....How prepared are you?
The latest Data Breach Investigation Report from Verizon, which surveyed 70 organisations spanning 61 countries found that in one year there were 2,122 confirmed breaches:
> 100% of the organisations breached had antivirus and firewall software installed,
> 60% of attackers managed to breach the organisations within minutes
> the median time it took to detect a breach was 205 days,
> in the worst case scenario one breach lay undetected for 8 years.
These days, some type of breach, whether large or small, is almost a certainty. With increasing access points into an organisation through web, email, applications and devices; and more data than ever now digitally available, cyber-crime is rampant.
So is there anything that can be done to avoid a breach?
Complete breach avoidance is difficult but best practise security measures can be put in place to speed up detection time, decrease the risk of a breach, and ensure a quick response. The most successful way to ensure you are implementing best practise security measures is to ask yourself some key questions:
Do you have an incident response plan?
Most organisations who have an incident response or business continuity plan in place focus on physical incident such as a fire or a flood not on a cyber compromise incident. A best practise incident response plan addresses the risk of a cyber compromise and should cover who’s in charge when a breach occurs, what roles various teams in your organisation play, what forensic capabilities exist for accurate attribution, where do you collect evidence from, and when do you notify the data owners.
Who do you call when a breach occurs?
In the event of a significant breach you should notify the authorities. Identify possible different scenarios you may need to understand, and flag which authorities need to be informed. It could be local or federal police, or regulatory bodies.
The next people to call is your security partner. Before a breach occurs you should have a NDA in place and your security partner should already be familiar with your organisations environment to ensure a quick response time. You may also consider calling peer organisations to build your threat intelligence; corporate policy should reflect what can and cannot be shared with your peer organisations.
Assume a Breach; but how can you tell?
Best practise dictates that you should assume a breach has occurred whether it has been detected or not, but how can you tell if one has happened? It’s important to know what visibility you have today across all access points – traffic actions, process, applications on mobile platform so you can recognise the benign from the malicious. Centralise the information so you can track it and have the capability to search for Indicators of Compromise (IC).
Have you tested it?
Organisations should have a testing plan in place. Email is the largest delivery mechanism or a breach and spear phishing occurs daily. To remain in control you should phish your staff to test for any vulnerabilities which in turn can inform your staff awareness training. Phishing should occur at least monthly to stay up to date with any vulnerabilities.
Another option is to test your security team against The Missing Link’s red team in a Red Team attack real-world breach simulation. The simulation is a co-operative service allowing your organisation a behind-the-scenes overview of the attack, communicating with the Red Team, monitoring the defensive team and evaluating the controls around the chosen objective.
Stay at the fore-front of breach preparedness
As well as asking yourself these important questions to stay at the fore-front of breach preparedness, it is also a necessity to have a sound security solution in place. Don’t let your organisation remain vulnerable to cyber-criminals. Call us for a full security assessment on 1300 865 865.
