Assume breach is for losers: These steps will stop data breaches

Yes, you do need to be prepared should your organization be breached, but countering social engineering, patching, multi-factor authentication and a solid backup plan will keep them from happening.

“Assume breach” is the popular computer defense strategy based on the idea that your company is either already breached or could easily be breached by a dedicated attacker. There is a lot of validity to this approach. Most companies and organizations are super easy to hack and compromise. However, it doesn’t have to be this way.

Some senior management folks might find this strange, but you can significantly make your organization harder to breach. In fact, just a handful of defenses can do more to lower your cybersecurity risk than anything else. These include fighting social engineering and phishing better, patching the most likely to be attacked software far better, and requiring multi-factor authentication (MFA) for all logons. This won’t guarantee that you won’t be attacked, but it does reduce the risk. How much?

Depending on which survey you read, up to 91 percent of all cyber attacks begin with a successful phishing attempt. Think of the benefit you would get just from an effective social engineering awareness program. Based on my experience, doing significantly better at all three things might reduce your cybersecurity risk 99%. An assume-breach strategy will not do that. Assume breach is after the fact. You’re just trying to limit the damage by detecting the bad guys earlier and limiting their spread.

If you want to stop getting hacked, you have to concentrate on not getting hacked in the first place. You can’t completely get rid of assume-breach strategies like better security monitoring, domain isolation and intrusion detection. Sadly, most organizations spending more money on assume-breach defenses instead of prevent-breach strategies.

Patching and anti-social engineering and phishing programs most effective

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!