It is the time for predictions and my colleagues and I have been sharing our thoughts on what will affect the business world over the next year or so (you can read them here). In particular, we have focused on digital transformation and the impact this is having on how we work, live and play.
However, we mustn’t lose sight of the basics, as we build our resilient cyber defense architecture. The digital agenda is a pressing one for all businesses and one that they cannot afford to ignore – the customer is king and the General Data Protection Regulation (GDPR) puts increased pressures on the board to ensure that not only business data is secure but personal data too.
So while we stand by our predictions, I thought it also advisable to reflect on some of the basics that we continually see overlooked by organizations as they try and protect their business from constantly evolving cyber threats.
1. Assess the baseline
With an increasing focus on “platforms”, it is crucial that this fits into a resilient cybersecurity architecture and to ensure efficiency in reducing potential threats and vulnerabilities. Performing a baseline assessment will ensure the correct security foundations are in place to help you get the best from your security investments.
2. Scan the environment
One of the most important basic practices is vulnerability scanning, but running a vulnerability scan on its own is not enough. The results should be analyzed and assessed against your critical assets. This approach ensures that risks are put in context and valuable resources are focused on mitigating the right risk.
3. Plan for a breach
Incident response plans are critical for minimizing the impact of a breach. Complex cyber threats are difficult and time-consuming to unpick and may require specialist knowledge and resources to comprehensively resolve. By having a well-defined plan, and testing it regularly, as well as recognizing that security incidents will happen, organizations will be better prepared to handle incidents in an effective and consistent way.
Most business recognize the shortage in cybersecurity skills and the industry as a whole is collaborating more. We work closely with our technology partners and industry and government bodies to share intelligence. We now focus on prediction and prevention to get ahead of the potential threats. Collaboration will allow businesses to actively manage the threats before it impacts them.
5. Support the basics
Clearly it is now on the board’s agenda but we need to ensure that everyone is aware of the risks. It is everyone’s responsibility in our digital economy to be responsible for cybersecurity. This is why we support training and education programmes to ensure that everyone supports the basics of cybersecurity.
6. Reduce the noise
There is the potential for huge amounts of data to be collated and analyzed across the enterprise. Focus should be on the quality of this data and the reduction in false positives. Too often organizations are drowning under the wealth of un-actionable security data. Technologies aren’t configured correctly or are simply too complex to manage effectively. Configuring, tuning, and managing the security technology either directly or through a trusted partner is also a basic requirement that many organizations are failing to master.
So while we always start to look forward at this time of year we should not lose the lessons of the past and ensure that we get the basics right.
About NTT SecurityNTT Security is the specialized security company and the center of excellence in security for NTT Group. With embedded security we enable NTT Group companies (Dimension Data, NTT Communications and NTT DATA) to deliver resilient business solutions for clients’ digital transformation needs. NTT Security has 10 SOCs, seven R&D centers, over 1,500 security experts and handles hundreds of thousands of security incidents annually across six continents.