The framework of an effective cybersecurity strategy rests on three pillars – prevention, detection and resolution – and all three are necessary.
Whether internal or external, accidental or malicious, the cybersecurity threatscape is huge and growing, but successfully protecting your information, and your business, is not as difficult as you might think.
In the first of a three-part series, I’ll address how a framework consisting of these three pillars provides the basics for effective cybersecurity.
- Prevention – policies, controls and processes
- Detection – the timely detection and notification of a problem and
- Resolution – the set of actions, dependent upon the importance of the problem
The first thing to understand is that there is no single product or service that protects all of your information assets all of the time. As quickly as cybersecurity vendors and professionals respond to the latest threat, the bad guys – i.e. malicious employees, hacktivists, cybercriminals or rogue governments – devise new threats. And let’s not forget the biggest problem, careless and untrained employees. The chances of a security incident are pretty much 100 percent, so once the perimeters are breached, detection and resolution come into play.
Cybersecurity prevention is the best way to protect assets
The good news is that most of the good cybersecurity prevention – or perimeter – solutions provide a 99.9 percent or higher detection rate for common malware. The bad news is that the bad guys only have to get it right once to compromise your security, and even a 0.1 percent failure rate can be a challenge, i.e.:
- 320 million data breaches were reported for the first half of 2016
- Phishing attacks surged by 250 percent in the first quarter of 2016
- The use of ransomware against businesses is soaring, with incident response teams having to deal with up to 4 attacks weekly
Still, prevention is the best and easiest way to protect your information assets. Prevention starts with assessing what your assets are – information, devices and people – and then putting together the plans, processes, procedures and security tools, along with training and regular reviews.
A firewall is the first line of defense, and should be bolstered with antivirus and anti-malware tools, as well as intrusion detection and data-loss prevention solutions. Other tools include email gateways and spam/content/Web filters. Newer capabilities/practices include: big data analytics; artificial intelligence/machine learning; and sharing third-party threat intelligence. And don’t forget physical security, ensuring your servers are protected and that unauthorized personnel can’t access them.
While prevention is only one-third of an effective cybersecurity strategy, it is the first line of defense, and critical to reducing the number and scope of threats you must deal with. In the next installment we’ll take a closer look at detection and its role in protecting your information assets.
Cybersecurity best practices
- Roll out corporate security policies and make sure all your employees understand them.
- Train employees and retrain employees in key areas – acceptable use, password polices, defenses against social engineering and phishing attacks.
- Encrypt all records and confidential data so that it’s more secure from prying eyes.
- Perform frequent backups (continuous backups are even better than daily backups) and have a re-image process on hand at all times.
- Test your system re-imaging and latest backups by restoring a system to make sure the backup-restore process works.
- Better screen employees to reduce the risk of a malicious insider.
- Defend your network behind your firewall using network access control (NAC) – and make sure you can block rogue access and manage the bring your own device (BYOD) dilemma.