By Simon Townsend, Chief Technologist – EMEA, Ivanti
The recent WannaCry ransomware epidemic tore through over 200,000 victims in 150 countries around the world. The attack exploited poor patch management practices and a lack of defence-in-depth security, as well as legacy devices which were no longer supported by Windows. From the periphery, this may have seemed like a hopeless situation – and with ransomware on the increase, it’s not beyond reason to anticipate that attacks of this size will be happening again in the not too distant future.
However, preventative measures are out there. Patching, application whitelisting and removal of administrative rights are key defences against attacks. But, this needs to be taken one step further. The actions listed above are all managed by IT operations, yet they are clearly a security-based concern. If inter-departmental siloes were broken down, then cyber resilience would be improved, and digital transformation driven forward. An important first step in the destruction of these siloes is a move to foreground the role of ITSM (IT Service Management).
There’s a strong case for saying that if IT operations and security teams were more closely aligned globally, there would be far fewer victims of malware attacks.
Threats keep on escalating
In 2016, an average of 4,000 ransomware attacks took place each day which was a 300% increase over 2015 – these figures are only getting more terrifying in 2017. It’s not just ransomware either: zero-day info-stealing threats, DDoS attacks, banking Trojans, attacks on SCADA infrastructure, IoT botnets and many more provide a daily reminder of the sheer breadth of the current threat landscape.
Situated within this security threat landscape, firms are still rightly embracing digital change to drive growth. A study from the John M. Olin School of Business at Washington University estimated that 40 percent of today’s Fortune 500 companies on the S&P 500 will no longer exist in 10 years. This is proof of the urgent need to continuously evolve by tapping innovative new technologies, but this also exposes organisations to new risks. The important thing to remember here is that the weakest points in an organisation are the end-users and the devices, both of whom are typically managed and communicated with on a daily basis by the ITSM department. IT teams can’t hope to support digital transformation if they don’t provide a suitable response to such threats, yet the sheer number of endpoints they must protect makes things extremely challenging. That’s not to mention the huge volume of vulnerabilities that need patching every month.
You only need to look at cautionary tales such as UK ISP TalkTalk to see the damage that can result when security goes wrong. The firm’s losses topped $60m, from a breach which leaked a relatively small number of customers’ details. The forthcoming EU General Data Protection Regulation (GDPR) will only add to the pain with heavy fines and mandatory breach notification requirements.
Breaking down barriers
Part of the problem for many firms is the fact that their IT operations and security teams remain resolutely siloed. A lack of communication between the two can allow issues to slip between the cracks and for small problems to escalate into major ones. What if your security team discovers a breach, for example, but your IT ops team is slow to react? Or IT ops corrects an application failure that is actually a system hack?
Breaches are impossible to prevent 100% of the time – but by making the right tools and processes available to right people we can greatly minimise risk. In many ways, service management teams form the IT frontline and have fantastic visibility over endpoints, which means they may be able to spot the early signs of a co-ordinated attack.
Then, this is when your defence in depth security comes in, based around effective patch management and app control but also including traditional AV, end user education, device control and more.
The next step is automation – the more efficient an organisation is at the basics like patch management, the more effective more advanced tools will be. “Security ninja” products that utilise AI and next generation detection do have a place but, like I said before, you’ve got to get the basics right first. Automate the basics, and you’ve got more time for innovation. So, with a comprehensive set of automated tools, ITSM can lead the way in mitigating risk and breaking down those traditional IT siloes – if Service Management is efficiently managing those basic security tasks, it enables the security team to be more effective.
The hope is that these efforts will accelerate and that with the help of a newly empowered ITSM department, organisations will be in better shape to proactively deal with anything that’s thrown their way. Because one thing’s for sure: the bad guys are only just warming up.