For the last several years we have seen dozens if not hundreds of companies fall victim to some level of data breach. Those data breaches cause reputation damage, the company is often fined and/or is financially responsible to remediate customer impact, people lose their jobs, or even worse, the company is faced with a lawsuit. Data exposure is inevitable, so how your company responds is crucial to its success in overcoming it.
The Sky is Not Falling…yet
Over the last ten years most of us have been buried in the cyber threat landscape with a constant evolution on how hackers, actors, insiders, or systems will compromise our data. However, while most people are focused on reacting, some are placing a little more emphasis on being proactive. In fact, there are several things we can consider in helping protect our infrastructure and data.
Prioritize Risk Score Models
This is easier said than done, but most companies have a difficult time building a score model for critical systems. There are several solutions out there that provide scores, but putting some logic behind this quantitative formula is the key in risk vulnerability & transparency. Understand the formula and consider getting an opinion from Risk Governance or Advisory teams.
Prevent
We have often seen prevention controls. For example, a user is prevented from accessing a file, application, database, or even a sensitive office floor or room. However, there are policies and procedures that need to evolve to help access controls be effective. In another example, firewalls do a great job at making sure the bad guys are kept out, but imagine if administrators started focusing on the inside security perimeter first before moving to the external perimeter, especially since about 75% of breaches are caused by insiders.
Detect
By now most companies can detect vulnerabilities, possible breach, or malicious act on their servers, network devices, and appliances. However, many of our clients have asked us a very common question, “How do we present and simplify all this machine data?”. The answer, SIEM solutions do a good job at creating a visualized interface where your technology team can view current events and provide managers and executives with specific dashboards and reports.
Respond
This is an area where clients often find themselves having to mature, not because their unwillingness to adopt to evolution, but because they don’t have access to every subject matter resource. However, establishing a Playbook helps employees initiate procedures and processes during an undesirable event. This will be the difference in effectively eliminating the threat and understanding what caused it, as well as how and when to remediate events.
Predict
This is the most challenging aspect of information security: what, how, and where the next attempt will come from. The solutions we see around Identity & Access, NexGen Firewalls, AppSec, and others, are mature enough to address current threats that have some signature based detection. Even threat intelligence communities have done an incredible job at sharing information regardless of industry or competition. We often recommend building a behavioral analytics model based on logical patterns that can easily be predetermined to drive policy and procedural enforcement. It’s easier said than done but not impossible; in fact, we have a pretty good success history with our clients.
At the end of the day, month, quarter, or year, most of us reflect and evaluate our performance and objective's success and failures in protecting our data. It will not be achieved by us acting as individuals, but by us working together as a team and sharing relevant information that could be leveraged by our intelligence community. We need to hear all solutions and constructive thoughts, including arguments, to improve our chances in postponing our eventual breach.