No, this isn’t a story about President Trump’s ridiculous border wall, so please excuse the poor attempt at clickbait. What I really wanted to talk about is a Gartner report, released in March, which outlines the importance of a business’ ability to identify and respond to security events rapidly, rather than simply attempting to block every attack.
This report caught my attention, mostly because it is a bit of change from the traditional research we are used to. It talked about the need to move away from prevention-only approaches to focus more on detection and response.
Based on what I’m reading, this is just one story in a line-up of many that shows the change in approach that security vendors and end customers are starting to wake up to. A quote from this story states: “While this does not mean prevention is unimportant or that chief information security officers (CISOs) are giving up on preventing security incidents, it sends a clear message that prevention is futile unless it is tied into a detection and response capability."
Here are some key takeaways I took from the story that reflect our thinking here at Kordia – all of which I believe are something all of us (as cyber-security practitioners) should be thinking about:
- Maintaining good defence will always be important
- But, no matter how good your defence is, it is possible for intrusions to happen
- Cyber-criminals are well organised and funded, much of the defence capability on offer will lag behind for the foreseeable future
- Being able to detect and respond to cyber events is critical
- To be effective at this, organisations need to have the tools, processes and people to effectively manage events when they occur
- This is more than technical capability and must include communication – especially with customers and the media
- The main objective is to handle events well so that reputation and stakeholder trust is maintained (or even enhanced)
- Regular cyber event simulations are an effective way to identify areas for improvement.
Staying across the latest advancements or cyber security threats is also not easy, especially for businesses who don’t have dedicated security teams to look into the above. In fact, we have dedicated staff doing this at Kordia, and it still is hard - you really need to know where to look!
But, not being a large corporate business is no excuse to not think about and plan for the above. If you truly want to stay one step ahead and keep cyber criminals out of your business, you should be looking at ways to tackle this issue with smart technology as well as third-party assistance and advice from a managed security services provider.