Page | 1

#TimeToDoBig

TATA TELE BUSINESS SERVICES

Enterprise Security Solutions –Run the Business, Thwart the Risks

Page | 2

Table of contents

1

2

3

4

5

6

7

#TimeToDoBig

Enterprise Security Solutions – Run the Business, Thwart the Risks

Introduction

Threats for Businesses in the Digital Age

Failure of the Traditional Defensive Approach

The Weakest Links in Enterprise Security

New Ways to Secure Enterprise Apps and Data

Best Practices to Make Enterprise SecurityEveryone’s Duty

Conclusion

Page | 3

Introduction

Threats forBusinesses in theDigital Age

As the attack surface expands and costs of data breaches rise, security practices are becoming essential business enablers and are not quite considered ‘necessary evil’. Organisations have come to terms with the risks lurking in their domains and consider IT security as a framework that helps them thrive.

For businesses, the security of their IT assets and data has never been as challenging as it is today. Amidst trends like mobility, bring your own device (BYOD) and cloud computing, people access sensitive business information from multiple sources and in increasing ways.

In a global survey titled ‘7 Uncomfort-able Truths of Endpoint Security’, UK-based software and hardware security company Sophos revealed that over 18% threats discovered in India are on mobile devices, nearly double the global average, while only 7.9% were found on endpoints. The study also found that 39% of threats were discovered on enterprise servers and 34.5% on their networks. In the same survey, three-fourths of the Indian organisations admitted that they were unable to leverage endpoint detection and response (EDR) solu-tions.

#TimeToDoBig

Keeping business IT infrastructure and data secure from increasingly sophisticated threats is almost a decade-long struggle. In the early days of this combat, most organisations perceived security as a necessary evil. They had to invest in costly security practices and tools despite these being secondary to the actual mission of their enterprise. This outlook has started changing as C-level executives realise that efficient security practices lead to efficient business practices in an age when threats are rapidly evolving, and the cost of security failures is enormous.

The business environment today is markedly different from that of 2000 to 2010 and earlier, wherein basic security models were adopted. Enterprises today generate their brand equity and value online using interconnected processes and strategies. They increasingly collaborate amongst themselves and with clients, exchange critical data and use the cloud for their operations.

Enterprise Security Solutions – Run the Business, Thwart the Risks

Page | 4

From the IT teams interviewed in this survey:

A subjective analysis of cyber attacks also reveals that not all of them are similar in impact and magnitude. A few industries are more vulnerable than others in this aspect. The people behind these attacks have two principal motives – financial fraud and gaining a political advantage by threatening a public administrative system.

97% of IT managers admitted that security expertise is one of the most compelling issues in India.

92% of Indian IT managers wish to have stronger teams for proper detection, investigation and response to security incidents.

89% of IT managers believe that recruitment for cybersecurity is a challenge.

The former is the most common. Let us examine some of the top industries prone to cyber threats:

Banking, Financial Services and Insurance

Healthcare

The BFSI sector is a prime target for hackers for obvious reasons – they attack it to access investment records, credit/debit card details, banking credentials, tax records and insurance data. These, in turn, are used to fund high-value transactions, invest in a cryptocurrency such as bitcoins, file fraudulent tax returns, and commit insurance fraud.

According to NCC Group, the threats for the financial sector increased by more than 400% in 2013-2017. The threats have also become more sophisticated as the industry data continually moves to the cloud.

As an information-sensitive industry, the healthcare and medical domain is frequently targeted for its data bulk. Organisations in this sector store and refer to electronic health records (EHR) containing large amounts of personal and financial information.

Cybercriminals hack into such data to impersonate patients and to misuse their financial and health insurance information. If they disrupt the network of a healthcare facility, the repercussions can be humongous.

#TimeToDoBig

Enterprise Security Solutions – Run the Business, Thwart the Risks

Page | 5

Another worrisome potential impact of cyber threats in this industry concerns the connected medical devices – such as pacemakers – that support patients. An attack can interfere with the functionality of such equipment.

Cybercriminals know that manufacturers hold sensitive information on their proprietary products, and their IT systems are also vulnerable to threats.

