This
week’s blog is aimed at threats and some of the things that should be done to
help mitigate and rebound from an attack.
An attacker’s
job is to penetrate networks and either gather data or cause havoc. For them, it is their full time job. But for those who are there to protect and defend may
find their full time job is partly that plus a dozen other things. “Unfortunately, defenders don’t have the
luxury of spending their days focused on security. The reality is that most IT
security teams are understaffed, hampered by static and disconnected security
technologies and consumed with addressing compliance and regulatory issues and
other business imperatives” Huger, A., Sourcefire (May 2013). In order to help even the odds a little,
defenders can do a number of things, but they can’t do it alone, and will
require help from management.
First
thing is to ensure up to date technology is put in place. Too many times the focus of security is bestowed
on key assets, but with the entourage of devices used these days, the
technology must be able to encompass and protect against all of it, not just
the cores. Attackers don’t care if the
security hole is with a server or a mobile device, to them; it’s just a way in. Current technology whether it be hardware or
software will comprise the tools necessary to cover all types of assets, and
management must be willing to accept the cost to protect what’s most valuable.
Secondly,
management and security personnel should perform a review of the processes in
place and determine which ones could be automated. Automation should be exercised to its fullest
advantage as it can play a key role in reducing time, touch maintenance and
allow for better utilization of resources, such as people; especially as
manning becomes more limited. Overall,
automation will free up valuable time and allow administrators to cover tasks
that they may have fallen to the wayside since higher priority tasks dominate. Use of automation that can
detect and enforce policies as needed, will help tremendously since threats and
vulnerabilities are also changing at a rapid rate. Additionally, having an Incidence Response Plan
(IRP) readily available will help alleviate the threat if an attack does
happen. The old saying of “people don’t
plan to fail, but fail to plan” holds true not just in the financial world but
also the cyber world as well. An IRP can
help administrators act quickly and make decisions promptly allowing them to
contain and remediate the damage. Review
of these policies and testing of the IRP should be done at least semi-annually
but quarterly is best if time permits.
Lastly
is training. Training is what ties it
all together. People are the first line
of defense, educating personnel on what to do will ensure each player knows
their role, and when the time comes, will know exactly what to do. If an orchestra wants to play music and sound
well, you can bet they’re all playing to the same sheet of music. Training also helps keep personnel aware of
the latest threats in the cyber world and the fix actions which remediate them,
“Organizations must be committed to keeping their staff highly trained on the
current threat landscape” Huger, A., Sourcefire (May 2013).
To put
it briefly, management must be willing to take the steps necessary to defend
against threats, security must encompass all devices, not just the cores. Automation should be utilized to help
mitigate risk, reduce time, and increase productivity. A sound IRP should be developed and exercised
so the staff can act accordingly and remediate quickly. Finally, training should not take a back seat
as it is the foundation of safeguarding information. A little pain today equals a lot of gain
tomorrow.
References:
Huger,
A., Sourcefire (May 2013). The Need For
Threat-Centric Security. Retrieved from http://threatpost.com/the-need-for-threat-centric-security/100517
No comments:
Post a Comment