[BreachExchange] 10 questions you should ask to protect your business from cyber threats
Inga Goddijn
inga at riskbasedsecurity.com
Wed Sep 28 17:51:33 EDT 2016
http://opensources.info/10-questions-you-should-ask-to-protect-your-business-from-cyber-threats/
By asking these questions, you can ensure your organisation is conducting
appropriate ongoing threat simulations and providing the kind of training
and education it needs to improve its ability to detect, react to and
recover from a security breach
Cyberattacks are becoming more frequent and costly and it seems no
organisation size, type or industry is immune.
What makes the difference between just another day at the office and
becoming the next data breach news story?
Too many organisations focus their cybersecurity efforts on the wrong
areas. For example, they invest huge sums of money on building a network
perimeter rather than thinking about what happens after someone has
breached that perimeter and is virtually wandering around inside their
organisation.
Finding the answers to these 10 questions will help you prepare your
organisation for the attacks you’re most likely to face, fortify your
defences inside and out, and educate all your people to be more prepared.
Prepare for attack
1. Do you test your internal and external systems mimicking real attacks?
Checklists and compliance regimes will only go so far to protect your
organisation from cybercriminals. To assess your ability to deflect
real-world attacks you must perform testing that mimics those attacks as
closely as possible.
2. Are you prepared for the human vulnerability?
By nature, we humans are inquisitive, trusting and often quick to be
helpful. Attackers know this and take full advantage of it in order to
circumvent organisations’ security controls. That’s why you should test
your organisation’s ability to respond to client-side attacks such as
phishing and social engineering.
3. Do you test regularly?
Security tests can only ever be a point-in-time assessment. While annual or
biannual testing may satisfy legal or risk and compliance obligations, it
does not accurately represent the dynamic threat landscape.
Most organisations commission and decommission systems regularly and modify
content daily. This constant state of change necessitates more frequent
security testing in addition to whenever significant changes are made to
the environment.
Fortify inside and out
4. Can you detect breaches?
Nothing is ‘hacker proof’. History has shown that the most we can expect
from perimeter defences is that they will slow down intruders; they can’t
stop them altogether. Sooner or later, your perimeter will be breached, so
you will need to implement and test your organisation’s ability to detect
an attack when it happens.
5. Do you know where your critical value data resides?
You can drastically limit the scope of a data breach by identifying which
data is critical to your business, where it is stored, and who has access
to it. This limits a cybercriminal’s opportunities to access your valuable
data even if they breach your defences. It can also make compliance easier
and potentially less expensive.
6. Do you have enough layers of protection?
A single product or solution cannot provide adequate protection from a
determined attacker; it would be like trying to chain a fence closed with
only a single link. Effective protections and countermeasures require a
concentric ring around the critical value data; this is also frequently
referred to as ‘defence in depth’.
By deploying multiple solutions as part of a sound defensive strategy, you
add layers of protection mechanisms. These multiple links form a much
stronger chain (hence the name, chain link fence).
Doing so will not make your organisation immune to threats, but it will
certainly increase the time it takes an attacker to successfully carry out
an attack. You can use this time to identify their attempts, and give
yourself a better chance to stop them before they break through.
7. Is your monitoring up to scratch?
Even the most robust defences are at risk of being compromised by a
determined attacker. This is especially the case with insider threat
actors, who are already behind the perimeter and may have inside
information concerning the organisation’s security practices, critical
value data and system architecture.
It’s absolutely critical for your organisation to quickly identify
anomalous activity, connect the alerts to actual human activity and take
action on those events.
Educate everyone
8. Do your teams know what an attack looks like?
Over the past 20 years, security vendors have boasted that each one of
their solutions will protect organisations better than the last. But
organisations have completely ignored that it is human beings who are
looking at computer monitors filled with alerts.
They need to know how to connect what they see on the screen to real-world
human activity.
Realistic penetration testing and proactive incident response training will
bolster your defences and ensure you’re making the most of the financial
investment you’ve made in your monitoring capability.
9. Have you developed, tested and trained using an incident response plan?
Having a comprehensive incident response plan is not only a really good
idea, it’s also a requirement under many regulatory frameworks. A
well-written incident response plan will dramatically shorten the time it
takes from detecting a breach to responding. It will set in motion a clear,
coordinated response effort.
10. Are all employees aware of common forms of attack?
Attacks where cybercriminals take advantage of human beings are commonly
referred to as ‘client-side’ attacks; they include spear phishing,
browser-based attacks and social engineering. In all instances, human
decision-making is the most effective line of defence.
Training employees to identify, take action, document and report
client-side attacks can significantly reduce your organisation’s potential
attack surface. This will also create a company-wide culture of
security-minded employees who all realise they are not only part of the
fight, but more importantly, part of the solution.
Be honest
By asking these questions, you can ensure your organisation is conducting
appropriate ongoing threat simulations and providing the kind of training
and education it needs to improve its ability to detect, react to and
recover from a security breach.
In asking these questions – and being truthful and realistic about the
answers and consequences – you can minimise the risks to your most critical
data.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160928/e521a104/attachment.html>
More information about the BreachExchange
mailing list