Cyberattacks are becoming more frequent and costly and it seems no organisation size, type or industry is immune.
What makes the difference between just another day at the office and becoming the next data breach news story?
Too many organisations focus their cybersecurity efforts on the wrong areas. For example, they invest huge sums of money on building a network perimeter rather than thinking about what happens after someone has breached that perimeter and is virtually wandering around inside their organisation.
Finding the answers to these 10 questions will help you prepare your organisation for the attacks you’re most likely to face, fortify your defences inside and out, and educate all your people to be more prepared.
Prepare for attack
1. Do you test your internal and external systems mimicking real attacks?
Checklists and compliance regimes will only go so far to protect your organisation from cybercriminals. To assess your ability to deflect real-world attacks you must perform testing that mimics those attacks as closely as possible.
2. Are you prepared for the human vulnerability?
By nature, we humans are inquisitive, trusting and often quick to be helpful. Attackers know this and take full advantage of it in order to circumvent organisations’ security controls. That’s why you should test your organisation’s ability to respond to client-side attacks such as phishing and social engineering.
3. Do you test regularly?
Security tests can only ever be a point-in-time assessment. While annual or biannual testing may satisfy legal or risk and compliance obligations, it does not accurately represent the dynamic threat landscape.
Most organisations commission and decommission systems regularly and modify content daily. This constant state of change necessitates more frequent security testing in addition to whenever significant changes are made to the environment.
Fortify inside and out
4. Can you detect breaches?
Nothing is ‘hacker proof’. History has shown that the most we can expect from perimeter defences is that they will slow down intruders; they can’t stop them altogether. Sooner or later, your perimeter will be breached, so you will need to implement and test your organisation’s ability to detect an attack when it happens.
5. Do you know where your critical value data resides?
You can drastically limit the scope of a data breach by identifying which data is critical to your business, where it is stored, and who has access to it. This limits a cybercriminal’s opportunities to access your valuable data even if they breach your defences. It can also make compliance easier and potentially less expensive.
6. Do you have enough layers of protection?
A single product or solution cannot provide adequate protection from a determined attacker; it would be like trying to chain a fence closed with only a single link. Effective protections and countermeasures require a concentric ring around the critical value data; this is also frequently referred to as ‘defence in depth’.
>See also: The future of cybercrime
By deploying multiple solutions as part of a sound defensive strategy, you add layers of protection mechanisms. These multiple links form a much stronger chain (hence the name, chain link fence).
Doing so will not make your organisation immune to threats, but it will certainly increase the time it takes an attacker to successfully carry out an attack. You can use this time to identify their attempts, and give yourself a better chance to stop them before they break through.
7. Is your monitoring up to scratch?
Even the most robust defences are at risk of being compromised by a determined attacker. This is especially the case with insider threat actors, who are already behind the perimeter and may have inside information concerning the organisation’s security practices, critical value data and system architecture.
It’s absolutely critical for your organisation to quickly identify anomalous activity, connect the alerts to actual human activity and take action on those events.
8. Do your teams know what an attack looks like?
Over the past 20 years, security vendors have boasted that each one of their solutions will protect organisations better than the last. But organisations have completely ignored that it is human beings who are looking at computer monitors filled with alerts.
They need to know how to connect what they see on the screen to real-world human activity.
Realistic penetration testing and proactive incident response training will bolster your defences and ensure you’re making the most of the financial investment you’ve made in your monitoring capability.
9. Have you developed, tested and trained using an incident response plan?
Having a comprehensive incident response plan is not only a really good idea, it’s also a requirement under many regulatory frameworks. A well-written incident response plan will dramatically shorten the time it takes from detecting a breach to responding. It will set in motion a clear, coordinated response effort.
10. Are all employees aware of common forms of attack?
Attacks where cybercriminals take advantage of human beings are commonly referred to as ‘client-side’ attacks; they include spear phishing, browser-based attacks and social engineering. In all instances, human decision-making is the most effective line of defence.
Training employees to identify, take action, document and report client-side attacks can significantly reduce your organisation’s potential attack surface. This will also create a company-wide culture of security-minded employees who all realise they are not only part of the fight, but more importantly, part of the solution.
By asking these questions, you can ensure your organisation is conducting appropriate ongoing threat simulations and providing the kind of training and education it needs to improve its ability to detect, react to and recover from a security breach.
In asking these questions – and being truthful and realistic about the answers and consequences – you can minimise the risks to your most critical data.
Sourced by Chris Pogue, chief information security officer, Nuix