[BreachExchange] How to get the most out of your security investment

Audrey McNeil audrey at riskbasedsecurity.com
Mon Apr 18 19:02:42 EDT 2016


http://www.itproportal.com/2016/04/15/how-to-get-the-most-out-of-your-security-investment/

In today’s digital age, ensuring your organisation’s sensitive data remains
secure within company walls goes far beyond simply buying and implementing
a security solution. With the elevated threat of increasingly sophisticated
cyberattacks, it is absolutely necessary that companies understand which
security solution best fits their IT environment and what steps need to be
taken in order to ensure they are getting a continual return on their
investment.

All too often organisations look to resolve security issues by simply
purchasing more expensive security products, without ensuring the solution
can evolve with the company. However, misconfigured or poorly set up
security tools do not offer increased security, rather, they can lead to
increased vulnerability.

Build a long-term plan for your security investment

The proper implementation, configuration and use of data security tools
start with planning. All organisations should have a detailed plan that
outlines security software objectives, the solutions that are currently in
use (or the criteria for choosing a future solution), workflows, tasks with
owners and clear steps for auditing. With no guidelines, security
investments can be made without understanding the long term strategy.

Data security handled by the IT department or, in smaller companies, by an
IT admin, should be treated like any other part of the business. If the
finance department contributes to tracking expenses and revenues and seeks
to optimise profit, the IT security protects intellectual property and
makes sure business is not affected by downtime and other consequences of a
data breach. So, in addition to having clear guidelines, the IT department
should be aware of its role in the organisation and its importance for
business continuity.

Find the best security solution for your company

Once this is settled, the CISO or IT admin needs to make sure they
implement data security tools that cover all vulnerabilities, or at least
the biggest ones, and that they do not have conflicts with security
solutions already installed. These days, threats come from every connected
channel including portable storage devices, insider error, cloud apps,
mobile/wearable devices, IoT, and more.

If there are dependencies between security tools your company uses, or the
tools can be somehow integrated, it is recommended to make sure they work
properly and do not cause problems like high resource consumption or system
crashes. Above all, the solution to securing your company’s data is not to
purchase more expensive security products, but to value the technical
aspects of vendors’ services like support, which is extremely important in
case of a breach or system failure, product roadmap and vision for future
improvements.

Continue to analyse and improve

After implementation and configuration, it is very important to continue
analysing and improving upon the software you have deployed. Every day
security products need to be improved and updated, not only by the vendor,
but also by the enterprises to adapt to new threats. The solutions must
allow the CSO to focus on new threats from high to very low level.

When it comes to day-to-day data security updates, including changes in
policies, incident response, etc., it is up to the IT manager or CISO to
initiate and follow-up to ensure they are done properly. The main
challenges – or better said, pitfalls – that lead to security incidents are
often related to the IT department’s team or manager:

- Ignoring the guidelines
- Superficially evaluating the data security software
- Ignoring the vendor’s best practices or administration guides or failing
to communicate with the vendor if they find issues or bugs
- Disregarding the security patches or feature updates
- Rejecting the renewal of the software, thinking that they do not need
support or updates
- Skipping the audit

The key is to give ownership for each security related task and hold each
team member and manager responsible for what’s going on.

How to respond to a security breach: Plan,do, check, act

In an ideal world, every security executive should be up to date, invest in
the right solutions and have risk management in place to avoid getting
hacked. But until we get there, organisations need to arm themselves with
an appropriate response.

We spoke with Erdal Ozkaya, an IT security guru and CISO at EMT
Distribution, for his recommendations on the immediate first steps any
company or executive should take in the case of a security breach:

Let go of your ego

If a security breach is too complicated for the onsite team, the internal
security expert should work with professionals (such as Incident Response
Teams) who can understand if the breach is still active or not.

Figure out what went wrong

It’s a good idea to do a Forensic Analysis to find out what went wrong and
what was changed and more importantly what data might have been exposed.

Eliminate the problem

After all this, make sure the problem is eliminated, patch the systems,
change the passwords, run a vulnerability assessment and implement a Risk
Management strategy and rebuild the environment based on learned lessons.

Invest in training

Everyone in an organisation should be trained against possible phishing or
Social Engineering attacks.

Test, test, test

Security executives must make sure they conduct a regular simulated network
attack (penetration testing) against their organisation, so basically hack
themselves to find out their weaknesses, check them, act on them. It all
comes down to 4 steps: ‘Plan, Do, Check, and Act’ which represent a
continuous process which will NEVER stop.

Erdal has found that Data Loss Prevention solutions (DLP) offer valuable
information if breaches occur, which normally doesn’t happen if policies
are properly built. The available reports provide details like confidential
data transfers that took place, from which computers, at what time and the
exact transferred content. Once IT Administrators or security staff analyse
these reports, they can address the issue by restricting data transfers for
the problematic users, they can even use the reports as proof in court or
they can take further measures depending on the vulnerability.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160418/bdb5376e/attachment.html>


More information about the BreachExchange mailing list