Last year when I bought a new car, I was looking for features like a backup camera, close-object sensors, running lights and a solid structure. Sure, the idea of trying new technologies was kind of appealing, but the truth is, all of these things were about security and safety. My desire was to lessen the probability of an accident. I know that investing in these features won’t prevent me from having an accident. But they do allow me to monitor for dangerous objects that might come my way, and alert me to my own bad driving habits – thus reducing my probability of getting into an accident in the first place, and reducing the potential severity of an accident should one occur.
Organizations frequently make investments with security in mind. Traditional security, such as installing gates and locks, are ways to help prevent criminals from coming into a physical building. The same is true when it comes to cybersecurity. Companies (and individuals) invest in tools to help monitor and defend against cyber-attacks. Yet some believe that investing in advanced cyber tools is a futile effort because, eventually, there will be a breach anyway. Of course, breaches are possible even when using the latest and greatest tools, but having good monitoring tools and processes reduces both the likelihood and the severity of a breach.
According to Mandiant’s 2014 Threat Report, the median time from an initial compromise to the time someone learns about the breach is more than 200 days. This means the cyber-intruder is in the network for nearly seven months before anyone knows it. The greatest damage is not the compromise on Day 1, but rather the many days on end that data can be harvested and shared unknowingly.
As individuals, it is important that we keep up with the latest virus scanning tools and ensure our networks are locked and secure. We need to practice good cyber hygiene by accessing only trusted sites and ignoring, and reporting, suspect email. These simple practices help protect our personal assets.
Companies and public agencies also need to invest in similar tools and practices for threat prevention and detection. Below are a few suggestions:
- At a minimum, establish adequate firewalls, prevention and detection tools, and keep tools and patches up to date. Patches provide the latest upgrades in vulnerabilities for a changing threat landscape. Redundancy in tools also helps ensure greater protection.
- Perform continuous monitoring of the organization’s security posture. Assessing the current security posture of the technical environment is important, but so is ongoing assessment. Technology in any organization undergoes constant change that opens it up to vulnerabilities. Continuous monitoring helps to identify vulnerabilities and gaps in security.
- For critical infrastructure systems or those systems holding sensitive data, consider 24x7 security operations centers (SOC) to perform critical monitoring of technology networks. As threats come in, security operations analysts can isolate and stop any unwanted intrusions and analyze trends. Having SOC analysts isolate successful attacks immediately helps speeds incident response to reduce the impact of the intrusion.
- Participate in cybersecurity information sharing groups. Even with all of the tools out there to stop threats to networks and data, threats are constantly changing to break through the latest detection techniques. Information sharing groups are on the front line to analyze and share what to look for.
- Expose findings internally to demonstrate the value of the tools. Investment in prevention and detection tools may seem like futile investments if you don’t extoll what they are doing to those stakeholders who must approve the investments. Create a dashboard for your corporate boards and/or executive management teams so they can see the ROI.
Since there can be no guarantees for absolute cyber protection, organizations should also focus on early detection and incident response. These are now on equal footing with protection. In this paradigm, investment is not futile because it reduces risk exponentially for protection as well as detection and response.