On Wednesday, April 11 Avecto’s Boston office opened its doors to NewCo Boston. This annual conference encourages companies to open their doors and share their stories of positive change in their community, industry or region. Attendees can expand their network by building personal and professional connections within the Boston area.
First, Christine Nolan, Senior Director of Communities for Mass Technology Leadership Council (MassTLC) shares why she’s excited to be an organizer.
“NewCo Boston is three years old and growing. Each year, it’s expanded more as people look forward to getting an inside look at companies with Boston offices. The event spans three days where technology companies invite attendees into their headquarters to hear from founders and leaders about their missions. The program in Boston features over 70 companies where leaders explain their technologies, why their companies are great places to work and the value they add to the community.”
“We were excited for Avecto to be a speaker this year because of the momentum within the security industry. MassTLC is a technology association that connects tech leaders, investors, academics, and policymakers. Events like NewCo help senior technology leaders share best practices in how to protect their companies and the people working for them.”
Andrew Avanessian, Chief Operating Officer at Avecto, held a breakfast session in Avecto’s Assembly Row office. He explained why removing access to local admin rights is one of the best things you can do to improve security. Andrew spoke to the hidden dangers in your organization caused by the overuse of admin rights, which open the door to outside hackers and insider abuse. Using real-world examples, he helped attendees learn about the dangers of unchecked privileges and that the solution is easier than you think.
I caught up with Andrew after the event, as he shared some of the key takeaways from his presentation…
What key points did you want your audience to leave with?
First, the world has approached cyber security from the wrong way for decades. Organizations make keeping their companies data secure like a cat and mouse game with the bad guys. For example, companies may place a security guard at the door who watches people come in and out of the main entrance. However, the security guard might be better positioned to patrol inside and see what is going on inside the building. By focusing on one entry and reporting just those instances, they may be missing the actual damage that is going on inside the company. It’s what they don’t see you should probably worry about the most.
Secondly, many organizations have the misconception that security is difficult to create and maintain. If companies focus on getting the basics implemented well, it’s not hard to keep a secure security solution. Concentrate first on privilege management and application whitelisting makes it possible to achieve security and usability.
What actions will your participants take when they leave the session?
I’d recommend that they take an assessment of their current security strategy by:
- Assess how many people have admin rights and what they have access to on your network.
- Explore how IT deals with unknown software that has been downloaded onto company devices.
After exploring the current environment at their company, leaders should take these four steps to bring a balance between security and flexibility to their security goals.
• Implement true ‘least privilege’ without over-restricting your users.
• Pick a whitelisting without the operational headaches this has historically brought
• Protect vulnerable applications, enhancing security for your users and your business
• Use actionable intelligence to check in on your solution regularly.
Do you have any suggestions for material attendees could explore to learn more about endpoint security?
Here are some helpful resources to do more research on endpoint security:
• Download the Microsoft Vulnerabilities Report 2017. This report makes the compelling case for least privilege, finding that of the 235 Critical vulnerabilities reported in 2017, 80% would be mitigated by removing local admin rights from users.
• Read my book, The Endpoint Security Paradox: Realising Implementation Success, for practical advice on endpoint security best practices.
• Article by Australian Department of Defense – ‘Top 4’ Strategies to Mitigate Targeted Cyber Intrusions’