It’s the start of a new year. A time where it’s normal for businesses to look at what worked, what didn’t and what to start or stop. With those conversations happening, it’s just as important to discuss this from a security perspective.
Looking back, 2017 brought a lot of lessons – between IHG not being aware of the full scope of the breach, to Chipotle and their lessons from the payment card industry (PCI). Then there was Gmail where its users were targeted in phishing schemes and of course, we couldn’t forget about Equifax and the failure to act after initially discovering an existing vulnerability.
We have more or less survived these up until now – so the question becomes, how can we set ourselves up for success in the coming year? Here are some suggestions to start the year off strong when it comes to your security in the new year.
Audit Your Environment
This is something you can either do with your internal security team – or you can enlist the help of a Red Team. Either way, identify the strengths and weaknesses you may possess and both leverage your strengths and then strengthen the areas that you may be lagging behind in.
If you work with a Red Team, this can be based off of a scope of work focusing in on a particular area or you can allow them ungated access to your organization to see just how well you would fair in the event of a real attack.
No matter your choice, having insight early on in the year as to what your security posture is currently and comparing it to where you want to be will help you create action items to follow – setting you up for a more secure 2018.
Add More Layers of Security
Next, we suggest asking, and testing, just how difficult it is for adversaries to breach your organization. Are your employees enabled to act in a secure manner given the proper tools, resources and education? We know there’s only so much each individual can do – and no matter what there’s only so much relying we can do on users. So look at the other alternatives out there.
Adaptive Authentication is a means to add layers to your security without disrupting or burdening the end user. There’s only so much one individual can do, especially with the growing landscape and problems to be on the watch for. With Adaptive Authentication, you can automatically be notified of certain abnormalities in your organization and only require further authentication when something seems out of the norm. This allows your users to remain focused on their objectives without the distraction of multi-factor passwords unless there is a chance of a potential security breach.
As soon as there is a sign of your environment being infiltrated by adversaries or a gap in security, act. Don’t brush it off – and don’t minimize the severity. Instead, hire or enable the proper team of people to effectively and swiftly jump into action.
Having said that - do you have a response plan? Things to think about include:
- Who needs to get involved for remediation?
- Who needs to be notified internally and externally?
- What tools do we currently have on hand for response plans?
- Do your next steps involve disrupting the flow of business?
- Do you have your data backed up on an outside source, not connected to this network?
Accept What the Market’s Telling Us
There are some things that lead us to believe that the market is swaying us towards certain best security practices. As discussed previously, protecting your organization from the inside out, understanding the reality of the IoT and adopting the mindset of “Zero Trust” in the workplace has been a focus as of late across businesses. But these aren’t the only concepts or responsibilities we face when it comes to security.
This can also cover a multitude of other things such as industry protocols, standards and compliance policies. Instead of avoiding or believing the “it won’t happen to me” mentality – it’s time to get on board and face the reality that no one is invincible from attacks.
2018 is here. Let’s go after it strong from the get-go.