In sports lexicon, it’s said defense wins championships. But when it comes to IT security, playing offense and relying on preventative security controls for printers will actually score the most points for your business.
You can attribute this shift to the constantly evolving nature of vulnerabilities. To keep up and stay one step ahead of new forms of attack, businesses must act fast and invest in the areas that need protection the most in their IT environments. This explains why IT security spending isn’t decreasing—in fact, Gartner expects it to grow from $90 billion in 2017 to $113 billion by 2020. This change in attitude will likely dictate where the dollars are spent during the next few years, as well.
Build a deep security moat
The past decade saw a ton of IT cash spent preparing for the cloud and software-based networking systems. Old firewalls, switches, and routers have been replaced with newer and more capable hardware. Large cloud platforms have been implemented and hardened. The drawbridge is up, and the security moat protecting organizations has been filled and fully modernized.
These walls are pretty good at keeping the bad guys away, but the perimeter still needs heavy monitoring to make sure problems are properly identified at the edges of a network before something bad happens. As Gartner points out, for the next few years, ITDMs will spend more on endpoint detection and response (EDR), software-defined segmentation, cloud access security brokers (CASBs), and user and entity behavior analytics (UEBA). These complex tools will become essential to handling the interior of the security perimeter.
Rise of the automated attacks
The scary part of IT security today—and what can afflict seemingly innocuous devices, like printers—are automated attacks. Botnets, for example, are persistent in how they attack. Boots on the ground are essential in detecting the abnormal. You need to educate users to alert IT to any weirdness going on, such as devices not behaving correctly, performance issues, or any subtle yet noticeable changes. Any of these symptoms can prove more nefarious than they first appear. A user may try to uninstall an unwanted browser toolbar or puzzle momentarily over unexpected installs, but these are subtle issues IT should know about.
IT also needs to take each and every report seriously. Even if it’s a false alarm, don’t let yourself get jaded. Your tech team should take advantage of teachable moments to ensure users are aware of the danger. Security moats are well and good, but we’ve seen systems, like the Dallas early warning system, be susceptible to these types of clever attacks, setting off 156 alarms throughout the city.
Predictive analytics is no security catchall
The ability to detect certain actions before they occur can save IT security time, money, and headaches. This is the idea behind predictive analytics, a newer growth sector expected to blow up in the coming years. The concept basically has IT managers salivating, since it could help them sleep better at night.
But this field is more guesswork than science, so far. Predictive analytics can take data and possibly detect potential “badness” that could happen in the future, but IT security still needs to be a human-intensive endeavor. People play a vital role in preventing intrusions and attacks.
This includes keeping users abreast of change management, individual security issues, and reporting. Users are often the first line of defense, and predictive analytics can’t replace the human element of keeping systems safe. That said, by combining the human element with preventative security controls for endpoints, such as printers and PCs, you can better protect your IT environment in the long run. Just remember: It’s the combination of efforts that matters.