Consider the following dilemma: Cybersecurity experts maintain that you can’t prevent everything – so don’t try. However, many security programs devise countermeasures mostly geared toward prevention. This does not make sense. If prevention is not 100% effective, then trying to prevent every security incident will only weaken the effectiveness of your security program, overall. So, what should you do instead of trying to prevent everything? This blog and new white paper, Revisiting the Cybersecurity Protection Myth, offers a way forward.
You’re up to this challenge, which is good because things are getting pretty hairy out there. Nearly 1 million malware threats are released each day. In 2015, a remarkable 169 million personal records were exposed in more than 750 data breaches in healthcare, education, financial and government institutions. That’s 38% more security incidents than were detected in 2014. Plus, you’ve got some new styles of hacking like the “Rise of the IoT Zombie Botnet,” suggested by Wired. It sounds like a fan-written horror movie. Your blurred perimeter makes it even worse, with partners, contract employees and API-based communities confusing everyone as to where you end and they begin.
Security teams are admitting they are less prepared than they want to be and their preventative approaches aren’t working. Just thirty-eight percent of global organizations feel they are able to handle a sophisticated cyberattack. Another survey found that 81% of data breach victims lacked a system to detect breaches. And, 52 percent of respondents to a CyberEdge Group survey believe that a successful cyberattack will occur in the coming year against their networks.
Emphasizing Cybersecurity Detection and Response over Prevention
It’s time to shift the focus from protection and prevention to detection and response. We need to let go of the myth that we can prevent everything. Instead, we need to get better at detecting threats before they cause damage. Putting your cybersecurity emphasis on detection gets you closer to attackers before they carry out malicious acts.
- Identify the assets that need the most securing – This might mean doing a business impact “heat mapping” process described in our white paper, Moving to a More Efficient Cybersecurity Strategy.
- Leverage Security Log Monitoring and SIEM technologies – Continuously monitor the logs of your IT assets and business systems in a mode of correlation and deep analysis that can reveal possible attacks. However, the effectiveness of log monitoring and SIEM is only as good as its configuration and continuous upkeep. Even large organizations may struggle with doing it all in-house.
- Be proactive about threat detection and notification – Being proactive means correlating multiple streams of data and pulling insights from both real-time events and asset risk profiles to detect threats at the earliest stages and reduce false positives. The best way to do this is to collaborate with a 24×7 Security Operations Center (SOC). Historical logs should also be available for analysis, enabling investigation and providing deep context to threat trends. People must be part of the process, with alerts and response plans carefully orchestrated.
- Up your incident management and response game – Be ready for today’s new kinds of attacks. Incident response is a notorious budget drain and distraction from other security duties, so outside help might be advised.
It’s time to lay the protection myth to rest. The idea that your team, on its own, can thwart attacks solely using preventative mechanisms is getting harder and harder to put into action. By focusing on more proactive and offensive approaches, rather than strictly defensive, that help you detect and respond to possible threats rather than react, it is possible to stop threats before they expose the organization to risk. Proactive threat detection and notification warn of attacks before they can inflict harm. Incident management and response planning completes the picture. Outsourcing of selected aspects of these focus areas can provide the best results.
CenturyLink can be a resource for helping your department focus on protection, detection and incident response. Our managed security services offer a depth of capability while shouldering the burden of many time-consuming and complex security tasks.
Discover how CenturyLink Managed Security Services can help secure your organization against cyberattacks today.