The Perfect Storm in Cybersecurity: A 3-Step Plan to Maximize Protection

The cyberthreat landscape is becoming more sophisticated and coordinated. According to the Symantec 2014 Internet Security Threat Report, 2013 was “The Year of the Mega Data Breach.”

More zero-day vulnerabilities were discovered in 2013 than in any other year; the number of total breaches was up by 62% versus the previous year; and the number of identities exposed increased by nearly 500%, to a staggering total of 552 million.

The somewhat chilling reality is that those who would do harm to your business are always ready, always willing and sometimes able to take advantages of vulnerabilities created by the proliferation of Internet-connected devices and flaws in IT/business approaches to security.

Given this perfect storm in vulnerabilities, security professionals and business leaders may be asking what they can do to enhance protection and militate against the potentially devastating effects of a cyberbreach.

The answer, perhaps surprisingly, is that there is a lot that can be done to improve protection and minimize the impact of a breach—provided that IT and business leaders can work together to change the way they think about and address today’s increasingly sophisticated cyberthreat landscape.

What can be done? Here are the three most important steps that businesses, industries and governments must take in 2014:

Step No. 1: Prepare
The first step in minimizing the risk of a damaging breach is for the organization to work toward closely aligning its IT and business concerns. IT must build a close relationship with business decision leaders, including engaging in regular discussions to understand how they view the benefits and risks associated with cybersecurity. From there, it is important to perform a full assessment to understand your risk and exposure.

What does that assessment entail? It starts with understanding what vital information you have, where it is located, who is using it, what value does it hold, how is it currently protected, and what about your infrastructure and/or processes have vulnerabilities or put it at risk. You also need to perform an assessment of your supply chain.

As part of the preparation, you should be taking advantage of the latest advances in threat intelligence services and data discovery tools. Threat intelligence will give you a much greater understanding of the entire threat landscape, which is particularly important in this era of increasingly coordinated and sophisticated attacks. The more intelligence you have about how and where threats may be coming from—and how they may be launched—the more intelligently you can prepare to deal with them, including the creation of an effective response plan.

Symantec 2014 Internet Threat Report

Step No. 2: Detect and Respond
A breach can occur despite an organization’s best efforts to prepare and protect. It is critical to have the necessary detection policies, processes and technologies in place before a breach occurs. For example, if you ensure that you have broad visibility over network systems, you can more effectively identify behavior associated with a breach to minimize its impact. It is also important to be able to take this broad visibility and narrow it down to specific events.

From a response standpoint, it’s not only necessary to have response preparations in place, but it is also important to frequently evaluate these plans and preparations to determine if they are adequate and whether there are opportunities to expand upon them so you can contain and remediate breaches more quickly. An incident response plan will not only minimize the impact of a breach, but it will also reduce the costs associated with the breach: You can lower those costs even more by working with a security consultant as part of your response effort.

Step No. 3: Recover
Even if your organization responds quickly to a breach, there will be consequences you must address. The goal is to get your people, processes and systems back to a normal status as quickly as possible. Part of the recovery process is preparation and, fortunately, most organizations do have business continuity and disaster recovery plans in place.

However, in this era of the mega data breach, it may be time to re-evaluate your recovery plans to determine if you can effectively get back to normal if you are hit. You need to think about the different ways a breach can affect your systems, people and processes, taking into account the changes that are taking place in how businesses operate. For example:

  • Do you have procedures and processes in place if all employee smartphones or tablets get compromised?
  • If an aggressive malware threat makes hard drives on laptops unusable, how fast can you rebuild new hard drives?
  • What processes to you have in place to quickly provision new systems for essential employees?

There’s the old saying: “Expect the best, plan for the worst, and plan to be surprised.” Planning and preparation are critical in dealing with today’s sophisticated threat environment. Part of that preparation is to utilize all of the intelligence at your disposal to prepare for the worst, while having the processes, technologies and systems in place to deal with the inevitable surprises that will come your way. Here’s how to get started.