This is because historically, most manufactur-ing companies have primarily been concerned about the security of their operational technol-ogy environment and fail to enforce sufficient measures for IT security.

Hackers can attack these weak IT systems to steal information on new products, processes and manufacturing technologies. They may be hired by the potential victim’s business competitors to acquire secret formulas, design blueprints and details on exclusive assembly operations. This information can then be used to design and sell products at a lower price and cut the targeted company’s competitive advantages and profit margins.

Manufacturing E-Commerce

A manufacturers’ complex supply chain can also have multiple vulnera-bilities, and it provides hackers with an ideal environment to infect the database of different suppliers and associated businesses.

E-commerce allures cyber thieves who exploit the ignorance of shoppers and the banal security measures taken by merchants selling online.

From phishing and cyber fraud to ransomware and Distributed Denial of Service (DDoS) attacks, threat actors use a variety of tools to target websites whose very foundation of business lies in the cyberspace.

In May 2017, online food delivery service Zomato admitted that 17 million of its user accounts had been hacked. The stolen data included user email IDs and ‘hashed’ passwords, although card details were not leaked.

#TimeToDoBig

Enterprise Security Solutions – Run the Business, Thwart the Risks

Any assault or technical vulnerabilities of online shops not only results in revenue and reputation losses but also puts their customers’ credit card and bank account details at risk, resulting in further litigation costs. Each time a company’s security line gets broken, the trust of millions of shoppers is lost beyond recovery.

Page | 6

Government or public service offices have the most significant pool of data containing personally identifiable (PII) information. These include tax records, license records, passport information and documents containing biometrics such as Aadhaar cards in India.

Any vulnerability in the storage of such data can give cybercriminals access to sensitive information of citizens and lead to different identity theft crimes.

Government and Defence Agencies At another level, government and military data may be attacked by:

The threat posed to the security of the entire country is the most worrisome aspect of attacks on government data.

Higher education institutions – with thousands of students and a large staff body – typically have weak pass-word protections and are susceptible to social engineering.

Threat actors also target education institutions for various reasons. These include:

Education

Foreign powers attempting to spy upon or harm a global competitor

Terrorists trying to make political statements

Cybercriminals aiming to monet-ise personal information in gov-ernment databases

Theft of valuable intellectual property knowledge collated through campus research

Misusing student and employee personal information

Extracting or manipulating exam-ination details stored online

The exploitation of computer pro-cessing power

#TimeToDoBig

Enterprise Security Solutions – Run the Business, Thwart the Risks

Failure of theTraditional DefensiveApproach

Page | 7

Organisations across these industries are expected to ensure full confidentiality and security of their customers’ data. They must enforce measures to prevent illegal access to information, and check that information no longer required is disposed of properly. This, however, is easier said than done when the security approach is customary, and there are weak links in the ecosystem.

Amidst escalating cases of cyber attacks and data breaches around the globe, the legacy IT security architecture has globally gone through a massive stress test and has unfortunately failed to keep pace with the tactics used by cybercriminals.

The shifting models of computing and networking have also complicated matters.

The traditional approach for business IT security has proved insufficient to secure enterprise apps and data.

Some reasons for this failure are:

Employees in an organisation usually treat cybersecurity as an IT problem. Indeed, the internal working of IT systems they use daily is also a mystery for most. An office may be investing in the latest firewalls and data loss prevention tools, but when its workforce is not trained to understand and use them methodically, the business is no better off in its surveillance.

Basic Misconceptions

Besides ignorance, other user behaviours increase the likelihood of a breach too. One of these is tolerance for inconvenience. The fact remains that in traditional IT defences, convenience and security are inversely related. An example of this is passwords. The longer and more complicated they are, the harder it is for employees to remember them. Human nature compels them to take the most convenient route, and that may not necessarily lead to good security.

Deploying BYOD culture without adequate security measures also invites cyber threats.

Internal Culture and Habits

#TimeToDoBig

Enterprise Security Solutions – Run the Business, Thwart the Risks

Choice Overload

The IT security field is flooded with products, especially for micro, small and medium enterprises. They can choose their ant i -v i rus /ant i -malware /ant i -spyware software, firewalls, file encryption tools and other security measures from hundreds of vendors. However, they are not capable of differentiating between alternative products and often fail to invest in the technology that they need. In some cases, they procrastinate and cannot make a choice.

