The magnitude of cyberattacks and their severity in terms of financial and reputational damage to organizations is increasing every year. A single cyber-security incident, on average, is now estimated to cost large businesses $861,000 and small and medium businesses (SMBs) $86,500.Organizations that were believed to possess the strongest defenses – from governments to large corporations and smaller companies – were shown to be vulnerable to cybercrime this year.
What was perhaps the most expansive data breach of all time was reported in September 2016, when Yahoo announced that a hacker had stolen personal information from 500 million accounts. In the previous month, storage company Dropbox revealed that the usernames and passwords of 68 million users had been compromised. According to Symantec’s 2016 Internet Threat Security Report, a government organization or a financial company that was targeted for attack once was most likely to be targeted again at least three more times throughout the year.
The rapid evolution in the sophistication of threats has virtually neutralized the effect of traditional threat detection systems. The issue is that as organizations bolster their security, hackers also evolve. Sophisticated hackers carefully plot each and every attack, using unique, “zero-day” exploits that render signature-based protections nearly useless. So, for most organizations, a cyberattack is a question of ‘when’ not ‘if’.
How can you build a successful cyber defense?
Data breaches can go undetected for months. The earlier a threat is detected or the lesser the dwell time, the lower the damage arising out of it.
Threat detection: To counter complex intrusions quickly, you must enforce new security policies based on proactive detection mechanisms that reduce the time to detection to virtually zero. Threat detection systems can create a lot of ‘noise’ or repeated false alarms. It is critical that your organization is able to cut out the noise and quickly zero in on the real threat. The key is to reduce human intervention in sorting through the false positives so that analysts can spend more time in analyzing and resolving actual threats. Threat detection tools must have the capability to analyze a wide variety of high volume and high velocity data. More importantly, the tools must offer precise results.
Threat analysis: As in the case of threat detection, it is best to adopt a proactive approach for threat analysis as well. To turn a defensive security strategy into a proactive one, your analysts will need to find hidden patterns and links in huge volumes of data sets, including public data sets. A comprehensive threat analysis solution can turn large, raw, and disparate data sets into actionable intelligence for swift counter action. The solution should share insights with those who need it the most quickly while feeding back the insights into existing measures to prevent future attacks. A thorough threat analysis must identify details about the attacker and their motivations, so you can step up security measures and prevent repeat attacks based on earlier patterns. A key step to prevent data breaches is to regularly audit your data. The damage of a cyberattack need not be limited to data loss or theft. Data manipulation can have even more serious implications. So, it’s critical to know where all your sensitive data lies and secure it.
What’s the best response in the event of a breach?
Recent data breaches have shown us that no set of security measures are infallible. It is therefore important to have a strategy in place in case of a data breach. On identifying a breach, it is essential to act comprehensively and quickly, to limit organizational liabilities. In the initial aftermath of the breach, the priority will be to contain it in order to mitigate any risk of further damage or loss of data. To act quickly and comprehensively, you require an updated and thorough incident response plan. In terms of comprehensiveness, it must cover a security posture that combines testing of physical security, human factors, and your organization’s digital exposure.
For effectiveness, team members from legal, human resources, security, audit, and leadership teams must be involved in defining the plan. The incident response team must have the mandate to confiscate or disconnect equipment and monitor suspicious activity. The response team must include key figures from the C-suite, IT, security, legal, communications, and other teams. It’s helpful to get the plan tested for maturity and effectiveness by an external agency. Iteration is key to the effectiveness of the response plan – it must be tested and updated continuously.
Remember, when you detect a breach, you are seeing only the tip of an iceberg. Any threat response solution must have the capability to see the breach in its entirety to help effectively neutralize it. While cyberattacks might be unavoidable, you can avoid the worst fallout by investing in the best tools, technology, and a data-driven, updated response plan.
Mahendra is a former Happiest Mind and this content was created and published during his tenure.
