ALEX COBURN , CEO OF THREETWOFOUR , A NODE4 COMPANY

Regularly practising your organisation ’ s response will give everyone confidence in their role within that situation . any businesses make the mistake

Organisations need to build a holistic approach to security that is not only focused on technology but also considers people and processes . A simple way to consider end-to-end security is by focussing on four major strategies or streams of security activity :

Prevention

Preventative strategies don ’ t have to cost the earth and businesses often already have the most valuable prevention asset – people . Awareness is not the only prevention strategy , far from it , but an awareness campaign will educate your employees about their role in protecting the organisation and its assets . Interactive strategies such as an annual ‘ Cyber Week ’ have become common practice to keep staff engaged . Additionally , conducting phishing exercises can provide a good assessment of how well employees understand and apply their security responsibilities .

Detection

Detection is a base camp requirement for navigating cyber-risk . If you don ’ t know that a bad actor is in your system , you can ’ t act . Technology is a key component of detection due to the complexity and the resources required to identify intruders . Organisations often turn to an outsourced Security Operations Centre ( SOC ) that can use AI and third-party intelligence sources to provide 24 / 7 monitoring and alerting on potential cyber incidents . Outsourced SOC services are popular as they can provide economies of scale that make them more cost-effective than building your own 24 / 7 service .

Response

The key to successful response is practice . Should the worst happen , there will be a sense of urgency verging on panic that risks clouding your judgement , so , if you don ’ t know how to respond , it will take twice as long . Regularly practising your organisation ’ s response will give everyone confidence in their role within that situation . Often during these practice runs , obstacles or other weak areas are identified , allowing time for these to be ironed out before the practice is put into reality .

Incident response exercises can take many different forms , but we have always recommended a holistic approach that include different parts of the business . Technical IT teams , compliance , risk and the executive leadership team needs to understand their responsibilities by partaking in the exercise because each of these groups of stakeholders have a role to play in cybersecurity incident response .

Recovery

The ability to recover is the final and arguably most crucial step – without it , you can ’ t resume business operations . A great recovery strategy is the 3-2-1-1-0 rule – have three copies of your data , two media types , one copy held offsite , one on immutable or air-gapped storage and zero backup check failures .

Following this rule means that , if you were to suffer a ransomware attack , you will have at least one dataset that will enable you to recover .

Addressing these four steps will not , in and of itself , make any organisation inherently secure . Risk and threat profiles differ widely . However , by covering these four capabilities , businesses can build a solid foundation for selecting , tailoring and maturing a security control environment .

28 WWW . INTELLIGENTCISO . COM