Detect and devalue: Changing how organisations approach IT security

Cyberattacks and data breaches continue to plague board members and c-suite executives on a daily basis. With the average cost of a data breach rising to £2.37 million in 2015, securing against such events is becoming a boardroom priority.

Last year marked a 38 per cent increase in security incidents including high profile attacks that targeted Ashley Madison, Carphone Warehouse and TalkTalk. Unfortunately, this year is unlikely to be any different with cybercriminals constantly on the lookout for new opportunities to pilfer valuable business data.

Planning for the inevitable

While companies should take every possible step to ensure a breach doesn’t occur, the sophisticated techniques used by today’s cybercriminals means that in reality they should also be planning for an inevitable breach. Many businesses are likely to face a significant number of cyberthreats on a daily basis and it is an unfortunate truth that at least one of these attacks will be successful.

Businesses need to take a new approach to cybersecurity in order to reduce risk and subsequently diminish the costs resulting from a breach. Preventative measures are, and will continue to be, a prerequisite of good IT security. However, in today’s IT security landscape large organisations should shift focus and resources from prevention to detection and damage limitation.

By accepting that it’s not IF a breach occurs, it’s WHEN, a business can focus on limiting the damage hackers can do once inside their network.

Investing in security

Businesses should increase investment in detection tools that help to identify a breach sooner in order to limit damage. As the time it takes for an organisation to discover a breach becomes of greater interest to regulators and customers, detection will logically take an ever more prominent role in IT security measures. This can serve as a public indication of a company’s vigilance where in some cases the time between breach and detection runs into months or even years; subsequently having a damaging effect on corporate reputation.

A greater focus on damage limitation also mitigates the effects of a security breach. For example, steps such as full disk encryption at the hardware and server level ensure that if the hacker gains access to data, their haul will be unusable, effectively devaluing the data.

A ‘detect and devalue’ approach to IT security will require some new thinking from board level to the IT systems administrator. To help with this process, businesses and IT teams should hold regular war room sessions where executives run through worst-case scenarios of what could happen should an attack be successful. As a result of such planning, a company will be better placed to identify the methods that limit damage should a hacker gains access to the corporate network while also ensuring the success of a ‘detect and devalue’ security strategy.

Darin Welfare, EMEA VP, WinMagic