and loss of confidence.
Improving visibility across your network could give you the agility you need to identify and respond to security events before they become a problem, thereby avoiding this scenario. (And potentially safeguarding your future in the organisation along the way.)
So how can you achieve this?
Three common network blind spots
Working with our partner, Cisco, we’ve identified three common blind spots, which, in our experience, even senior IT managers can lose sight of.
If you can’t detect these activities, you are giving threats a place to hide on your network.
Unauthorized DNS use
Organisations use DNS to enforce policies and protect users from malicious websites. But use of unsanctioned DNS servers can be a sign of malicious activity or policy violations. Nearly 92 percent of malware uses DNS1 in attacks, and more than 70 percent of organisations Cisco have assessed, had instances of unauthorised DNS use present on the network.
Rogue server activity
Rogue servers are servers that organisation administrators have no control over, and they are a serious risk to security. Whether set up by a well-meaning employee or a threat actor, these servers allow threats to maintain a persistent presence on the network and exfiltrate sensitive data.
Remote access breach
Remote access is an increasingly common practice in most organisations, but it also gives attackers a means to gain privileged access to the enterprise network. Detecting anomalous or suspicious behavior among remote access users can identify cases of stolen access credentials or insider threats.
The next steps
Using advanced visibility tools, Cisco have assessed the networks of hundreds of organisations and found countless alarming issues, ranging from custom malware being used for data exfiltration to compromised servers used to attack government networks.
To find out about four more of the most common blind spots and suspicious activities, download the checklist below, and eliminate the hiding spaces on your network for a clearer picture of your organisation’s information security.