[BreachExchange] How Businesses Can Bolster Security and Stop Attacks Before they Happen

Audrey McNeil audrey at riskbasedsecurity.com
Fri Aug 4 14:29:02 EDT 2017


http://infosecisland.com/blogview/24958-How-Businesses-
Can-Bolster-Security-and-Stop-Attacks-Before-they-Happen.html

It takes businesses approximately 49 days to discover a security breach. As
threats continue to bypass traditional security measures and grow in
sophistication, enterprises across every vertical are facing the same
question – “How can we implement the most effective security program for
our business?”

While a reactive security stance may have been sufficient in the past,
recent headlines have shown that security needs to get more
sophisticated—and businesses need to be more proactive.

There are a few major forces that are holding security teams back from
getting their security teams in gear: the worldwide shortage of
professionals with the skills required to prevent and respond to attacks,
the increasingly creative and advanced hacking techniques from cyber
criminals, and the tendency to take a reactive approach to security. When
combined, these forces are so strong that they are culminating in negative
news headlines daily.

Fortunately, the mistakes that are keeping organizations from preventing
these major storms in the first place are not insurmountable. Investing in
the wrong areas, being distracted from other business related priorities,
and focusing solely on the known “bad,” to name a few, are things that can,
and should, be addressed.

Here are the core mistakes organizations are making when it comes to
managing their security programs and seeking out and responding to threats
- and what they can do to whip things into shape.

Facing Reality

Organizations are beginning to recognize that threats can cause major
damage whether they are coming from hacktivists, nation-states or a
lone-wolf attacker. Cyber criminals are highly skilled and they are using
advanced hacking techniques that help them bypass even the most sensitive
and protected of networks, from industrial control systems to the
government. In their attempts to respond, organizations are realizing that
the teams they have on hand aren't always up to the task of responding to
these attackers in the most effective way.

And it’s not just due to ability. There has been a longstanding, worldwide
shortage of skilled security professionals. Additionally, the daily
shortcomings in terms of the types of tools used, response methodology and
more has only compounded the problem. For instance, organizations are
investing in the wrong areas. Many are investing in adding on more and more
point solutions without a real plan on how to best use them to deliver
results—and a lot of these solutionsend up just sitting on a shelf. These
mismanaged and disjointed solutions ultimately end up generating more risk
through visibility gaps while organizations become complacent. Businesses
have been operating from a reactive stance for too long and need to stop
looking in the wrong places.

The result of such practices means businesses often ignore parts of attack
cycles and end up missing threats altogether. Action is then slowed by a
mitigation and remediation process that wastes time on looking for the
threat, isolating it and understanding it in order to respond. By then,
it’s too late.

Getting Aggressive

Gone are the days of sitting back and monitoring your businesses’ system,
waiting for it to be attacked. Once attackers have made it into your
system, it’s too late. Businesses need to make a shift toward proactively
seeking out threats—before they hit.

What’s more, attackers often manifest themselves on a number of different
endpoints, potentially all at once. Ensuring your business has a well-oiled
detection and response machine in place could ultimately save your business
some major headaches.

This type of security plan is tough for an organization to tackle alone.
Whether it is simply information sharing or working with outside vendors,
businesses benefit from third-party perspectives and insights.

Sometimes businesses even outsource their entire security process. These
platforms provide a comprehensive perspective, with an even wider lens than
the largest Fortune 500 companies due to their access to global threat
intelligence, advanced analytics, and industry visibility. Visibility is
important not just for gaining a better internal understanding, but also
for understanding what possible threats may be imminent on a global scale.
The goal is to do more than detecting in favor of preventing altogether.
Moreover, security service providers have already gone through hundreds of
dress rehearsals — it takes a lot to surprise someone who is already
familiar with the type of problem.

Working with third parties also expands the kind of technology that can be
used. Unused or underutilized security products, commonly referred to as
shelfware, waste money and deliver no value. The aid extends to bridging
the skills gap as well. More than the use of new technology, managed
security service providers offer experts that can handle everything from
routine to complex tasks, stretching budget while freeing up internal
resourced and time to work on IT projects that have been delayed by
unresolved security issues.

Ultimately, organizations will have to realize that in-house efforts often
won’t be enough when fighting off hackers with attacks they’ve sourced from
around the world. Your business should already be on this path or face the
wrath of the breach headline.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170804/bb051822/attachment.html>


More information about the BreachExchange mailing list