Everyone has security pain points. That is the reality for businesses of all sizes today. Global IT think tank 451 Alliance recently studied just that. A division of 451 Research, the organization asked its members about their biggest security concerns. As illustrated below, the top two included user behavior and phishing. Endpoint security, the IoT and compliance-related costs were also cited by survey respondents as security challenges.
In addition to these top project priorities, 451 Alliance members also cited the following areas of focus for the coming year (in descending order):
- Application security
- Firewall management and refresh
- Identity/access control initiatives
- Intrusion detection/prevention
- Patch management
- Incident response
- Data classification
Let’s dive into the study a bit more to understand how GlobalSign already has solutions in place to meet some of the security challenges that were identified.
Not surprisingly, phishing nearly topped out the list of concerns to survey participants. Phishing is a global phenomenon affecting every region and economy, and therefore email activity of your employees must be monitored very closely. Study after study shows just how problematic phishing is. One of them, from cloud security provider Avanan, found that one in every 99 emails is a phishing attack, amounting to 4.8 emails per employee in a five-day work week. Meaning that just about every single day an employee will receive a phishing email. The study also showed that in 2018 83% of people received phishing attacks worldwide resulting in a range of disruptions and damages. This includes decreased productivity (67%), loss of propriety data (54%), and damage to reputation (50%).
Example of a phishing email
To prevent a phishing attack, we recommend taking steps such as:
- Employee education and ongoing training. Employees should understand what phishing is, how it is carried out, and what to look for. They should also know what to do when they fall victim to a phishing scam, such as knowing who to notify or alert. In addition, training should be frequently updated with information about new phishing methods.
- Encrypting your company's sensitive information. Encrypted emails will make it much more difficult for a hacker to gain access to your company’s information.
- And of course, be sure you use PKI-backed digital certificates to identify and authenticate the users within your organization. PKI is the set of policies, roles and procedures necessary to create, manage, and store or revoke digital certificates – as well as manage public-key encryption.
- Emails that have been digitally signed validate the email sender, helping to distinguish legitimate emails from spoofs. Coupled with training, this will help reduce the risk of opening phishing emails that seem to come from work colleagues.
The 451 Alliance study also found that compliance costs are on the mind of IT leaders. One way to control these costs is by properly addressing your organization’s cyber security risks. In today’s environment, companies must be proactive about data privacy and cyber security. Taking this approach can reduce the need for costly client - and regulatory notifications after the fact, ultimately cutting a firm’s cost of compliance. Added to this is the increasing amount of regulation in the U.S. for businesses to comply with, but also especially in Europe. Some of the most critical U.S. regulations include Sarbanes Oxley, CFR 21 Part 11, FDA ESG, as well as eIDAS and GDPR in Europe. It is critical to work with a security vendor such as GlobalSign who can help you successfully meet these regulations by protecting critical applications and customer data while achieving compliance. In doing so, you will help to ensure company becomes entangled in a costly settlement for failing to comply.
Multifactor and two factor authentication
Participants in this study also indicated that they are planning to increase their focus on multifactor authentication. Similar to multifactor authentication, GlobalSign offers two-factor authentication. This is essential for protecting an organization’s sensitive data and applications. Digital Certificates used for two-factor authentication are easily deployed and managed using GlobalSign's cloud-based Managed PKI (MPKI) management platform. Managed PKI provides low cost, easy management and auditing of both user and device identities, allowing granular control over who, or what, accesses your services, data, and digital assets. MPKI also provides extended features perfectly suited for large organizations operating a Windows environment by leveraging Active Directory for auto enrollment and silent installation.
Endpoint security is critical since a hacker can easily intercept a connection between a network and a device (the ‘endpoint’) such as a mobile phone, laptop, server, etc. No matter the type of device, naturally it needs to be protected.
GlobalSign’s Auto Enrollment Gateway (AEG) goes a long way to help ensure the protection of endpoints.
AEG is a fully automated, managed Public Key Infrastructure (PKI) solution that addresses scalability in the modern mixed enterprise environment. With AEG, users can automatically issue and manage publicly trusted certificates throughout their life cycle, including renewal, saving valuable IT resources and reducing the risk of expired certificates and resultant disruption in business workflows. AEG users also increase the security of the emails and public-facing webservers. Additionally, GlobalSign’s AEG allow for automated provisioning to all Apple machines and devices registered with Active Directory.
IoT security and identity
Another area of growing concern uncovered by the research is IoT security. Our solution is the PKI-based IoT Identity Platform, which is increasingly seen as one of the best platforms in the industry for secure, identifiable IoT and IIoT devices. Delivering exceptional device identity and security, the IoT Identity Platform is flexible and scalable enough to issue and manage billions of identities for IoT devices of all types and integrates simply with developer friendly, RESTful APIs. The IoT Identify Platform can serve the varied security use-cases of the IoT across all verticals, including manufacturing, agriculture, smart grid, payments, IoT gateways, healthcare, other industrial ecosystems and more. It supports the full device identity lifecycle, from initial certificate provisioning (both greenfield and brownfield deployments) to lifetime maintenance through to final sunsetting, decommissioning or transfer of ownership. Giving each device or endpoint a unique identity allows them to get authenticated when they come online and then throughout their lifetime, prove their integrity, and securely communicate with other devices, services and users.
At GlobalSign, one of our core missions is to keep your business safe. We always stress to customers they must prepare to be agile in their security strategy. As hackers and cyber criminals work harder to steal and compromise information, you need to be ready for whatever comes next. This is especially true for our cloud technology solutions that empower you to automate and manage PKI – enabling teams to quickly respond to threats and deploy identities, and secure websites/networks. This level of control allows for protection of key intellectual property, brand reputation and ensures safety of corporate resources.
GlobalSign is working diligently to provide our customers around the world with a wide variety of products and services to help solve their security challenges. For your questions about our PKI-based solutions, visit our products page to learn about how we can assist you.