Wednesday, June 29, 2022

Three ways to reduce the odds that incidents become breaches

The annual Verizon Data Breach Investigations report released last week was filled with with informative charts and graphs of data gathered from thousands of incidents and breaches around the world, including one that  showed infosec teams are still too slow to detect breaches.

The percentage of breaches discovered within days of compromise is going down, despite all the new staff, hardware and software CISOs are investing in. Meanwhile attackers are getting better at exfiltrating data — roughly 67 per cent of the time data is out the door within days.

It doesn’t have to be that way, argues Umesh Yerram, IBM’s cybersecurity strategy, risk and compliance Leader for North America. If infosec teams did three things they could radically cut the detection time and better protect the enterprise:

–Inventory your assets: You can’t protect what you don’t know you have, so an asset repository is crucial, he writes. When a system is found under attack or infected the right owner has to be found and  owners when the system is under attack or infected;

–Monitor the assets: Whether you have a full security information and event management (SIEM) suite or another way of collecting and correlating event data, you have to watch what’s going on. “The security operations team should work with application, network and system administrators to fine-tune the monitoring policies to eliminate false positives and focus on flagging high-risk events,” he writes;

–Have an incident response plan.

“Having an asset inventory, detection capabilities and a response plan will help organizations to detect incidents rapidly and respond appropriately before they become damaging data breaches,” he writes.

Read the full article here

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.