Out with the old, in with the new. The “new year” that is.
As we toast to a fresh start in 2016, the new year brings a chance to make good on the resolutions we’ve made. You remember those, right?
It’s been said it takes about 21 days of repeating a process to solidify it as habit. Well, we’re 15 days into 2016 and, if the 21-day prediction is valid, we have a little less than one week to go for all of our well-intended “changes” to become habits.
What was your personal catalyst for change leading into 2016? The desire to get fit? Read more? To put down the phone in bed at night?
Often times in security, an “incident” becomes a catalyst for change, but why wait for something bad to happen? The inevitability of compromise is very real in today’s threat landscape. It’s become almost cliché for us to say: “it’s not a matter of if, but when an attack will occur,” but there is a significant amount of truth to that statement.
I’ve spoken to a number of information security professionals who have resolved to be better prepared for the inevitable in 2016. And that preparation can be aided by three, critical steps:
- Planning – Planning for a data breach is not necessarily a “fun” exercise. It involves being 100 percent honest with yourself and asking some tough questions, such as: “Where is my enterprise most vulnerable?” “What kind of security culture have we established to date?” or “How quickly can we detect a breach?” It also involves some important business questions such as: “What data do we most need to protect?” “What would the cost of a data breach mean to our business?” or “How much are our leaders prioritizing data security?” Answers to these questions, among others, will be critical to your organization’s preparation.
- Responding – A definitive, calculated response plan is exponentially more effective than a “we’ll-cross-that-bridge-when-we-get-to-it” approach. Some of top “response” questions you’ll want to answer during and after the inevitable data breach include: “What systems and what data were targeted?” “How did they get in?” “What was the full scope of the attack?” “When did it start?” More importantly, ask yourself HOW you plan on answering those questions. Prepare to answer these questions BEFORE a data breach occurs. Do you have the people, processes and technology in place to achieve sufficient visibility?
- Strengthening – A defined system for testing and re-testing your organization’s security posture will go a long way in serving as “practice” for a real event. Establishing flexible and effective prevention policies is an excellent start. Knowing what should and should not be running in your environment goes a long way in helping the detection of anomalous behavior. If malware does land and execute in your environment, having the ability to quickly ascertain context and take action will be paramount. When you feel you’ve hardened and strengthened your endpoints, start over. Repeat the process as often as you can.
It might take a bit longer than 21 days for your organization to establish better security habits and implement enterprise-wide changes but as an infosec leader, it’s your job to always be thinking one step ahead of the attacker. Make that your 2016 “work resolution” and see how much things have changed for the better in 2017.