The integration of tools bought from different vendors is also a challenge. Products may clash with each other and eventually create more problems than they resolve.

Page | 8

Employees have administrative rights to their systems and may have downloaded apps that put their work-related data to risk.

Decentralised organisations are also vulnerable to attacks. When teams work in silos, it is more challenging to manage an IT risk – this is because different groups may have different security measures to control a common risk.

While the inherent weaknesses of legacy IT security measures are evident, an analysis of the complete ecosystem shows that humans are still the weakest links of enterprise security.

Employees in any office can be intrin-sically complex and multifaceted with their influences, beliefs, weaknesses, priorities and agendas. Some may be simply too trusting. For any business, even the most sophisticated systems can be assaulted by social engineer-ing.

No amount of security software, firewalls and network topologies can stop a user from naively clicking an email link or being persuaded to give login credentials to someone who pretends to be from ‘office IT department’.

Therefore, IT security is not merely about technological defences – it’s also about people. Digital and cyber literacy are important for everyone – from home office-based professionals to senior employees in the private and public sectors. The best practices to optimise enterprise security have been talked about later in this white paper.

The Weakest Linksin EnterpriseSecurity

#TimeToDoBig

Enterprise Security Solutions – Run the Business, Thwart the Risks

Smart VPN offered by Tata Tale Business Services (TTBS) provides an SLA-backed comprehensive, secure connectivity cover that delivers data privacy, cost savings and reliable service. It is available in forms of both MPLS and Internet VPN to help businesses of all sizes across industries.

Application Security

With a centralised application/ software and operating system patch management and configuration, businesses can offer secure access to organisational resources – even on devices owned by employees – while mitigating DDoS attacks and other advanced threats. Instead of implementing security services provided by a myriad of vendors, a Unified Threat Management (UTM) solution is recommended for app security. Data Security

Enterprises must prevent their critical and sensitive data from residing on endpoint devices such as desktop/laptop computers,smartphones, tablets and specialised hardware like POS terminals. It is better to keep them in secure data centres. When data needs to be mobilised for access to employees across locations, it is essential to address its storage with encryption, containerisation and secure file sharing.

New Ways to SecureEnterprise Apps andData

Page | 9

With their digitalised work practices and mobile workforce, business today cannot keep their IT infrastructure and data secure using the traditional approach.

They must aim for an integrated and comprehensively secure environment that enriches and unifies user experience and secures all kinds of enterprise apps and data, while also simplifying the IT team’s ability to manage hybrid multi-cloud environments.

The approach to IT Security should be guided by:

Network Security

Organisations should leverage the security features of a Virtual Private Network (VPN) to provide their employees with encrypted access to desktops and enterprise applications. With a managed VPN, they can enable network access control and micro-segment networks for better security and compliance while also ensuring high levels of service uptime and performance.

#TimeToDoBig

Enterprise Security Solutions – Run the Business, Thwart the Risks

At TTBS, we have designed custom solutions to deliver a streamlined application and data security.

Our Virtual Unified Threat Management (vUTM) service, which is deployed and administered in the cloud, integrates critical security functions including firewall, intrusion detection and prevention, anti-virus, anti-spam and web content filtering. With an OpEx model, it reduces security management costs and optimises the existing IT infrastructure.

For data encryption and security of file sharing, the TTBS team provides Secure Connect that links an organisation's private network to leading cloud service providers by privatising a public cloud network. The idea here is to extend the benefits of cloud computing while giving it the security of a private, encrypted network. Secure Connect also enables quicker data transfers and seamlessly transitions between a private business network and public/hybrid cloud.

Page | 10

To further protect business websites, TTBS recommends its DDoS Detection and Mitigation that uses state-of-the-art Arbor Peakflow DDoS technology to identify and prevent malicious traffic on websites. This feature is particularly helpful for E-commerce websites where the basis of business is a flawlessly working online store.

Contextual Access

In addition to deploying relevant tools for IT security in modern workplaces, businesses must ensure suitable levels of access to endpoints and networks by defining user roles and maintaining security profile of all individuals working for it from different locations.

