Businesses around the world are seeing a large growth in their threat surfaces, due to the influx of new technologies. This growth in turn, is forcing security practitioners to retying their companies’ security practices.
Jayson O’Reilly, director of sales and innovation at DRS, says although many businesses are still focussing on prevention, it is important to look at remediation too. “The old maxim that there are two kinds of companies – those who have been breached, and those who have been breached and don’t know it, still stands.”
He says breaches are a bleak reality and, while prevention is an absolute necessity, it is also necessary to ensure that in the event of an incident, the impact and fallout is minimised as quickly as possible. “It is practically impossible for prevent all attacks, but companies must have measures in place to ensure that breaches are addressed in a timely manner.”
The ability to bounce back from a sudden hit should be a planned, tried, and implemented strategy. “In this way, both mitigation and control aspects should be top of mind when designing a businesses’ security framework.”
Businesses should have cyber security action plans in place, with committees that meat to review all policies on a regular basis. “Professional consultants can also be involved, and can recommend guidelines and audit best practices.”
According to O’Reilly, the implementation of any security systems, tools or measures should go hand-in-hand with the formulation of an incident response plan, as well as employee awareness training and solid policies in place to lower risk.
“Obviously prevention is first prize, but fast response and remediation is the next best thing, and is needed should prevention fail. Response would include such things as who to notify in the event of a breach, what parties are affected, investigating the cause of the event, an audit of the network to see what, if any, assets have been compromised and suchlike.”
He says this is the best way to ensure the breach does not happen again. “In addition SIEM (security incident and event management) tools are highly valuable in preventing the recurrence of threats. We’ve definitely noticed a rise in the adoption of SIEM solutions as they offer rapid detection, and efficient and effective response.”
At the end of the day, O’Reilly says prevention and remediation work best when designed together. “There are millions of known threats, and for this type of threat it is simple enough to protect, build, and make a security infrastructure framework strategy. But on its own, it is totally inadequate. Known threats are one thing, but unknown threats are a different kettle of fish. Some of the threats our there can have a catastrophic impact on the business, and because they are unknown, protecting the organisation becomes a matter of guess work. This is why having the measures in place to quickly stop an attack and lessen the impact is vital for all businesses.”
