Is your security strategy keeping up?

As security practitioners have learned through first-hand experience, cybercriminals are always evolving their skills to find new ways to evade the latest defenses. What’s more, their attacks are getting bigger and more audacious.

All the more reason why defenders can’t let their security strategy gather dust. Cybersecurity no longer represents a static threat. This is a fluid, open-ended struggle without permanent wins and losses. The one constant is that attackers are continually upping their game.

Take the record-breaking Distributed Denial of Service attack against DNS provider Dyn last fall. That attack featured a huge, sci-fi-like botnet of IoT devices which overwhelmed its victim’s network with waves of traffic. It also was a stunning demonstration of the technical prowess that cybercriminals can muster nowadays to wreak havoc.

By way of comparison, consider the big Target breach a few years ago when attackers compromised the firm managing Target's HVAC systems, to gain network entry to steal customer financial information. That was a clever approach for the time, but hackers have since grown even more adept  and better-equipped — to carry out their plans, claiming a list of high-profile victims that includes the likes of the U.S. Office of Personnel Management, TalkTalk, Tesco Bank, Yahoo and Sony, among others.

Attackers already enjoy the advantage of being on the offensive. But as shown in the AT&T Cybersecurity Insights report, many organizations make it too easy by failing to keep their defenses up to datethus reducing their ability to detect and mitigate future cyberattacks. Indeed, a recent study by the Ponemon Institute found that traditional endpoint security approaches not only aren’t working, but they also wind up costing enterprises more than $6 million per year in poor detection, slow response and wasted time. 

Is it Time to Tweak?

If your organization has stayed out of the cross hairs until now, that doesn’t mean bad actors have given up. You should always operate on the assumption that attacks are coming your way — if not today, then tomorrow, next week, next month or next year.

Or if find that there has been an increase in the number of malware incidents and that viruses are multiplying at an alarming rate, it’s time to investigate where your security posture is falling short. 

No matter if you are reacting to a breach or defending against attacks, you should check where tweaks are needed in your security protocolRemember: What worked yesterday won’t necessarily work today. Here are a few suggestions:

  • Invest in the latest detection and response capabilities.

  • Use automation to protect endpoints and the sensitive data residing on them.

  • Embrace a defense-in-depth architecture with multiple layers of security.

  • Foster a security-focused culture.

But above all, don’t get lulled into a false sense of security.

Charles Cooper has covered technology and business for the past three decades. All opinions expressed are his own. AT&T has sponsored this blog post.

Copyright © 2017 IDG Communications, Inc.