More about NetApp Ransomware Protection
- What Should Your Data-Centric Ransomware Protection Include?
- Anti-Ransomware: Why Backup and Perimeter Protection Aren’t Enough
- The Zero Trust Model: What It Is and How It Affects Data Management
- Ransomware Protection Services and Solutions: A Market Overview
- IT & Ransomware: IT’s Role at the Forefront of Ransomware Protection
- Ransomware Detection: Techniques and Best Practices
- Data Security Capabilities Every IT Leader Needs To Know
- Ransomware Protection: Detection, Recovery, and Prevention
- Organization Security: Who’s Responsible for Keeping IT Safe?
- Ransomware Types: 5 Common Types of Ransomware Attack Top Security Tips for IT Teams
- Cyberstorage: Data-Oriented Security Designed for Ransomware Protection
- NetApp Ransomware Protection: A Complete Set of Data-Focused Protective Capabilities
- Ransomware Prevention and Remediation with Cloud Volumes ONTAP
As threats become more diverse and organizations grow in complexity, it’s becoming harder to determine just where the responsibility for maintaining organization security stands. That issue becomes even more complex when considering ransomware protection strategies.
But who is responsible for the organization’s IT security? The short answer is: Everybody.
Every employee, partner, contractor, customer, or app user is prey to the social engineering methods (baiting, phishing, spear phishing, vishing, to name but a few) that cyber criminals use to trick people into divulging credentials and sensitive info—which the malicious actors then use to gain access to the organization’s systems and data.
In this blog post we map out who is responsible for different aspects of cybersecurity so that, overall, an organization is secure and compliant.
Use the links below to jump down to the sections on:
- Who Leads?: Organization Security at the Top
- Who Follows?: The Rank and File Security Line
- The Evolving Role of IT in Organization Security
Who Leads?: Organization Security at the Top
Although no one is exempt from security responsibility, someone has to set and oversee organization security policy. Given the complexity of today’s cyber attacks, this leadership responsibility must be shared among a number of key players:
- CISO: Security is the primary concern of the chief information security officer, the CISO. It is their responsibility to set the organization’s security strategy, establish the policies that will uphold the strategy, and ensure that response plans are in place and tested.
- IT Director: The head of I&O (IT and operations) takes the lead in implementing the organization security policy. It is the IT director’s responsibility to have the right personnel and the right security tech stack for monitoring infrastructure, detecting threats, preventing intrusions, and implementing incident response plans.
- R&D Director: The R&D team must work closely with the security and IT teams to ensure that the organization’s applications and services are secure by design. DevSecOps, whose shift-left approach embeds security throughout the software development lifecycle, is an effective way to deliver secure products without compromising innovation and agility.
- System owners: In addition to the efforts of the I&O and R&D teams, each department and line-of-business manager must take responsibility for the secure usage of enterprise systems such as CRM, ERP, SCM, and HR. System owners must understand and address any potential vulnerabilities in their systems, including the information being collected and retained. They are also responsible for the onboarding and training programs that teach system users how to avoid the security risks associated with using these systems.
Last but certainly not least, it is up to the C-Suite to create and nurture a cross-organizational, security-first mindset and culture.
Who Follows?: The Rank and File Security Line
Having clear policies set at the top is good, but it’s not enough to do the job on its own. Anyone who interfaces with business data must know about and follow the organization security policy as implemented by the security, IT, development, and enterprise system teams. The list of followers includes both internal and external system users such as employees, subcontractors, suppliers, business partners, and even customers.
Organization security practices should be an important part of employee and, in some cases, subcontractor onboarding. Important things to consider will be accessible security guidelines and regular training sections to reinforce and refresh security hygiene. Providing employees with incentives, which can be part of regular performance reviews, can be another way to uphold organization security policies.
In the case of external users such as suppliers and business partners also need to be aware of security terms and conditions. Setting expectations as to how external users can securely interface with organization data is not only an internal business issue—many regulatory frameworks require it and non-compliance can be costly.
