As we continue to unpack the key points of the SolarWinds MSP Cyber Preparedness survey, this week’s blog post focuses on Stagnation—where companies are failing to move with the times and adopt the obvious tried and tested techniques that are already in the market.
As part of our survey we listed nine key prevention techniques that companies should be using as part of their layered defenses. Of those nine, only a minority of respondents had implemented all of them. The most prevalent technique was full disk encryption on mobile and portable endpoints, but even this was only performed by 43%. Meanwhile, application white listing was implemented by only 27% and logging of authenticated users’ activity was used by only 41%. We also found that just 2% of companies across the whole survey were using none of these techniques at all.
The full list of techniques we listed in the survey is as follows (with the percentage of companies using them in brackets afterwards):
If companies are truly focused on creating a layered security approach, considered industry best practice, to defend their networks—they should be doing everything they can to embrace and employ the latest technologies and techniques that have been proven to work. Unfortunately, it seems they’re not.
It’s not that these techniques are difficult to find or even expensive. When you look at the Windows® environment, for example, there are two key technologies that actually come out of the box free, yet very few people are using them: disk encryption and application whitelisting. To not be using these shows that something is amiss.
Imagine you’re in a data breach scenario where a laptop has been left on a train and it has PII (Personally identifiable information) stored on it. In the U.K. that would be a reportable incident to the ICO. However, if that laptop is using full disk encryption, then it’s not reportable as the data is secured. That encryption software is called BitLocker® and it comes standard with Windows 10 and Windows Server® 2008 and beyond—it’s also available on earlier version of Windows (see here for full details).
Similarly with AppLocker®, while this may have been complex in earlier versions such as in Windows Server 2008, it is now wizard driven and represents an easy win for companies of every size—yet only around a third of respondents were using it.
Many technologies and techniques out there are not being used, but could help companies secure their networks. This could be either because businesses don’t have the skills to roll them out or they don’t have the time. Whatever the reason, this offers a big opportunity for MSPs and IT service providers to go in and implement these systems quickly and efficiently, and represents a cyber security advantage for their customers.
Last week’s blog post look at how a lack of flexibility is leaving companies open to attack, click here to read the article.
We've tailored the report to reflect your side of the industry, so…
Click here, to find out more about how SolarWinds MSP can help you protect your customers.
© 2017 SolarWinds MSP UK Ltd. All rights reserved.