For nearly 25 years, Diamond Technologies of Wilmington has been on the cutting edge of systems and integration technology. In the early days, Diamond Technologies was a software development company that eventually transitioned into systems integration, support, and consulting for our public and private partners. With 50 employees, the firm oversees work and system management […]
For nearly 25 years, Diamond Technologies of Wilmington has been on the cutting edge of systems and integration technology.
[caption id="attachment_206826" align="alignright" width="288"] Duncan Bachen[/caption]
In the early days, Diamond Technologies was a software development company that eventually transitioned into systems integration, support, and consulting for our public and private partners. With 50 employees, the firm oversees work and system management across numerous states including, Delaware, West Virginia, Vermont, and Oregon. Here locally, solutions span across several Delaware agencies, DelDOT, Education, Labor, State, and DHSS. Notable private clients include the YMCA, Bank of America, Henrietta Johnson Medical Center and BrightFields environmental services.
But the more technology businesses use, the more access points for cybersecurity attacks there are, and some attacks are already on your computer right now. Diamond Technologies Vice President of Security and Architecture Duncan Bachen said that in recent years, it has become exceedingly difficult to secure corporate infrastructure with technologies from the past.
“The analogy I like to use is a moat and a castle. The moat, or IT security, is designed to keep the siege, in this case the bad actors out. But the reality is, they are already in the castle. They just haven’t woken up and attacked yet,” Bachen said.
Even if a company has the best virus protection out there, the biggest chink in cybersecurity measures is the employees. Diamond Technologies estimates that more than 99% of all attacks in the past year relied on human error to allow a security breach. Sixty percent of small to midsize businesses within six months of a cyber-attack go out of business.
Bachen’s vantage point, most businesses are aware of security issues like phishing or clicking on an ad that contains embedded viruses. But what he is seeing more of these days is hybrid attacks where viruses are piggybacking on authentic software that is downloaded straight from online.
To continue the analogy: the lords and ladies that live in castles under siege still allow food to breach the fortress walls, and those goods conceal the true threat. Sometimes that threat is not discovered until weeks or months later.
Often, those viruses, attack vectors and automated scripts are looking for one thing: complete access.
“The people who send those out don’t care about the administrative assistant or the engineer. They want the person who has all the keys to all the doors inside,” he said. “And once they get in, they get everything. The theory is to attack the one person who is credentialed.”
To head off internal and sleeper attacks, Diamond Technologies recommends implementing Zero Trust framework, or an attitude of trusting nothing, verify everything and limiting access inside the company. The strategy aims to reduce the bad actor’s chances to get access into the system.
“All it takes is one. So, the solution is to be more restrictive, and invert the entire model to a perimeter defense. You just don’t know these days, so it’s better to trust and verify and be safe than sorry,” Bachen said.
Companies can start to implement Zero Trust by “authenticating up,” making sure no one has complete access to everything in the organization. For example, if someone needs to download software then they would need a username and password to do so.
That could mean the employee would get the login credentials from someone else in the company. In a high-secure setting, that could require authentication all the time, like swiping a keycard every time you reach a door.
“It may seem like it’s overkill, but it’s set up so that no specific user has any real privilege, and they are limited to what they can do,” Bachen said.
Another measure could be having two logins on a work computer: one for everyday use and another for administrative duties. In that case, even if malware is downloaded throughout everyday use, its reach is limited and cannot access critical infrastructure a business needs to operate.
Those who are at the biggest risk of cybersecurity attacks are the day-to-day employees. If security protocols are not supported by upper-level management, it most likely will not be successful. It can be hard to implement because constant authentication can be “an enemy of productivity” in many cases.
“Most business owners understand the risk, but then they get a little leery about slowing staff down,” Bachen said. “The compromise needs to be how to put the security in such a way to keep them doing their jobs. But to be a high-security environment, you have to be all in.”
What sets Diamond Technologies apart from other firms in the region is that its team includes those with backgrounds in major manufacturers, banking, pharmaceutical companies. That gives its team an in-depth knowledge of what works and does not work for its customers through a process-oriented environment.
“With the team we have hired, we’ve created a warehouse of information to better protect companies. There’s just so many things we deal with daily, and we’ve seen enough things and come up with processes around it,” Bachen said. “We’re uniquely suited to solve these issues, so companies don’t have to build the system on their own.”
Visit diamondtechnologies.comfor more information on how to secure information for your business.
Duncan Bachen, Diamond Technologies VP of Architecture and Security Services, has been an IT professional for over 25 years, representing local, national, and international organizations. Originally intending to combine his love of film and computers in the special effects industry with a BFA from Ithaca College, Duncan has instead brought his eye for detail and quality to his IT career. He is a passionate problem solver who likes to think outside the box. Certified as MCSE, MCSA, and MCP, pursuing a CISSP and CEH. In his spare time, he enjoys movies, theater, games, and puzzles of all kinds as well as being active in a medieval recreation group.