Those of us devoted to securing enterprises can tell you that cybercriminality will grow significantly as it continues to exploit current information technology trends – widespread adoption of mobile devices and apps, increasing realization of the vast potential of IoT (Internet of Things), and the intensifying digital interconnectedness of nearly everything.
We can also tell you that traditional information security solutions have serious limits. For instance, these days most malware is seen but once; 99% of malware has a life span of just 58 seconds, whereupon it disappears for good . Thus, many malware attacks won’t match up with simple antivirus solution signatures.
So what’s an organization to do? In addition to deploying the usual defenses (in depth, of course, as described in my last post), my advice is to:
-
Make information security a corporate-wide concern that ’s addressed top-down as well as bottom up
In addition to training employees to watch for phishing scams and pushing your IT people to boost network and endpoint protections, you need to conduct integrated, coordinated, all-encompassing information security reviews that include…
- A comprehensive, regularly-scheduled assessment of technical security controls , so you ’re always aware of such details as where your business-critical data resides, which users access which files and when, and what permissions and privileges users have.
By regularly scheduling such an assessment of technical security controls and keeping the information in a centralized logging and monitoring system, you ’ll know that information is reliably up-to-date.
- Cyberattack simulations, beginning with tabletop exercises that enable you to brainstorm step by step how best to address a real attack, determining who’s responsible for what, then progressing to live, real-time exercises. While performing these exercises internally can be effective, you’ll likely benefit even more by conducting them with the help of a qualified third-party vendor . After you’ve completed cyberattack simulations, you’ll have what you need to generate/reconfigure an incident response plan.
- A regularly-tested incident response plan, so you can recover your data and operations functionality ASAP . Your incident response plan should document data recovery time requirements and delineate incident response responsibilities, including who has overall responsibility, who’s on call and when, and who’s responsible for particular aspects of your response.
- A comprehensive, regularly-scheduled assessment of technical security controls , so you ’re always aware of such details as where your business-critical data resides, which users access which files and when, and what permissions and privileges users have.
-
Consider buying cyber insurance
Consider cyber insurance covering the likes of ransomware attacks/cyber extortion, transmission of viruses to others, failure to disclose a privacy incident, and regulatory defense and penalty coverage.
-
Prepare for cybersecurity ratings
Thanks to increasingly spectacular cybercriminal exploits, cybersecurity compliance and regulatory enforcement is now getting serious attention from a growing list of agencies.
In addition, there’s growing interest in cybersecurity ratings to determine how prepared an organization is to withstand cyberattack. Recently, some two dozen U.S. companies, including several big banks, teamed up to establish shared principles to boost cybersecurity ratings transparency .
Finally, unless you have plenty of cybersecurity expertise in-house, get expert help before an incident occurs. You’ll be very glad you did.