INFORMATION TO BE PROTECTED

DETERMINE THE INFORMATION TO BE PROTECTED

Companies begin their journey to resiliency by identifying and prioritizing the assets they must protect. What do cyber criminals want that they can get from us and why? Do employees handle intellectual property that could make or break us competitively? Do we collect personally identifiable information that cyber criminals could sell to identity thieves? Do we store customer account information? How would someone take command and control of our infrastructure or systems? It is equally important to know where those coveted assets are located. Many boards are surprised to learn that the information security team is fending off hackers across the entire enterprise, even outside it: for example, in a supplier’s network, on a home computer, or on an employee’s iPad, where he or she just reviewed a proprietary schematic. Hackers are capable of scanning for vulnerabilities wherever someone connects to the Internet, and business leaders must operate under the assumption that even they are a target. As with sensitive financial information, only those who need access to the assets should have it, and policies should be in place to ensure stringent controls. Administrator passwords are gold to cybercriminals, and increasing the number of people with access to them effectively multiplies the ways that hackers can attack.

It’s tempting to think that we can eliminate breaches if we just put more effort into prevention at the front end, but information security professionals know that eliminating the possibility of a breach is an unrealistic goal in today’s environment. Preventative tools such as firewalls play an essential role because they provide the first layer of defense: they ‘recognize’ and stop the threats we already know about. As we already established, however, hackers are highly adaptive. No one piece of technology can provide a complete defense. A good security program assumes that at some point prevention will fail and the business will have to deal with threats in its network. Detection then becomes the focus. Companies need the right technology, processes, programs, and staff to help them detect what has happened so that they can find the threat and respond more quickly to contain and eradicate it.

In conclusion: No one wants to be blindsided. If a company’s security team can’t “see” what is happening on the network and across all of the endpoints such as work stations, point-of sale terminals, and mobile devices, then the company will have little chance to detect or respond quickly to an attack when prevention fails. Visibility across the enterprise is an essential attribute of the cybersecurity strategy because it helps companies respond to unusual activity more quickly, reducing down time and related costs. Business leaders should know that having visibility means collecting large amounts of data from all of those places. Unfortunately, those data are useless if the security team doesn’t have the bandwidth to analyze and act on it. The information security industry has responded to this problem, and services are available to manage the data, do the heavy lifting, and sort out what is actionable.

By:  ULAYA SIJALI A. (BAPRM 42681)