Analytics and Insights

Lastly, it is vital to check any degrada-tion in the user performance, identify its source in minimum time, detect attacks and misconfigurations and comply with industry regulations. The web-based interface of vUTM provided by TTBS is enriched with features for this aspect. Its industry-leading technology for log management and analysis, coupled with a web-based interface, helps to access reports online at any time.

#TimeToDoBig

Enterprise Security Solutions – Run the Business, Thwart the Risks

Best Practices toMake EnterpriseSecurity Everyone’sDutyWorking amidst an ever-expanding range of cyber threats, employees – the frontline participants – have a crucial role to play in the security of their organisation.

IT security strategies and tools must, therefore, be complemented by certain best practices in the business work culture.

These can be implemented by:

1. Training Users

Informed and security-conscious teams can help companies defend their data and IT infrastructure against most threats. A top priority for organisations should, therefore, be training employees on how to work safely on any device, from any location. Everything presented should be specific to a user’s function rather than a one-size-fits-all approach.

2. Engaging with Line-of-Business Managers

A vital element for effective security is the close working relationship between IT administrators and line-of-business managers. Regular meetings with department heads enable IT teams to infuse suitable safeguards into new business practices as soon as they are initiated. It also offers them an essential and direct perspective on different groups’ unique requirements and risks.

3. Giving Mobile Consideration to Security Policies

It should be remembered that training alone cannot ensure optimum security. Multiple devices, networks and storage systems used by remote employees – for their own convenience – could be beyond the business IT control. To keep security policies in sync with the BYOD culture, organisations may want to restrict access to their company’s data based on where workers are located and the kind of device they use.

In such a scenario, they can adopt bespoke policies to shield sensitive information more vigilantly than general information and offer less access to users with consumer-grade devices than those who have more systematical-ly “locked down” enterprise-grade devices.

Page | 11

Enterprise Security Solutions – Run the Business, Thwart the Risks

#TimeToDoBig

Conclusion

Page | 12

#TimeToDoBig

Enterprise Security Solutions – Run the Business, Thwart the Risks

4. Enforcing Policies Consistently

If employees believe that violating a security policy results in no severe consequences, or worse still, bypassing them can help to enhance productivity, the organisation’s policies will lose their value over time. It is crucial to define and take documented course-of-action for policy violation to ensure that rules are rigorously followed.

Tata Tele Business Services works closely with its clients to help them build a clean and complete architecture of defence strategies and optimised data security. We enable security leaders across organisations to make quick and intelligent cybersecurity decisions. By connecting security events and controls with business outcomes, chief IT security officers also get a clear idea of the value their teams deliver to the organisation.

The enterprise can then focus on efficient management of risk environment rather than working merely on compliance at the cost of strategically achieving business growth, innovation and value. After all, the very idea of building and scaling effective security management programs is to support a future-ready enterprise.

Sourceshttps://secure2.sophos.com/en-us/security-news-trends/whitepapers/gated-wp/uncomfortable-truths-of-endpoint-security.aspx

https://www.nccgroup.trust/uk/about-us/newsroom-and-events/press-releases/2017/september/security-vulnerabilities-in-the-finance-sector-increase-by-over-400-since-2013/ https://economictimes.indiatimes.com/small-biz/startups/newsbuzz/snag-leaks-tax-info-of-amazon-india-sellers/articleshow/67465871.cms https://economictimes.indiatimes.com/small-biz/startups/zomato-hacked-hackers-steal-data-of-17-million-users/articleshow/58742044.cms

Get in touch

TATA TELE BUSINESS SERVICESMarket leaders with the widest range of products and solutions.

| Collaboration | Connectivity | Cloud & SaaS | IoT Solutions| Marketing Solutions | Security Solutions

Call 1800 266 1800Email dobig@tatatel.co.inVisit www.tatateleservices.com

Find us on

http://twitter.com/tatadocomobiz

https://www.instagram.com/tatadocomobusiness/

https://www.linkedin.com/company/tata-docomo-business-services

Page | 13

#TimeToDoBig

Enterprise Security Solutions – Run the Business, Thwart the Risks