Security in the Near, Mid and Long Term: A 12-Step Plan

Internet security

Jeff ErramouspeBy Jeff Erramouspe

Cybersecurity and ransomware are dominating the news. Even the CIA can’t keep its most sensitive data out of the hands of WikiLeaks. And while IT teams and security officers are consumed by this news, executive, compliance and legal teams are also paying attention due to the business-wide repercussions of an attack, from productivity and revenue losses to business process failures.

Your customers — regardless of size — can’t help but wonder: Are we prepared?

While each company will have its own specific needs around a security plan, on a high level, there steps organizations can take now to minimize risk, protect data from potential future attacks and be prepared to respond fast.

Have a Go Bag

Organizations of all sizes need to understand the challenges they could face immediately after an attack:

Challenge: Incomplete or inadequate response plans

There are many potential attack scenarios. Customers need to identify the ones most likely to affect them, whether ransomware, DDoS or loss of customer data. Only then can they put in place first-response plans, from technology, data and communication standpoints, for getting the business back up and running.

Challenge: Lack of funding to properly execute response and recovery

Even if customers know what they should do, they may not have the budget necessary to bounce back. The 2016 Ponemon Cost of a Breach study shows the average total cost per record breached is $158, but healthcare records are higher, at $355. Partners can help with a fiscal reality check. One way to prepare is to have cybersecurity insurance to help with notifications, first- and third-party damages, and lost income.

Challenge: Lack of a communications plan, both internally and externally: Organizations should formulate in advance a detailed plan to communicate swiftly with employees, partners and customers, including but not limited to notifications required by law.

Challenge: Inability to properly recover lost or damaged data

Malicious attackers can steal, update or delete data, hold it ransom or encrypt it. Organizations need to understand how they can get that information back to continue moving the business forward. It’s often a mix of isolated backups and having a bitcoin wallet ready.

Challenge: Cannot meet defined recovery-time and -point objectives: Organizations with defined RTO and RPO metrics in place must prepare across a variety of scenarios to get data back in the right format in the specified timeframe.

Once the immediate crisis has passed, customers need to evaluate their security postures using the “protect, detect, respond, recover” method:

  • Protect: Across all endpoints, from sensors to the data center, organizations must put preventative controls in place to ensure that the right people (and no one else) have the right access to the right data. From a data security perspective, organizations need to also understand what information they have and how important it is — data classification — so that the right controls are put around it. Leveraging protective technology is critical as well, taking into account both internal and external threats. Lastly, security awareness and training across the organization is crucial since security is everyone’s job.
  • Detect: Organizations should have behavioral monitoring, detection and machine learning technology that can flag attacks or internal or external behaviors indicative of a threat to data or technology. With continuous monitoring for anomalies and events, organizations increase their ability to quickly detect an attack and then take appropriate actions. Considering that 69 percent of organizations learn about breaches from an outside entity such as law enforcement, according to the M-Trends 2015: A View from the Front Lines Report, customers could be doing much more to improve their detection capabilities.
  • Respond: Per the Verizon 2015 Data Breach Investigations Report, in 60 percent of cases, attackers can compromise an organization within minutes, underscoring the critical importance of closing the gap between discovery and action. As discussed, customers need to have a clear plan in place so that when an attack occurs, they can properly respond and get the business back up and running swiftly. From there, organizations should focus on communicating the event to constituents, conducting analysis of what happened and undertaking improvements to further mitigate risk and reduce the business impact of the next event.
  • Recover: Being able to quickly access and restore any data or systems that were impacted by the security event is crucial. Whether data is stored on-premises or in the cloud, organizations must run drills to ensure that they can restore access to data quickly and efficiently.

Longer term, customers must follow these keys to success:

  • Take advantage of technology advances. The software, networks and computing devices that provide core business functions often include built-in security, such as encryption and access controls. Ensure that those functions are turned on and that employees aren’t bypassing them.
  • Develop and document a long-term response-and-recovery plan. While customers need to understand in advance what they will do in the aftermath of an attack, beyond eliminating holes that gave the attacker access or removing ransomware, they must also consider longer-term legal ramifications and responsibilities and keep the plan updated as the business grows and changes.
  • Build a culture of security. Organizations need to establish security policies and educate their employees on basic security practices and rules of behavior for how to handle and protect customer information and other vital data. Security is everyone’s job, so the people aspect of it needs to be considered, as well as the IT aspect.

As customers become ready to go deeper, consider the guidance within the NIST Cybersecurity Framework, which was drafted by the Commerce Department’s National Institute of Standards and Technology. The framework is based on proven standards, guidelines and best practices to better manage and reduce risk, and foster communications among both internal and external stakeholders.

**Editor’s Note: Ready to take the next step in helping customer secure their data? Join us at Channel Partners Conference and Expo for our security track, including Managed Security Services: The Next Opportunity and Assessing Customer Risk For Fun & Profit. See you in Vegas!

Jeff Erramouspe leads the Spanning team, not just in the ways you’d expect – such as developing strategy, budgeting, and recruiting – but also by enabling great people to do their best work. This means setting goals that inspire excellence while eliminating obstacles to success. Prior to being appointed CEO and president, Jeff was Spanning’s chief revenue officer. Before that, he was the president of Manticore Technology, which he led through three successive years of revenue growth in the highly competitive marketing automation market.

Leave a comment

Your email address will not be published. Required fields are marked *

The ID is: 53265