The notoriety and concern that cybersecurity evokes is far from unfounded. Discussion on the topic has become a standing agenda item for C-suites and boards of directors, and incidents themselves have become major worldwide news.
Executives in companies across all industries are increasingly answering questions about how they are responding to breaches and attacks or, in the case of progressive companies, are presenting budgets and strategies to proactively identify threats and thwart attacks to effectively manage business risk.
Just how serious is the threat of a breach?
According to data-threat researcher the Ponemon Institute, you are more likely to have experienced a data breach of at least 10,000 records than you are to have caught the flu this winter—and, mind you, it has been a bad flu season. With the average cost-per-record in a data breach at an all-time high of $148, that puts the financial impact associated with a data breach at close to $1.5 million per occurrence.
With such staggering figures and daunting odds, the desire to avoid a breach is at an all-time high. Doing too little about it can be a violation of the spirit of due care and fiduciary responsibility or, in some industries, a violation of law. Doing too much, or directing precious resources inappropriately, can unduly impinge business operations and create other unintended business impact.
Finding the right level of security risk tolerance is organizational-dependent, and while there is no one-soup-feeds-all recipe, some proven techniques can substantially reduce an organization’s attack surface. Put another way, you can substantially reduce the likelihood of a security breach by adding the following to complement your existing security program.
Vulnerability management. The masses of security researchers, vendors and bad actors are constantly testing existing and updated systems for new vulnerabilities. Given the numbers and variety of systems you might have in your environment, newly discovered vulnerabilities can affect your security posture on a daily basis.
Couple that with weak or unintended misconfigurations, and your window of risk opportunity might be opened quite wide. A time-based, well-orchestrated vulnerability management program should be implemented to find and fix issues before they are maliciously exploited.
Multifactor authentication. A password is the most common method for general authentication to a system. Used alone, it also presents one of the most exploitable paths to unauthorized access. Since passwords (something you know) are easily compromised, it is imperative these days to employ a second factor used in tandem for authentication. A second factor can include a randomly generated token (something you have) or it might incorporate a biometric (something you are) such as a fingerprint or a facial scan.
Next-generation antivirus. Legacy antivirus platforms still function on the basis of using signatures. A signature is essentially a programmed inoculation to a specific set of code that might represent malware. A small change to malicious code, however, might be used to circumvent the signature and the antivirus program. Next-generation tools provide a stronger basis of prevention by using a math-model or algorithm that is akin to a narrow band of artificial intelligence.
Advanced threat detection and response. As bad-acting adversaries are people, you need people to counter them. Security tools have evolved, but if we remove the human factor from the equation, the overall level of effectiveness is reduced. Use experts to wield good technology and you will improve both the efficiency and effectiveness of your security program.
This list is by no means exhaustive. The idea here is making the right choices based on the nature of your digital assets. It does not mean you have to be at the bleeding edge of the newest security technologies. In fact, technology alone will not solve your problems.
Sometimes being just “good enough” is OK, and it might put you just far enough ahead to avoid all but the most targeted of attacks. Criminals and the makers of malfeasance that constitute the majority of bad actors in cyberspace are cretins of opportunity. Like natural predators, they prey on the slow and vulnerable and pounce if the conditions favor them.
Remember that if you and another person are being chased through the woods by a bear, you need to outrun only the other person, not the bear. Even then, you can’t rest, because the bear will eventually come back looking for its next opportunity.•
Pelletier is founder of Pondurance and serves on the Indiana Executive Council on Cybersecurity as well as the FBI’s Indiana Cyber Threat Focus Group.