EDITOR’S QUESTION
//////////////////
In addition to assigning resources to critical areas, organisations
can augment cybersecurity capabilities with AI which today can
proactively detect anomalous behaviour – both known signatures
and unknown threats – to dramatically reduce false alerts. AI can
also automatically detect and classify every asset on the network,
including cloud-hosted and IoT devices.
Decrease dwell time
W
hen thinking about their data, organisations primarily
concern themselves with data management and
processing, but the scope extends well beyond this and
should now include specific requirements such as data security and
transparency. Especially considering regulations – the GDPR being
just the latest in a long list – data security should be a board’s main
issue as these raise compliance challenges and can entail hefty
administrative fines.
Unfortunately, given rapidly evolving malware and broadening
attack surfaces, security platforms alone cannot eradicate the risk
of data breach. They need to be coupled with well-defined policies
and effective management. It is in the latter area that organisations
find themselves caught between a rock and a hard place. While they
may have the right tools deployed, the amount of time to follow
up and investigate every alert notification can strain already scarce
resources, creating alert fatigue, resulting in notifications being
ignored and detection sensitivity being lowered.
So instead of relying only upon security technologies, organisations
should instead focus on three general principles to enhance their
data security.
Reduce the attack surface
To protect against known threats and detect against unknown
threats, organisations must reduce their attack surface area. This
begins with identifying the most critical assets which allows you to
prioritise security resources. Doing so requires a single, integrated
view of data from all IT assets. While this may seem like a daunting
task, service providers such as AppCentrix can help with tools and
services that streamline and automate the process.
30
INTELLIGENTCIO
In an ideal scenario, prevention should mean your organisation
doesn’t fall victim to data breaches. However, with the multitude
of attack vectors, many of which exploit employee behaviour, no
organisation is impenetrable. Reports have shown that most data
breaches take up to 206 days to be detected with the associated
cost scaling with time. Because rapid response is fundamental to
mitigating the impact, it is imperative to have a plan in place in the
event of a breach.
Identifying and minimising the impact of data breaches requires real-
time monitoring of all events and data across the network. Investing
in a unified platform for this purpose not only delivers the holistic
visibility needed, but also increases agility while minimising costs.
Speed up investigation
Mitigating the impact is the first priority in the event of a data
breach. In the aftermath of the attack, however, you must also focus
on analysing what went wrong. Not only does investigation help
prevent recurrences, it is often also necessary for compliance and to
provide the transparency customers and shareholders are entitled to.
This is only possible when you have the right digital forensics solution
which must have the ability to auto-discover and map everything on
the network, analyse wire data from the network, identify anomalies
using machine learning, map relationships between endpoints and
navigate directly to related packets to support forensic analysis of
attack activities.
In the end, comprehensive data protection requires investment into
the right holistic visibility and management platform and defining
clear policies and procedures that account for worst case scenarios.
For organisations with limited IT resources, working with a managed
services provider could rapidly address both these requirements while
also keeping costs in check.
www.intelligentcio.com