Today, corporate data breaches seem to be happening daily. It’s not just large companies like Target, Equifax or Under Armour that have to worry about these cyber-attacks, companies of all shapes and sizes are at risk. So, it appears that the issue now is not what to do if you are hacked, but what to do when you are hacked. This poses an interesting question: “What should you do differently now if you know you are going to be hacked?”
Short answer: Implement an Active Defense Strategy (ADS).
Long answer: Follow our five-step approach to mitigate your overall risk:
- Data – understand how your devices are being used.
- Develop policies and procedures to meet your corporate compliance requirements (this includes how employees should use their devices and protect sensitive data).
- Adopt an enterprise risk management framework, like the NIST Cyber Security Framework (CSF) to help identify risk and guide the allocation of resources to protect your critical assets from ever changing threats.
- Classify the impact to the business based on prioritized threat scenarios.
- Employ a continuous monitoring strategy that uses adaptable techniques to monitor their effectiveness.
Simply put, the backbone to maintaining a successful cybersecurity strategy is to find the most probable threats and then actively defend yourself against them.
The Active Defense Strategy (ADS) Approach
The DMI Active Defense Strategy (ADS) implies that organizations must be proactive. An organization’s cybersecurity risk management should be designed to address three key factors: Loss of Confidentiality, Integrity or Availability, often referred to as CIA. The best way to express this is to design solutions to protect from the possible motives for hackers and what the consequences of loss might be. Then, to maximize your resources, build out a concrete cybersecurity solution that includes threat intelligence, continuous monitoring, and policy compliance. To do so, follow these tips and tricks to extend confidence into your cyber defense:
Strategy Driven. Companies have spent millions of dollars to implement IT security technology, most have not been focused. DMI has the experience from multiple Government and Intelligence Community projects, to help deploy National Security-level solutions to support corporate cybersecurity strategies to meet policy and International compliance requirements.
Always be vigilant. The chances of you becoming the victim of a cyber-attack at some point in time are very high. The key to lessening these chances is to regularly monitor the enterprise (including mobile and cloud) with continuous monitoring solutions similar to the approach currently being adopted across the “.gov” environment and managed by the Departments of Homeland Security and Defense.
Strong Identity Management. 63% of confirmed data breaches occurred as a result of weak, default or compromised passwords. Promote strong authentication by enforcing a strong identity management program to safely manage “who’s accessing” your corporate resources.
Plan for the Worst. Whether you prefer to work with the cloud or another avenue, it’s imperative you keep a backup of all crucial information in the event something gets compromised. Remember, the approach is “What Would You Differently if You Know You’re Going to Be Hacked?” This approach not only helps protect you against low-risk events (e.g employee needs a new laptop with current data updates), but also helps protect the organization against more aggressive threats like ransomware attacks. To Pay or Not to Pay may be determined by your ability to recover your systems from current backups.
Each of these steps play a critical part in successfully managing your organizations risk. It’s imperative that all levels of your organization understand the importance of cyber security, because cyber security isn’t simply a job for one person, but something the entire organization needs to spread awareness on.
Rick Roach, CISSP
Chief Information Security Officer (CISO)