While there are many security offerings to help an organization better protect itself from the onslaught of cyber threats knocking on its perimeter, no one solution is enough to reduce risk in this dynamic landscape. Each individual security device provides an important piece to the overall puzzle that is cyber security.
After all, if there was one-size fits all solution, organizations would have already implemented it, and the global cyber security industry would not be booming and estimated to grow to $155 billion by 2019.
Despite new security technologies being developed, the best cyber security approach for any organization is an integrated plan that combines technology, technical and analytical threat intelligence, and security policies and procedures to include contingency/continuity planning and user training. Designing a tailored strategy using all of these vital components will better help position an organization to strengthen its defenses while bolstering its resiliency capability.
The first critical step in developing this strategy is identifying the important information and/or accesses of the organization. Cyber security can be a burdensome financial requirement and being able to distinguish and secure critical components is essential to maintain a cost-effective and manageable solution. Furthermore, as events like Target have revealed, the accesses that organizations have can be more valuable than the information they possess. Ensuring that third party accesses maintain a level of shared security, and having and frequently testing a contingency plan addressing third-party compromises will better prepare organizations to manage these incidents.
Many of today’s threat actors have demonstrated the capability of circumventing the most robust network defenses. Proactive monitoring of the activity entering, and perhaps more importantly, leaving your organization’s network is essential in addressing the more advanced cyber threats. Preventing loss of sensitive data is increasingly important for organizations to preserve the health and integrity of their business operations. Being able to detect and correctly identify anomalous activity will greatly help in minimizing the duration of time a threat window remains open. Given that breaches may go as long as 229 days before being detected by the victimized organization, early detection and remediation is essential.
Information sharing and threat intelligence are complementary assets that provide awareness of the latest tools, exploits and vulnerabilities, as well as valuable insight into the intent, capabilities, and potential targeting of adversaries. Having reliable sources of verified technical indicators can directly feed an organization’s network defense, while threat intelligence can provide the contextual analysis that can support the decision maker who has the responsibility of allocating material and personnel resources. Being able to identify suitable feeds and have the capability of distilling the information to meet the needs of the organizations will become more and more important as threats become more sophisticated and diverse.
Organizations need to develop and implement enforceable security policies that provide tactical and strategic guidance to its workforce. Policy-driven initiatives will help an organization remain compliant to national and industry-specific regulations such as the Health Insurance Portability and Accountability Act and Sarbanes-Oxley, or those developed by the National Institute of Standards and Technology.
Clearly articulated acceptable use policies such as bring your own device, removable media, use of organizational information systems will improve data security by outlining user responsibilities of expected behavior. Frequent user security awareness training will keep users up to date on the latest security trends, exploits, and scams. While organizations tend to have annual user awareness training, quarterly refreshers are needed to address the dynamic landscape of the cyber threat environment.
Contingency planning is an essential component of any organization’s cyber security strategy. The present condition dictates that cyber attacks and breaches are not an “if” but “when” reality. Creating, implementing, and testing such plans as incident response, contingency, and continuity of operations are essential to ensure the resiliency of an organization to be able to handle intrusions and compromises and preserve and maintain business operations.
It must be remembered that a security strategy composed of technology solutions, relevant and accurate threat intelligence, and policy must be tailored to meet an organization’s unique set of needs and requirements. Security must be as agile as the adversary. Organizations that integrate a cyber security mindset into their business cultures are better positioned to address evolving threats.
This article is published as part of the IDG Contributor Network. Want to Join?