3 ways cyber security must evolve

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.information-age.com/technology/security/123459491/3-ways-cyber-security-must-evolve

Cybercrime is a constantly evolving beast. In the past quarter century, the
methods, motivations, and impact of cybercriminals have changed and
developed – from bothersome worms and viruses to devastating DDoS attacks
and advanced persistent threats (APTs).

The threat landscape as moved from an age of nuisance – created by lone,
rogue coders motivated primarily by achieving notoriety – to a world in
which organised gangs with political, socio-economic, or financial
motivations precisely target weak points in specific organisations.

Data breaches are growing exponentially – inflicting more damage than ever
before, and hitting new peaks in terms of sophistication, scale, and
impact. Although many of the specific tactics used in attacks – such as
malware and phishing – have been consistent over the last few years,
attackers have become smarter, faster and more organised.

As last year’s breaches of Target, Sony and others show, attacks are more
complex than ever, criminals are prepared to go extraordinary lengths to
achieve their aims, and countless dollars, company reputations, employee
well-being, and executive careers are at risk.

And cybercriminals will undoubtedly become more tenacious moving forward.
Cybercrime is a booming industry that continues to attract new groups and
funding, and find new targets – and will continue to do so as long as the
rewards for criminals far outweigh the risks, the odds of getting caught
stay low, and the costs of entry for cybercriminals remain inexpensive.

As cybercrime expands, cyber security professionals will need to adapt to
ensure their businesses can continue to thrive in the face of these
challenges. Here are three ways the cyber security industry should look to
evolve to stay ahead of growing cyber threats.

1. Cyber security as a business process

There is no ‘silver bullet’ for cyber security. If criminals are skilled,
well-funded, determined to break into a company’s network, they will
eventually succeed. No technology, new or old, is able to single-handedly
prevent that.

To protect their business, security professionals need to lead their
organisation into a stronger, security-focused state of mind. It means
identifying and understanding the data they hold and the specific risks
they face – and educating the executive team and boardroom on what it
means, and where and why investments are needed.

Beyond that, it’s up to security professionals to instil a culture of
continual improvement. It’s about knowing what the risks are, and
practicing and provisioning to mitigate them.

It’s about measuring and benchmarking a team’s performance and working to
get a little better every day – be it for the time it takes to respond to a
security incident, or patching vulnerabilities.

By doing this, organisations will not only get better at security – but
strong security will be a habit for the team and the business.

2. Aligning prevention, detection and response

IT solutions to prevent and detect security issues are still important for
deterring basic attacks – but as cybercriminals grow more capable and
determined, they will eventually fail. Cybercrime has progressed to the
point where data breaches are more a questions of ‘when’ rather than ‘if’.

But that’s okay. If companies focus on how they respond to attacks once
they occur, they have the ability to quickly resolve the incident and limit
the attack’s damage.

How a company handles a security incident has an enormous impact on the
overall damage, legal ramifications, and public perception. Taking steps to
improve response as earlier as possible can make all the difference.

Organisations should build an incident response (IR) plan well before they
ever need one. This includes accounting for any potential regulatory
requirements, looking at best practices for mitigation and remediation, and
understanding who is responsible for which parts of the response.

They should make the plan clear to all relevant stakeholders. IR is not
exclusive to the security team – IT, human resources, marketing, PR,
executives, and the board are all involved one way or another. It’s
essential that they know what their role is, and have the information
necessary to do it properly.

Finally, organisations should practice and update the plan frequently. When
an incident strikes, they want a team acting on muscle memory. They should
run simulations often, and work on improving performance to ensure your
team is primed to respond when needed.

3. Building cyber resilience

By aligning their prevention, detection, and response strategies and
functions, organisations can ensure that they can manage today’s cyber
threats, even as they continue to evolve.

Because instead of looking at emerging attacks methods and shiny new
products, they build fundamentally sound, comprehensive security processes
that lowers overall risk and enhances their ability to bounce back.

In the end, that’s what cyber resilience is: the ability to manage an
attack quickly and gracefully, before it causes catastrophic damage, and
return to normal business operations with minimal disruption.

For centuries, businesses have learned to live with disasters – be it
fires, robberies, or accidents. Cybercrime is just the next challenge – and
it too can be managed as just another part of doing business.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!