When you consider that corporations are likely to face a data security breach at some point—a matter of “when,” rather than “if”—then it becomes imperative that your company be prepared with a cybersecurity strategy. It may seem like a vexing challenge when the digital world is in constant flux—with the evolution of technology like the internet of things, mobile technology, and cloud computing—but the difficulty of the problem does not outweigh the necessity of its solution.
Traditional cybersecurity relied on a “perimeter-based” defense. However, as more and more networks become decentralized, this approach is proving to no longer be effective (not on its own, at least). But with a cybersecurity strategy in place that is capable of handling the kind of data breaches and cyber attacks faced in 2018, your company will be well on its way to thriving and surviving in this digital era.
Why Perimeter-Based Defense Doesn’t Work
You do still need a perimeter-based defense system. Firewalls, endpoint protection solutions, and two-factor authentication are all necessary to ensure intruders cannot easily access your network and break into your systems.
But perimeter defenses are based on the idea that you can protect your important data with successive layers of defense. This used to work in a centralized, managed-device network, but those kinds of networks are becoming increasingly rare. Cloud networks, mobile and remote work, and global enterprises require networks that are adaptable to new business requirements. But with this requirement comes the need to build additional new controls into your cybersecurity strategy.
Build Your Security Foundation
In 2018, a great place to start your new cybersecurity strategy is from a device-level, bottom-up perspective. The days of you being able to protect your data from a centrally controlled location are over. You need to be ready to use some of the traditional methods—such as firewalls and intrusion prevention systems—in ways that leverage next-generation and innovative new versions of these products.
Applying these controls based on the context of the node or device being used (such as a smartphone or other BYOD - Bring Your Own Device) will allow your company to adapt as new technologies for cybersecurity and cyber attacks evolve.
The Best Defense Is a Great Offense
An important aspect of a great cybersecurity strategy is an offensive take on security. Building higher and higher walls is merely asking intruders to challenge your system defenses and find the weakest links.
Along with your defense barriers, you want a dedicated team to threat hunt and be on the lookout for new attacks. These members of your IT department continuously research new methods of attacks and watch for potential breaches in vulnerable or high-value targets.
Simultaneously, “pulse” your security systems and put your defenses through their paces to see how they react to threats. Practice with mock phishing email attacks or potential breach methods. When done in controlled ways by your allies (i.e., your IT department or a hired security Red Team), you can locate potential vulnerabilities before they are exploited by malicious attackers.
Incident Response Plan: Agency to Act
Without a robust incident response plan as part of your cybersecurity strategy, you run the risk of employees not knowing what to do when a data breach does occur. By assuming an attack will happen eventually, and preparing your IT department as well as all necessary employees in other related departments, people will be trained so they will know exactly what to do.
When a breach occurs, speed is of the essence. The difference of a few minutes or hours can mean a deeper infiltration of the intruder—and possibly more data exfiltration or destruction. By preparing your team with role-based processes for what each person should do, and letting them practice, you’re preemptively minimizing any damage that potentially can be done.
Ideally, you won’t need any of these plans and your cybersecurity strategy will keep you safe from attacks. Unfortunately, that’s not the reality of today’s digital systems. With a solid strategy in place now, your company will be vigilant and know that, even when an attack occurs, the damage will be minimal, the breach will be contained, and your company will go on.