Authored by: Mohamed Jafriin N H, Marketing Analyst, ManageEngine

The pace of connectivity from businesses moving critical files to the cloud and the volume of cybersecurity threats has put security teams under significant pressure to maintain the safety of valuable, and often vulnerable, data. No company is immune from breaches, as we have seen from the major tech giants that have come under fire recently for their security practices. Google revealed that it stored the passwords of some enterprise G Suite customers in plaintext for over a decade, joining other notable companies in admitting similar lapses in security. A database of Instagram influencers was also found unsecured and publicly available online. These shocking headlines come merely a few weeks after it was discovered that WhatsApp was hacked using spyware created by cyber intelligence firm NSO Group Technologies.

In light of these high-profile security breaches, companies need to be proactive in protecting proprietary information and ensuring that security protocols are strictly enforced. This requires organisations to invest in strengthening defence systems to allow security teams the ability to investigate and report the most serious threats.

Bolstering corporate security
Companies handling critical customer data are increasingly coming under scrutiny from privacy regulators, as research indicates that malicious outsiders were behind more security incidents than other types of threats. Notable in Malaysia and globally have given people a better understanding of how important their data is, and how it can be used against them. Demand for more security is increasing the supply of solutions, and companies are utilising every method to improve their security protection. With so many back doors, tech-savvy hackers, and sophisticated threats, compliance with security requirements becomes more challenging. The smallest breach can potentially have dire effects on an organisation's reputation.

Challenges to threat detection
Security breaches can be prevented if IT security professionals are equipped to identify tell-tale signs early on. Warning signs are easily visible in audit trails, but are often ignored amid the volume of other harmless events that are displayed. Unmonitored permission changes, a new service running in a server, or a user getting locked out too many times, are small anomalies that signal a potential security breach. These types of indicators can go undetected for long periods of time. For signs to be spotted quickly, event logs need to be analysed in real-time. The challenge is to detect these threats before it's too late.

Combat attacks to stay safe
SOC professionals should have the capability to perform real-time auditing of all devices in their network. Organisations also need to be structured to enable quick notification of those affected and prompt reporting to regulatory groups. Malaysia’s Personal Data Protection Act is a move that would require businesses to report breaches to regulators within a specified timeframe after detection and an investigation.

Comprehensive reporting, alerts, threat detection, and automated incident management need to be implemented as part of any company’s security strategy. Security logs should be classified based on the event type (e.g. login-related events and file activities) and structured in neat reports containing details of each event including the who, where, and when. Centralized event logging of all the network devices makes it easier for security teams to analyse data and connect the dots.

It is also important to track users' actions, from their login failures to their file access. This establishes accountability in case there is a data breach investigation. IT security teams must stay vigilant in monitoring permission changes on sensitive files and folders to avoid unauthorized access. After a threat is detected, IT admins need to be notified immediately. Organisations that use an automated threat response ensure that these potential incidents of data loss are addressed promptly and efficiently with improved visibility into sensitive data access and critical servers.

Another reason to maintain an audit trail of every activity and remedial action taken within your IT environment is for compliance with industry and government security standards.

Cyberattacks and data breaches are increasingly making headlines, and the pace is not slowing. Organisations should take steps to ensure they aren't featured in them. This means enacting stringent security protocols throughout the organisation, and enabling the IT security team to thoroughly monitor the environment to make instant fixes. The market is flooded with security auditing and reporting solutions that offer some or all of these features. These solutions need to be studied carefully to select one that is best suited to each organisation's needs and that ensures the utmost security.