Another day, another high profile data breach has hit the headlines. Taking a layered approach to security has never been more important – both from a business and consumer point of view.
The question is: if you don’t know you have been hacked, what can you do about it? Quite simply, becoming aware of a breach is crucial if organisations are to respond to it and minimise the impacts. A well-defined incident response plan is important, although focusing purely on a response is not enough. If a business doesn’t know an incident has occurred, how can it put a plan into action.
That’s why a layered approach to security is vitally important as cyber risks must be put into context in order to take the right preventative or restorative actions. For businesses, getting insight and control of their critical systems is essential. Technology can help by providing activity logs and monitoring who has access to what and when. However, this is not enough and these data points need to be turned into actionable intelligence – providing the organisation has visibility across their networks and understands what is happening and if action needs to be taken to close a vulnerability or react to a data breach.
There are several ways to achieve a security operations model such as opting for a managed security service (MSS). When opting for MSS, it is important that organisations consider what it provides. After all, they are not all the same, and it is the analysis of the data that provides true insight and actionable intelligence.
Another option might be to set up a dedicated or in-house security operations centre (SOC), which typically involves teams of security experts analysing and interpreting data to identify and mitigate cyber risks. A third option is to take a hybrid approach, using both onsite and outsourced resources to provide a scalable security operations model.
Regardless of the approach taken, it is important that the model provides timely visibility into the critical assets of the network in order for businesses to make informed decisions.
Back to basics
What recent cyber attacks have shown is that basic controls and processes still matter. Organisations should perform regular security software patching and updates, so they can remain effective against evolving and persistent threats. It’s worth remembering that although a simple control, properly maintained anti-virus does detect 40-50 per cent of malware.
Maintaining appropriate data policies is also important – particularly understanding who has access to critical systems and continually evaluating if data access privileges are appropriate including ensuring that past employees no longer have access to corporate systems.
Good password hygiene plays a key role too. Both businesses and consumers should avoid reusing the same password for all accounts. Regularly changing them means that, even if they are not aware of a breach, it might make it more difficult for hackers to access the information stolen.
How to prevent or mitigate an attack
A complete security operations framework is required for companies to continuously prevent and mitigate the impacts of a breach. Some key ingredients to a successful approach include:
- Understanding your risk– conduct an annual risk insight to understand the current risk exposure and to keep the board engaged with cyber risk.
- Secure configuration – keep hardware and software protections up to date. Stay on top of basic protection and use multi-factor authentication for critical business systems.
- Educating and training employees – ensure they know company policies and incident response processes.
- Incident response – establish, produce and routinely test and communicate incident management plans.
- Monitoring – continuously monitor all systems and associated logs to spot potential attacks and minimise risk.
Stuart Reed, senior director at NTT Security
Image source: Shutterstock/deepadesigns