3. Alert on privilege escalations - Besides frequently performing an entitlement review on the Domain Admin group to ensure its members are legit, it's also extremely helpful to setup alerts for additions to that group.
4. Alert on behavioural deviations - Creating profiles of normal behaviour on a per-user basis helps build context, advised Lee. If you baseline each user's normal activity, you can then be alerted when that activity spikes or when it starts behaving uncharacteristically.
5. Setup honeypots - A honeypot is a "shared folder with data that looks lucrative and is open to everyone", said Lee. IT managers can then sit back and see who abuses this. This is a great way to identify the 'turncloaks' and 'imposters' in your company, he added.
6. Closely monitor high-risk people and data - Besides monitoring high-risk data, IT managers should also keep a close watch on high-risk people such as IT administrators and contractors. Always make sure they are only doing what their job scope requires, warned Lee.
Secure backup and DR services through cloud
The 2012 Hurricane Sandy disaster in United States incurred an estimated US$20 billion in lost revenue, according to Diing Yu, Sales Director of Seagate Cloud Systems and Solutions Asia.
The disaster affected everyone, and also forced all businesses - regardless of their company size - to rethink their backup and disaster recovery (DR) strategies with a much more critical eye.
"You have to protect your digital assets to ensure that your business is always on; and cloud is one of the key approaches to dealing with resilience," said Yu. "In this connected world, we have to consider online backup and recovery. Now is the time for cloud because of three factors - operating expenses (OPEX), economies of scale, and on-demand resources."
However, Yu said that despite these advantages, people were still concerned about the safety and security of the cloud. Focusing on this issue, Yu talked about the "sphere of protection" - the left side of the sphere showing the controls that defend against outside threats, and the right side showing those that defend against those inside threats.
Since people could access all layers of the sphere, the right side of the sphere must apply a different approach to security. "People have to become a safeguard of the system. This means that members must be effectively trained, implemented and maintained - or they will also end up posing as a threat to the data and system," said Yu.
New approach to securing end-users
In his keynote, Maxim Weinstein, Senior Product Marketing Manager, Enduser Security Group, at Sophos, encouraged firms to rethink their security approach. "Firms should now focus on securing end users instead of end points as some devices and servers no longer live within the corporate network perimeters. We need to secure the way end users are working instead of end points."
Sign up for MIS Asia eNewsletters.