BETA
This is a BETA experience. You may opt-out by clicking here
Edit Story

5 Ways To Reinforce Your Company's Cybersecurity Program Today

Symantec

By Tarun SondhiBusiness and Product Strategist, Symantec

By now, every enterprise should have some form of digital security program in place. In fact, if we were to categorize all enterprises by their security level, they would more likely be split by the relative sophistication of their security risk-management program rather than whether they have one or not.

Regardless of the sophistication of an enterprise’s security program, it’s essential that it is regularly reviewed and updated to account for changes in the threat landscape and an organization’s infrastructure. Here are five essential elements that all companies should consider as they continually evaluate their security programming.

1. Incident Response Plans

Creating an effective plan requires that security practitioners must first have an astute understanding of security measures as well as a sense of what the enterprise does. The better their understanding of the business, the better they understand the security needs of the business.

They must also engage the business in the response process. The Chief Information Security Officer (CISO) should drive the program and ensure the proper information gets into the hands of the proper business unit leaders during an incident. Greater integration between security teams and the business ultimately will lead to better integration and quicker decision-making during an incident.

From a security and risk-management standpoint, practitioners should have real exposure to the types of attacks they’ll face during a live incident and have a sense of how to respond. One effective way of improving the effectiveness of a team’s response is to conduct a “red/blue training,” where part of the response team acts as attackers and the other as defenders.

The security group and business unit leaders must then work to develop, review and practice executing security incident response plans to improve the enterprise’s ability to manage potential fallout from a successful attack. Having a well-documented and well-rehearsed incident response plan can help to quickly identify incidents and remediate potential damage.

2. Invest in Network Visibility

Companies can’t stop attacks they can’t see. Work to develop continuous visibility across the environment, gaining a holistic and inclusive view of the environment through scanning and system monitoring.

There are three key pillars that are crucial for maintaining visibility into the effectiveness of the security program:

  • Monitoring for known threats to the network
  • Monitoring for violations of network policies enacted by the CISO
  • Monitoring for anomalism in the behavior within the enterprise network

Businesses should incorporate actionable intelligence into monitoring and gain insight into the threat actors and their campaigns. Improved network visibility is essential for both identifying attacks and securing the network. There are several technologies on the market that can help provide this greater level of visibility.

3. Security Standards Enforcement

Threat intelligence is an important capability to develop when sharing data with trusted third parties. If you are connecting with a third party (regardless of whether you are supplying data, receiving data, or both), establish a well-documented understanding of standards and expectations at the beginning. Data coming in or leaving your network should assume your enterprise’s security policies, and the level of security rigor put in the transfer method should be dictated by the sensitivity of the information. This understanding should be reviewed as time goes on or as needs change to ensure it’s still current and relevant.

4. Know the Tactics of Your Adversaries

Make sure security teams have practical hands-on knowledge of adversary tools, tactics and practices, allowing security practitioners to look at the environment through the eyes of the attacker. Security practitioners need to understand how to defend attacks, but also how the most common attacks work. Through simulations and reverse-engineering current hacking tools, security teams can develop a type of “muscle memory” for responding to these types of attacks.

Unfortunately, attackers don’t adhere to application development rule governance of any kind. This means that attackers can and will vary their tactics and strategies to avoid detection, making simulations and reverse-engineering of multiple types of attacks difficult but important.

5. Improve Employee Awareness  

Build a "human firewall" within your enterprise, including well-articulated security responsibilities for every person in the workforce through security awareness training. Be aware that penetration testing of security systems alone is not enough; it only assists in monitoring for known threats to the network.

Among the more popular ways for hackers to obtain information is through the use of aggressive social engineering tactics to defeat the defensive practices of an organization. An attacker will call a customer service hotline or email a general email box attempting to extract information by impersonating a service provider or IT staff member. According to the 2014 Internet Security Threat Report, the industry has seen a 91 percent increase in these types of attacks, making them among the most common ways attackers gain entry. By including customer support staff in security awareness training, social engineering attacks can be less effective and organizations will become more secure.

Conclusion

Proper training and collaboration on an enterprise security program can elevate the awareness of the organization against attacks, put the proper solutions in the proper hands at the proper time, and minimize damage overall.