Another day, another headline of a high profile data breach that hits the mainstream press. Taking a layered approach to security has never been more import – both from a consumer and a business point of view.
If I don’t know about it, what can I do about it?
Quite simply, becoming aware of a breach is crucial if you are to respond to it and minimise the impacts. We have spoken before about a well-defined incident response plan, though focusing purely on a response is not enough – if you don’t know the incident has occurred, you can’t put the plan into action. That’s why a layered approach to security is vitally important as cyber risks must be put into context in order to take the right preventative or restorative actions.
Getting insight and control of your critical systems is essential. Technology can help here by providing activity logs and monitoring who has access to what and when. Increasingly however, this is not enough and these data points need to be turned into actionable intelligence – providing the organisation visibility across their networks and understand what is going and if action needs to be taken to close a vulnerability or react to a data breach. There are several ways to achieve a security operations model such as opting for a managed security service (MSS). When opting for MSS it is important to consider what it provides – they are not all the same, and it is the analysis of the data that provides true insight and actionable intelligence. Another option might be to set up a dedicated or in-house security operations centre (SOC) – this usually involves teams of security experts analysing and interpreting data to identify and mitigate cyber risks, though can carry considerable overhead. A third option is to take a hybrid approach – utilising both onsite and outsourced resources to provide a scalable security operations model. Whichever approach is preferred, it is important that this model provides timely visibility into the critical assets of the network in order to for informed business decisions to be made – including triggering an incident response plan.
The basics still matter
What recent hacks have shown is that basic controls and processes still matter – regular security software patching and updates should take place to remain effective against evolving and persistent threats. It’s worth remembering although this is a simple control, properly maintained anti-virus does detect 40-50% of malware.
Maintaining appropriate data policies is also important – particularly understanding who has access to critical systems and continually evaluating if data access privileges are appropriate – including ensuring that past employees no longer have access to corporate systems.
Good password hygiene plays a key role – both from an organisational and consumer perspective. Avoid reusing the same password for all accounts and regularly changing them means that even if you are not aware of a breach, it might make it more difficult for hackers to access the information stolen.