• November 20, 2015

Security Strategies To Prepare for That Dreaded 3 a.m. Phone Call

There is a fundamental truth when it comes to enterprise cybersecurity: At some point, in some manner, your organization will experience a breach. Minimizing the impact is, of course, core to your security strategy. But don’t skip a plan for how to handle a compromise—and the potential collateral damage in its wake—if it happens. The first 48 hours are crucial, and how your enterprise reacts can make the difference between temporary inconvenience and mission-critical downtime.

More Surprising Numbers

If you want a shot at heading off issues before they permeate the environment, a proactive stance is imperative. Yet fewer than 25 percent of CIOs feel prepared to manage a breach.

Where to start? The first step is to understand your organization and its threat environment. Once you do, you can put in place a series of security solutions and controls to start building your defense position and a breach response plan.

Start by answering these three questions:

  1. What are our key information assets? Intellectual property? Customer data? What is potentially in the crosshairs of cybercriminals?
  2. What are the threats facing our business? Are we most likely to be targeted by disgruntled employees? Cyber bad guys? Nation states? To dig into the threats, think beyond viruses or individual attacks. Consider that cybercriminals are spending an average 205 days inside a targeted organization before being detected. You need to understand who the attacker is and the motivation for the attack before you can protect the enterprise.
  3. How can I start mitigating threats? By protecting, predicting, and responding, you can run scenarios, simulate attacks, and find smart ways to manage time-critical decisions. There are also solutions that can be implemented based on your answer to question two above. For example, if it’s believed that employees are a threat, a tool like User Behavior Analytics puts the behavior of the user in context to highlight anomalies in the role.

It takes time to fully understand the answers to these questions. Most organizations don’t have the expertise, personnel, or capacity to handle the ever-changing security landscape. But, through a Compromise Assessment, you can get a critical view of the infrastructure, IT systems, and user behavior to find out if a breach has taken place or if one is likely to happen in the near future. This assessment puts the CIO in the proactive position to manage the attack, the fallout, and the disclosure in a responsible way. Think of it as a health check for the enterprise.

Prepare and Beware

Answering a 3 a.m. phone call to hear there’s been a data breach or—even worse—finding out after it’s been leaked to the public becomes an even more desperate and traumatic experience if you have no idea what comes next. Building a defensive and proactive action plan can’t be done on the fly. It takes forethought and time. But with a process in place to help the executive team mobilize into action, your organization will ultimately save lost time, money, and reputation.

Learn more about how to fight back against the bad guys.