IT Focus Area: security
February 2, 2018
10 Tips to Improve Your IT Security Strategy
Editor's Note: Sirius and Forsythe are now one company. Sirius acquired Forsythe in October 2017 and we are pleased to share their exceptional thought leadership with you.
Is your organization reevaluating its security strategy for 2018? Start the year off right by assessing your security posture, and formulating a plan.
10 tips to advance your cybersecurity strategy
1. Know what you need to protect
The first step in any IT security strategy: know what you need to protect. Consider the following questions:
- What are your most valuable information assets?
- Where are they?
- Who has access to them and why?
- When are they being accessed?
Answering these questions can help to establish an understanding of the critical pieces in your infrastructure that need attention. It will also provide insight into what normal activity looks like, which will better enable you to recognize abnormal patterns of behavior. It is important to think of your organization not only as an ultimate target, but as a stepping stone. Assess your partnerships and business relationships to identify which might provide access to your company’s information in the event of a breach, and vice versa. This in-depth evaluation requires collaboration between IT, security, and the business.
2. Evaluate your security posture
Attackers will never stop trying to take advantage of vulnerabilities. As long as exploits exist, you need a process in place to continuously find and remediate your vulnerabilities. Continuous vulnerability assessments are an important part of effective cybersecurity. They can be invaluable, but only if their results are weighed in the context of the business and existing security infrastructure. By analyzing assessment output with business risk in mind and applying that knowledge to the development of a sound security strategy, CISOs and other IT executives can help their organizations make the most of their security budget and strengthen their overall security and compliance posture.
3. Take a data-centric approach
In order to protect ourselves from evolving IT changes and targeted attacks, we need to shift our focus from trying to secure everything, to protecting what matters most — securing sensitive data no matter where it is stored, used or transmitted. The best way to streamline data protection is to do the basics well. Identify where sensitive data resides, set policies for handling it, implement appropriate technical controls, and educate users about current threats to the data they work with and best practices for keeping it safe. By effectively classifying data, focusing on what’s valuable, avoiding common pitfalls and moving protection closer to the point of risk, your organization can ensure greater control over sensitive data at all times.
4. Develop a clear understanding of cloud service models and security issues
While the benefits of the cloud are clear (scalability, productivity and increased flexibility to name a few), companies are still struggling with associated security implications. Cloud computing is not fundamentally insecure; it just needs to be managed in a secure way. Organizations should develop a clear understanding of cloud service models, as security issues vary depending on the model being used.
5. Consider a cloud access security broker (CASB)
Many enterprises have adopted a cloud-enablement mindset and are "cloudifying" traditionally internal applications, but worry that they don’t have the right tools to fully secure their data in the cloud. CASBs enable organizations to manage and enforce security policies across disparate applications, providing much-needed insight into cloud activity, and a single point of control for multiple applications and services.
6. Don’t forget to address insider threats
Outsiders such as hackers, organized crime groups, terrorists and nation-states may be the "bad guys" we don’t know and love to hate, but insider threats can be far more costly and damaging. Insiders—and the malicious outsiders who emulate them—have the means and opportunity to access our most critical data. It’s no longer enough to simply look outwards and focus on what's coming in; security teams must also look inwards to evaluate what's going on within the company, and what's going out.
7. Leverage threat intelligence
The best form of defense against attacks and those who perpetrate them is to know about them. Collaborative defense has become critical not only to national security but also to IT security, and sharing threat intelligence is a force multiplier. But for many organizations, good quality intelligence is hard to come by. Commercial threat intelligence technology and services can help enterprises arm themselves with the strategic, tactical, and operational insights they need to identify and respond to global threat activity, and integrate intelligence into their security programs.
8. Use deception to enhance detection and response
The mean time to identify (MTTI) breaches has reached an average of 191 days. Lengthy dwell time enables lateral movement—the key to increasing hackers’ chances of success. Deception technology helps to detect lateral movement and limit dwell time, so threat actors can’t get what they need to progress through the Kill Chain. Distributed decoy systems create the appearance of endpoints and servers throughout the range of IP addresses used within the organization, and scatter various traps such as fake credentials for accounts on decoy machines. Because legitimate users have no reason to interact with decoys, attacks can be rapidly identified and false positives greatly reduced. Endpoint detection and response platforms, IPS, next-generation firewalls (NGFWs), web application firewalls (WAFs) and Web application deception solutions can also be used to facilitate deception initiatives.
9. Work with a managed services partner to fill skill gaps
Managed security services services are designed to augment an organization's security team, and reduce the number of operational security personnel you need to hire, train and retain in order to maintain a strong security posture. Managed security services providers help give an organization the options—and the flexibility—it needs to address constantly shifting regulatory requirements and threats. By monitoring IT infrastructure and devices at service levels that are customized to meet an organization's goals, they support robust security programs, while allowing you to retain ownership of your policies, incident and change management.
10. Prepare for the inevitable with comprehensive incident response plans
Historically, too much IT security spending has focused on the prevention of attacks and not enough has gone towards preparing for the inevitable. A comprehensive incident response plan will enable your organization to respond aggressively to an attack, minimize damage and align defenses to mitigate future intrusions.