Data breaches happen. It’s ok to say it. In fact, we would be better off getting a lot more comfortable with it, because the fear of data breaches is actually making many organisations much less secure. For many, fear has become an obsession that, too often, draws attention away from an organisation’s real security success.
Everyone agrees with the premise that there is no such thing as a completely secure network. Yet we continue to define ‘successful’ security as preventing 100% of attacks. It is time to rid ourselves of this paradox.
Successful security does not require perfect prevention – it requires the ability to detect, and rapidly respond, to any threats that penetrate your network, before they become serious incidents.
We recently conducted a survey of IT security professionals and found that approximately 65% of respondents had experienced malware-related breaches – that’s up from 56% in 2016. With everything we know about the frequency and success rate of cyber attacks (and the fact that a major breach makes headlines seemingly daily), organisations need to understand that breaches are inevitable.
Hackers, now armed with nation-state-grade tools, present an unrelenting outside threat. At the same time, employees, careless or malicious, often enable breaches from within. In fact, a report from Intel unearthed that insider threats are responsible for 43% of data loss, with half of incidents caused accidentally through poor practices and the other half due to intentional behaviour.
Acknowledging that breaches will occur and planning to react helps reduce the fear – and the fear-based decision making – that can make security issues worse. The first step businesses can take to reduce fear and improve security is embrace the idea that most organisations exist in a state of continuous compromise.
For major enterprises especially, some level of threat (i.e. malware, or a malicious insider) is most likely continuously active on the network. By accepting this, security teams can focus on what’s important – detection and response. At its core, this is a shift in mindset, from focusing on preventing all threats to a dual focus encompassing both prevention and rapid detection and response.
The most common effect of fear in security is that enterprises tend to overvalue perimeter defences, out of a fanciful-but-appealing notion that building a barrier offering total protection is possible.
One recent UK survey found that 94% of IT decision makers say ‘Perimeter security is effective,’ and ‘Many believe all their sensitive data to be secure despite not knowing where it is.” These are two shocking statements given the research presented above.
IT decision makers Organisations have been building bigger walls and deeper moats for years, but the number and severity of breaches continue to rise. A more sophisticated, reality-based perspective suggests a superior strategy for securing sensitive data: perimeter security should be the first line of defense, but not the only one. When a threat makes it through the perimeter, rapid detection and response solutions can recognise malware or dangerous activity that is attempting to establish itself on internal systems, and can then mitigate the potential harm to the greatest degree possible.
It’s by overcoming the obsession with avoiding data breaches – and adopting layered security technologies that both prevent breaches and prepare potent breach responses – that enterprises can best ready themselves to achieve the most favourable result available.
When data compromises occur, the manner in which an organisation reacts has a tremendous effect on the incident’s overall outcome. Unfortunately, the traditional method of response has been a fear-based reaction, often including the public firing of security professionals (or executives) as if those personnel were at the root of the issue at hand.
The organisation would then continue to sink even more resources into perimeter solutions, hoping to prevent data breaches from reoccurring while continuing to treat their breach responses as an afterthought. Inevitably, new breaches do occur, the organisation becomes no safer, and fear continues to rule.
Contrast this with a rational, measured response to a breach incident. Acting with cool-headedness and an accurate perspective on the realities of breaches, an organization will launch a full investigation into the incident, empower and support its security team’s efforts to understand what has occurred, and work to develop a strategy for preventing such an incident next time.
The organisation will also ensure that the right resources are available to the security team, and that communication about risks caused by the breach is going straight to the top of corporate leadership. Overall, businesses are much better off when they understand the value of preparing for (and delivering) an effective response to breach incidents.
It must also be acknowledged that a deep-seated, destructive stigma exists which drives enterprises to dread the moment when they must admit a breach has occurred.
This stigma leads to shame and secrecy, effectively reducing the reporting of breach incidents. Perversely, hackers thrive in this environment precisely because organisations are bound by fear and will not share information about breaches that could otherwise prove valuable in opposing them.
This stigma must be exposed and challenged. Really, doing so is essential to establishing a safer, less breach-prone world. In order to propel the shift to a healthier mindset, it’s increasingly critical to acknowledge the benefits of open and honest sharing of breach information and the realities enterprises face.
When organisations have the safety and encouragement to share the truth – and the full details of data breach incidents are immediately made public – enterprises as a community at large will have the information to enact countermeasures and defeat further threats utilising the same methods.
Adding immediacy to this issue, the need to conquer the fear of breaches, establish openness when it comes to incident information, and build robust breach response capabilities is soon to be compounded by the arrival of a mature IoT (20 billion units strong by 2020).
Enterprises will be awash in vast quantities of these network-connected edge point devices, presenting a massive attack surface for hackers and a fresh set of challenges for security teams.
Perimeter security measures will be tasked with guarding a perimeter of unprecedented magnitude, which, just as today, they will be hard-pressed to defend without incident.
However, if this challenge is met fearlessly, breach response technology informed by honest assessments of the threats at hand can and will offer the greatest capabilities for keeping data secure.
Sourced by Patrick Dennis, president and CEO of Guidance Software