The Best Cyber Security Defense is Being Prepared.
Much of information technology is about problem solving. And there’s tremendous satisfaction in meeting a challenge and resolving it. But security can be the frustrating side of IT; more about problem managing than problem solving.
Cunning attackers have become highly proficient in finding holes in software and architectures and even in fooling employees through social media to divulge confidential information that could ultimately help a hacker—so skilled that no organization is completely safe from intrusion. For this reason, best practice has switched from trying to stop attacks at the network perimeter to assuming and preparing for the fact that intrusions are likely.
For the IT security pro, that can be a difficult assumption to build an IT security strategy around. But with good preparation, including a thorough risk analysis, an intrusion won’t inevitably mean that valuable data will escape or that IT assets will be destroyed.
For example, a security consulting firm recently studied breaches and found that many of them are caused by users not changing default passwords, a lack of clear text authentication and misconfiguration of systems.
Recognizing that intrusions are inevitable is step 1 to developing a comprehensive defense posture. Step 2 and beyond include recognizing what this means for the security team. Among the implications of this new approach are:
- While patching operating systems and applications is important, ensuring that no system runs on default passwords, authentication is encrypted and servers are properly configured should be among the security team’s top priorities.
- Networks should be segmented to separate transactional systems from internal systems.
- The right network monitoring tools to watch traffic coming in and going out of the enterprise are critical to early detection of a successful intrusion.
- Security information and event management systems need to correlate incidents in an automated way so IT staff aren’t caught unaware.
- Regular security awareness training to make sure staff follow physical as well as online security best practices is important to maintaining your defenses.
- Having a disaster recovery plan in case all things go wrong is still essential.
Looking at attacks through the prism of a threat chain may also help the Chief Information Security Officer (CISO) develop resilient mitigations against intruders and prioritize investments in new technology or processes.
Lockheed Martin, for example, created a seven-step model for computer network defence: Reconnaissance, weaponization (creating an attack tool), delivery (via, for example, email), installation, establishing a link to a command and control server, and exfiltration or destruction of data.
Other companies have collapsed this model to four steps. Regardless, the point is to ensure the organization has defences that can detect, disrupt and deny the attack.
Building that strategy starts with knowing the current threat landscape the CISO faces, and Cisco Systems’ 2015 Security Report can be of help.
“Security must be considered a growth engine for the business,” the report says. “Security should never be a roadblock or hassle that undermines user productivity and stands in the way of business innovation.”