CS Mar Apr 2022

More documents

Recommendations

Info

ehavioural insights INFORMATION SECURITY IMPROVEMENT - IT'S ALL IN THE MINDSET PAUL HARRIS, MANAGING DIRECTOR AT PENTEST LIMITED, TALKS ABOUT THE MINDSET THAT IS NEEDED FOR SUCCESSFUL INFORMATION SECURITY IMPROVEMENT Whether you're looking to get fit, learn a new language or improve your information security, starting any improvement process can be difficult. You're going to have to learn skills, understand new concepts, think about things differently and, most importantly, put the effort in. It's not going to be easy, but with consistent effort in the right areas, improvements will follow. However, for many, improvement efforts aren't consistent. Many do the hard work of getting started, achieve some of the desired benefits and then think it is time to ease off, to take a foot off the accelerator and continue the same process. Improvements will surely continue, right? Wrong - that's where the improvement process slows down or even comes to a grinding halt. IMPROVEMENT NEVER STOPS The truth is that the improvement process never truly stops. One week you're riding high, feeling like you've mastered it, the next week you realise you've barely scratched the surface. Perfection is unattainable. That 'perfect' body is always just out of reach, fluency in a second language doesn't mean that you know everything and being 100% secure just isn't possible. The improvement process should never be about achieving perfection. It's about having a growth mindset, one that embraces challenges and effort, striving for progress, rather than perfection. You only have to look at some of the world's top-performing teams and organisations to see this mindset in action. Yes, they demand results, but it isn't about seeking perfect results; it's about challenging themselves to do better, time and time again. If they're not moving forward, then they're falling behind. When it comes to information security, this progressive mindset has been one that has been developing, albeit slowly. For many years, information security was seen as a nice to have and, if you didn't have dedicated security personnel, or a large security budget, then the chances are security was seen as an afterthought. But times have quickly changed, end users are now increasingly aware of their data and how it is protected, clients and suppliers are now demanding robust security assurances before entering into contracts, there is increased awareness of the impact successful breaches can have and regulations such as GDPR have quickly pushed information security up the agenda. 'TICK-IN-THE-BOX' EXERCISE But there is still a lot of work to be done; many organisations still see information security as a tick-in-the-box exercise and many have plateaued when it comes to their improvement efforts. Any security improvement work is better than none, but basic checks and comfortable well-worn processes won't deliver major improvements or supply the continuous assurances that many now need. Progressive companies are now demanding more, in terms of their security: from themselves, from suppliers and from security partners. And it's these companies that will see the greatest improvements. So, you have to ask yourself, have you got the right mindset when it comes to your information security improvement efforts and, if not, are you up for the challenge? 10 computing security Mar/Apr 2022 @CSMagAndAwards www.computingsecurity.co.uk
product review HORNETSECURITY 365 TOTAL PROTECTION The concerted move to home and hybrid working practices has seen cloud services uptake increase exponentially and none more so than Microsoft 365. This popularity brings its own challenges, though, as Microsoft 365 has become one of the top targets for cybercriminals and yet its email security features are comparatively limited. The safest course of action is to adopt a multi-layered defence, using a third-party specialist product to bolster Microsoft's native security tools, and Hornetsecurity 365 Total Protection looks a great choice. It delivers a highly affordable solution that's easy to deploy and its wealth of email security measures include artificial intelligence (AI)-based protection. Three options are available with the Business package, providing all key threat defence measures, along with live email tracking, compliance filtering and content control. The Enterprise version includes ATP (advanced threat protection) cloud sandboxing, 10-year email archiving, forensics analysis tools, e-discovery and continuity services, while the Backup package adds automated backup and recovery for mailboxes, Teams, OneDrive plus SharePoint and even Windows endpoints. We tested 365 Total Protection in a live environment and found the 30-second deployment claim quite achievable. After changing our MX records, we used the registration link to authenticate with our Microsoft 365 account and sat back while the setup routine created the necessary connectors for inbound and outbound mail processing by the Hornetsecurity servers. Protection is instant, as the default settings enable full spam and malware protection, which block suspect emails before they reach your mailbox. Nuisance newsletters and mass marketing campaigns are handled efficiently by the Infomail filter, which uses over 15,000 heuristics to weed them out. We could keep a close eye on the action, as the cloud portal's live email tracking view shows logs of all inbound and outbound email activity. Emails are colour-coded to clearly show their classification and we could view all details about each one, including header information. The list can be refined with filters and each message provides a drop-down menu for adding the sender to deny or allow lists, reporting it as spam or releasing it with the Enterprise version, ensuring suspect emails are passed to the ATP service for further examination. Self-service features enable users to review emails in their personal portal and release them, if permitted, while regular reports showing spam activity, quarantined attachments, plus the reasons for rejection, are sent to each user. Performance is excellent as, during our month-long live tests, not a single suspect message slipped past Hornetsecurity's defences. The content control service also worked well, with it removing encrypted attachments and those containing executables or Word, Excel and PowerPoint files with macros. The compliance filter provides more granular control of emails by applying data leak prevention rules to outbound messages that look for keywords in the body, subject and attachment and rejects them, if a match is found. Another valuable feature is enforcing rule-based encryption for specific outbound messages, with recipients receiving a web link to view them securely. The Enterprise ATP service deals efficiently with emails containing malicious URLs, content or attachments and its URL rewrite feature opens a web session to a secure proxy to check where the link connects to and if threats are present. Spear phishing emails are dealt with by the targeted forensics filter, which identifies spoofed addresses, determines the message intent and sees if it is attempting to fool users into handing over passwords. Hornetsecurity 365 Total Protection impressed us with its swift deployment, extensive mail security measures and flawless performance. Furthermore, it's perfect for small business and enterprises alike, as all three packages are offered at very attractive prices. Product: 365 Total Protection Supplier: Hornetsecurity Web site: www.hornetsecurity.com Contact: +44 2030 869-833 Email: sales@hornetsecurity.com Price: Business from £1.75 per user per month (exc VAT) www.computingsecurity.co.uk @CSMagAndAwards Mar/Apr 2022 computing security 11
Page 1: Computing Security Secure systems,
Page 4: Secure systems, secure data, secure
Page 7 and 8: Strengthen your data resilience wit
Page 12 and 13: MSP insights THE MSP ATTACK TARGET
Page 14 and 15: metaverse VIRTUAL WORLD, REAL DANGE
Page 16 and 17: compliance GETTING TO THE HEART OF
Page 18 and 19: cloud THE CLOUD CONUNDRUM CLOUD, IN
Page 20 and 21: cloud Raghu Nandakumara, Illumio: a
Page 22 and 23: tech scrap I.T. EQUIPMENT JUNKED PR
Page 24 and 25: NHS breaches NHS BREACHES - JUST A
Page 26 and 27: NHS breaches Felix_Rosbach, comfort
Page 28 and 29: ansomware RANSOMWARE NOW A GLOBAL M
Page 30 and 31: ansomware Daniel Hofmann, Hornetsec
Page 32 and 33: Log4shell LOGJAM OF CONCERNS LOG4SH
Page 34 and 35: Log4shell Jude McCorry, SBRC: all o
Page 36: PLAY IT SAFE WITH 365 TOTAL PROTECT

CS Mar Apr 2022

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?