The Evolving Role of IT in Organization Security
In the past the role of IT in organization security was largely passive. The IT team was primarily responsible for monitoring infrastructure for vulnerabilities and notifying the security team of actual or potential intrusions. IT would then support the incident response workflows mandated by the security team.
Today, however, IT plays (or should play) a far more proactive role in organization security. As noted above, the IT Director should be integrally involved in setting organization security policy. In addition, IT has an important leadership role to play in implementation. If something ever does go wrong, it’s the IT team of course that has been tasked with backing up all the data and making sure that it can be restored in a timely and effective manner.
IT has really come to be seen as the last line of defense for organization security.
IT and the Zero Trust Architecture
One example of IT security leadership is promoting two important elements of the zero trust security model: network micro-segmentation and granular, contextual access control. The zero trust security model assumes that all users and systems have already been exposed to harmful malware. That means every action you take must be explicitly verified as trustworthy before access to the organization’s data and other digital assets can be allowed.
In close collaboration with the security team, IT can take the lead in implementing a software-defined network that monitors and controls ingress and egress traffic to and from functional micro-segments. A micro-segment could be a collection of services related to a particular application or even a micro-segment of one, such as a single container, microservice, or serverless function.
In addition, IT can implement advanced rule-based access controls that can grant or deny access to a micro-segment based on a contextual understanding of a user’s (human or device) role. If granted access, the user has the least privileges required to get the task done.
These IT zero trust architecture initiatives play a critical role in blocking attacks altogether or effectively containing their blast radius.
IT and Cyberstorage
Since data is at the heart of IT, another area where IT teams can take a proactive leadership role in organization security is by implementing comprehensive data-centric cyber resilience capabilities. Storage and zero trust security can converge to protect data stores from the rising tide of cyber attacks—ransomware in particular—and now NetApp has a new way for IT teams to do that.
Netapp Ransomware Protection is NetApp’s comprehensive security and data protection toolkit that focuses entirely at the data level. Users can protect data with automated data mapping and access control, detect abnormal behavior that can indicate attacks, and recover easily so you can avoid costly downtime.
This data-centric approach implements one of the zero trust principles: design from the inside-out. Since zero trust believes the network has already been infected, Ransomware Protection focuses its capabilities on securing the most important and vital asset your organization has—your data.
Organization security is shared across the entire company, so it helps to have the right tools at your teams’ disposal to take action for what they’re responsible for. For IT teams, those tools are easier than ever to use with Ransomware Protection.
IT teams can now take the lead in organizational security by using this full complement of cyberstorage solutions to help protect against, identify, and recover from cyber attacks.
Why is organizational security important?
The frequency and danger of cybercrime is on the rise, making organizational security mission-critical. Industry and government regulators require organizations to demonstrably uphold a robust security posture. And the direct and indirect costs of failed organizational security are growing from year to year. According to IBM’s 2021 Cost of a Data Breach Report, the average cost per stolen or lost record was $161 (up from $146 in 2020), with the per record cost of personally identifiable information being $180. And lost business represents 38% of the average total cost of a data breach, which rose to $4.24 million (up from $3.86 million in 2020).
How do you maintain security in an organization?
Organizational security is everyone’s responsibility. It starts with security, IT, and business leadership working together to set, enforce, and maintain clear security policies. Employees, contractors, partners and others that regularly use the organization’s systems must all be knowledgeable of and trained in the organization’s security controls. Public-facing apps and services should be secure by design — and tested regularly. The organization’s infrastructure needs to be monitored continuously for anomalous behavior, with threat intelligence and intrusion prevention tools in place to automatically detect, alert, and prevent or mitigate threats.
What are the organizational security procedures?
Security procedures vary by organization. According to the zero trust model, no user, device, app, service, or workflow requesting access to the organization’s network is trusted until verified. Once a request is validated, access privileges should be kept to the absolute minimum required to perform the task at hand. Network microsegmentation goes a long way to isolate functionally grouped resources from unauthorized users. All traffic—both east-west (lateral) and north-south (ingress/egress)—should be monitored continuously at the application layer. Automated workflows should be in place to block a suspected attack or at least reduce its blast radius.