One of the cool things about working in cyber-security is that you get to see a lot of really cool ideas for keeping your organization safe. You also see some pretty terrible mistakes that are leaving both yourself and your customers at risk. Read on for five of the most common cyber-mistakes and how you can fix them.
- Believing breaches are only big events
We know from the past few years of Verizon Data Breaches data that the time between when an organization is infected and the time that you realize it has been infected is growing. Cyber-attacks are sometimes hard to spot and, even when you do, it's hard to tell exactly what was compromised. Conventional security teams are built to detect and alert large scale incidents which can leave smaller events unnoticed. The issue here is that these attacks can go on longer, without being detected, and can actually do more damage by slowly exfiltrating data.
Early symptoms of an attack usually show up as just a hitch in the system and are usually sent to the IT team to add to their list of things to do. However, when you do so you are actually limiting your time to detect and launch a counter-attack to keep your information safe.
How to avoid this? Continuous and comprehensive monitoring is the best way to detect and deter a breach. By monitoring and reporting all anomalies to one central point for analysis and inspection you are taking the work off of the IT team and are getting to an answer faster.
- Not knowing what has been compromised
So in point number one we figured out how to find out about a breach faster. However, once you find out that you've been compromised you must start the process of figuring out just what has been affected.
Organizations are complex and their networks even more so. With billions of access relationships, hundreds of devices, and a list of vulnerabilities growing exponentially every day, it seems impossible. Vulnerabilities aren't the only things growing; the list of Federal and industry regulations are growing as well. With breaches in the news, customers and employees have a new standard expectation of security.
It is essential to keep a record of all access relationships and what devices they have access to. Also, you should be able to model an attack to give your organization an idea of the options an attacker might take once inside your system.
- Depending on the IT team
Earlier I mentioned how cyber-attacks that can start as a glitch end up on the IT ticket queue to be seen when, and if, the team gets to it. By doing this you are not only relegating a problem to an overwhelmed team, you are reinforcing the problem by not holding yourself, and others, responsible for identifying and reporting problems.
Incident management requires teamwork not just among the IT and Operations team, but throughout the organization to identify and alert when any anomalies are detected on your network. A response team should be formed across disciplines to reinforce teamwork and the importance to cyber-security.
- Not having a backup plan
When Amazon first started offering their Prime Membership I thought it was crazy. Who would pay extra money for a year just so you can get something shipped to you in two days? What could you possibly need that you can't wait for more than two days? I confess, not only am I now a Prime Member but I have even used the "Get it Now" option when I couldn't even wait two hours.
In this "give it to me now" world, it is hard to explain that when a cyber-attack happens, it can't be fixed and have everything up and running perfectly again in two hours.
When an attack happens you must go through the steps of blocking unauthorized access, blocking malware, closing ports or exchange servers, changing passwords, firewall filtering, and on and on. These steps can't be completed in a few hours' time so it is important you have a backup plan to set up alternative working arrangements in the event that a breach does happen so that your business, and your employees, can keep going.
- Understanding your liabilities
Most organizations spend their time worrying about lost time or a damaged reputation when exposed to a breach. What they are often overlooking, however, is the damage that can be done with the information that was stolen.
Direct implications include holding the information hostage as blackmail for a ransomware scam which are growing year over year and are becoming more widely publicized when they happen. Other implications include regulatory fines, both wide-ranging and industry specific.
Additional liabilities can include things such as a breach of statutory obligations, breach of contract, breach of equitable duties and negligence. Make sure you are thinking about (and possibly sharing with your leadership) these liabilities when planning your security budget.