Honesty is the best policy when it comes to security

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://betanews.com/2014/07/24/honesty-is-the-best-policy-when-it-comes-to-security/

It has never been harder for businesses to build and preserve a
relationship of trust with their customers. The rise of increasingly
sophisticated, and targeted, cyber-attacks means there are more threats to
watch out for than ever before. But letting just one slip through the net
could spell disaster and damage even the strongest of partnerships, beyond
repair. Just ask any major organization that has lost confidential customer
data through a security breach.

When online retailer eBay reported that its network had been compromised
earlier this year, it's no wonder that its message to customers was "the
trust and security of eBay members is our top priority". The need to
maintain trust in the face of a successful hack is critical.

Organizations that suffer cyber-attacks usually see not only a drop in
their share price, but also in customer numbers. After all, in such an
ultra-competitive business landscape, customers have many options for where
to take their business.

The associated loss of trust has a damaging effect that can take months or
even years to repair. Similarly, a government agency that is unable to
protect citizens' data could lose public confidence to the extent that is
becomes politically very damaging.

Loss of trust, though, goes far beyond the cost of lost orders and public
confidence; many studies have shown that businesses that suffer a
significant data breach also experience record drops in innovation and
staff numbers as a result. It is difficult to measure the exact costs but,
according to the 2014 Cost of Data Breach Study from the Ponemon Institute,
the cost per lost or stolen record increased for the seventh consecutive
year.

Based on the experience of the forty organizations participating in the
study, the average per capita cost increased from $146 to $162 and, with
typical compromises impacting between 2,300 and 99,000 records, that is a
huge hit to the bottom line!

However, with the odds stacking against you, we know that it is no longer a
question of if you get attacked, but when. So given this sense of
inevitability, that you will be compromised, what can you do to secure your
company's future?

First of all, it is critical that security teams recognize and acknowledge
the "new normal". Rather than burying their heads in the sand and hoping
against hope that it never happens, they need to be honest with themselves
and accept that it is highly likely to happen and then act accordingly. By
assuming you will be compromised, and putting yourselves in the role of the
attacker and what they see, you can start to review your security in a
different light and plan accordingly.

With a deeper understanding of the methodical approach that attackers use
to execute their missions, you can identify ways to strengthen defenses and
be able to respond quickly to limit the damage when it does happen.

Defenders must use the very same capabilities as the attackers, to better
protect against attacks, including:

1. Visibility

Attackers will gain full visibility of your IT environment, so you must
too. To more effectively protect your organization, you need a baseline of
information across your extended network (which includes endpoints, mobile
devices and virtual environments) with visibility into all assets,
operating systems, applications, services, protocols, users, network
behavior as well, as potential threats and vulnerabilities. Seek out
technologies that not only provide visibility but, also offer contextual
awareness by correlating extensive amounts of data related to your specific
environment to enable more informed security decisions.

2. Automation

You need to work smarter, not harder. Hackers are using automated methods
to simplify and expedite attacks. Using manual processes to defend against
such attacks are inadequate. You need to take advantage of technologies
that combine contextual awareness with automation, to optimize defenses and
resolve security events more quickly. Policy and rules updates,
enforcement, and tuning, are just a few examples of processes that can be
intelligently automated to deliver real-time protection in dynamic threat
and IT environments.

3. Intelligence

In an age when hackers are conducting extensive investigation before
launching attacks, security intelligence is critical to defeat attacks.
Technologies that tap into the power of the cloud, and big data analytics,
deliver the security intelligence you need, continuously tracking and
storing information about unknown and suspicious files across a widespread
community and applying big data analytics to identify, understand, and stop
the latest threats. Not only can you apply this intelligence to
retrospectively secure your environment, mitigating damage from threats
that evade initial detection, but you can also update protections for more
effective security.

When maintaining the trust of customers, it is critical to not only make it
harder for attackers to succeed, but also to have the visibility across
your network so that you see when something unusual or unexpected happens.

After all, research shows that cyber criminals often remain undetected for
months or even years once they successfully get in.

Finding them quickly and seeing what they have been doing and what
applications and databases they have been compromising is the secret to
preventing lasting damage. Then you can begin the process of being truthful
with your customers, by letting them know you have a problem, but that it
is under control and access to sensitive data is limited. It is in this way
that you can rebuild trust and ensure a prosperous future.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!