Any business worth it’s salt will have some sort of cyber security controls in place. From firewalls and anti-virus software to MFA and regular patching cycles, there’s plenty you can do to secure your business against the various threats in cyber space.
But even if you have done the right things, layered the right controls and conduct regular testing of your defences for your business, would you know if your systems were under attack or worse did in fact suffer a breach? Or what if the real threat was inside your business?
This is where “Continuous Monitoring” plays a critical role in the overall defence of your business. Continuously monitoring on your network and logging how your data is being accessed helps build a picture of what is happening in your environment – after all, you can’t protect what you can’t see.
Some businesses still have their head in the sand when it comes to continuous monitoring, thinking that it’s unnecessary, or too complicated or expensive to implement. Those assumptions are dangerous to make and could land you in hot water down the track.
Think of continuous monitoring as a way of reducing your risk – by giving you visibility of your key assets, and ensuring your data and systems are being used as intended.
Improve your incident response
Most people would agree that, should a breach occur, it would be incredibly helpful to have some sort of log of what happened. You’d want to know how attackers were able to gain entry, what data or applications were accessed and the timeframes the incident occurred. This is particularly important if you have to notify customers or the Privacy Commissioner after suffering a serious incident. Not only that, the faster you can paint a picture of exactly what occurred, the quicker you can start mitigating any damage.
Piece of mind against internal threats
One of the most overlooked benefits of continuous monitoring is the operational side. Today’s businesses hold more data than ever before – from Personally Identifiable Information (PII) to financial information and commercially sensitive material. While you may trust your employees, there are plenty of well documented cases where data and systems have been accessed for reasons other than the usual duties of work.
Take the case of US actor Jussie Smollet, who was admitted to the Emergency Room of a Chicago Hospital in 2019. What may have started as some harmless curiosity about a celebrity, led to over 50 employees being sacked for unauthorised access of Smollet’s medical records. Like the US, New Zealand’s Privacy Commission takes employee browsing of personal information like medical records very seriously – and the consequences of something similar happening within a New Zealand organisation can be just as serious and cause untold reputational damage.
Even more troubling is when ex-employees can still access your data – a recent survey by Beyond Identity found that 1 in 4 former employees still had access to their previous workplace’s systems.
Enhance your security
Alongside operational monitoring of activity, extending your monitoring to include security helps bolster and protect your business against threats in real-time. Most businesses won’t have the capability to monitor their endpoints and servers around the clock but enlisting the support of a SIEM service can ensure you’re alerted to any intrusions as they happen. When time makes all the difference to how effective your response is, a SIEM makes it much easier for your cyber security team to identify, investigate and resolve any incidents as efficiently as possible. A SIEM can also help you discover potential vulnerabilities in your environment through asset discovery scans, regular vulnerability assessments and deploying behaviour analysis rules.
At a more granular level, you can even leverage tools that monitor your network activity for a baseline, so you can start to see patterns emerging and be alerted for any unusual activity that might suggest a cyber criminal is poking around in your network.
The road starts here
If you haven’t yet implemented a continuous monitoring strategy, I’d suggest you start by identifying your most valuable assets. More often than not, businesses haven’t taken the time to really assess what information they are storing, where it is being kept, and what the risks are if that data was somehow compromised.
Once you have worked out what your ‘crown jewels’ are, you can start implementing some simple measures to log activity around these – there is a plethora of software tools that you can utilise to achieve this. Having this visibility alone can help reduce your risks – for example, if you can see employees accessing PII or sensitive information outside the bounds of their normal work duties, you can immediately take steps to reduce access – which in turn lessens the chance of this data being misused or leaked outside your organisation.
As you increase your efforts around security, consider using a third party SIEM service to manage your monitoring and logging – this is by far the most resource, time and cost-efficient way to stay on top of what’s happening in your environment.
Continuous monitoring is a journey – but one well worth embarking on if you truly value your data, assets and reputation.