[BreachExchange] 5 Components to a Proactive Security Strategy
Destry Winant
destry at riskbasedsecurity.com
Fri Nov 2 09:37:18 EDT 2018
https://www.securitymagazine.com/articles/89550-components-to-a-proactive-security-strategy
Innovations in cloud and mobile technologies have created more
opportunities than ever for employees to work remotely, using devices
of their choosing. But the flexibility of technology heterogeneity in
the workplace isn’t without risk. As data becomes more accessible
across a growing range of devices, the attack surface area also grows
wider, raising the possibility of a potential data breach.
Securing data is an ongoing challenge for organizations of all sizes.
In fact, security is the top priority for mobility and digital
workplace investments in 2018, according to CCS Insight’s 2017 Mobile
Technology Buyer Survey.
By following a few steps to develop a proactive security strategy,
companies can effectively assess risk and minimize the potential of a
breach – without compromising end-user experience.
#1: Get visibility of all your assets.
To better understand where threats can emerge, organizations need to
know how users are accessing corporate assets. To that end, IT teams
should adopt a platform that recognizes and sees the devices and
networks that employees are using – you can’t protect what you can’t
see. The ideal platform should not only be able to accurately identify
users and entities but also recognize user patterns and highlight
breaks from those patterns. A prerequisite to any successful security
strategy is the ability to precisely – and quickly – recognize
potentially suspicious activity.
#2: Leverage modern and intelligent technology.
The need for more intuitive monitoring systems is indicative of a
larger strategic shift that proactive teams need to take – becoming
early adopters of new technologies that meet their security needs.
Hackers use modern tools to penetrate security systems, which means IT
teams also need to stay up-to-date. To combat new threats,
organizations should move away from legacy solutions and adopt the
latest tools in AI, ML and other fields that fit with their business
models. Before implementing a security solution, teams need to first
educate themselves on these technologies and how they’re impacting the
larger security landscape.
#3: Connect your security solutions.
Many businesses do their homework, investigate the technologies and
adopt solutions that could help them but they often forget about
integration with other solutions. When an organization deploys a
variety of disparate solutions that don’t intuitively feed into one
another, it can create a level of complexity that takes away from the
intended results. To reduce complexity, organizations should ensure
their solutions are well integrated. It’s an important step in
improving security posture and allows teams to leverage threat
intelligence in a seamless and connected way.
#4: Adopt comprehensive and consistent training methods.
Training has always been an essential component of security. Trained,
well-informed employees go hand-in-hand with innovative software
solutions. Businesses should have an array of training resources
available to their employees, such as videos and security tests.
Employees should be encouraged (or mandated) to undergo these training
exercises. And, to ensure that the messages about security are
comprehended, companies might also test employees by using tactics
such as sending test phishing emails to raise awareness and promote
best practices.
#5: Implement response procedures to mitigate risk.
It’s not a matter of if but when – the reality is that many
organizations, especially large companies, will experience a security
breach at some point. This makes it all the more important to have
identifiable and deployable tools, platforms and procedures in place
to quickly and intelligently respond to an attack. The same level of
training that organizations apply to preventing attacks should also be
applied to limiting the impact of breaches when they occur. Having
those procedures in place rounds out a broader IT security strategy,
adding an additional layer of security to data.
Adopting Strong Security While Maintaining User Flexibility
By understanding and adapting to the new realities of the digital
workspace, organizations can be prepared for security threats wherever
they may emerge. A comprehensive security solution should be proactive
without compromising the end-user’s experience. It involves adopting
the appropriate intuitive technologies that not only recognize complex
user activity but also work within a larger, integrated system to
limit breaches and stop threats when they emerge.
More information about the BreachExchange
mailing list