Approaching Cyber Security
“It’s not a matter of if, but when.” How many times have you heard this? Or the line, “There are two types of companies: those that have been hacked and those who don’t know they’ve been hacked.”
It paints a fairly bleak picture. Makes you want to do away with your computers and go back to pencil and paper. But you can’t if you want your organization to be successful.
So what can you do?
Change the way you perceive cyber security. That is, assume that your systems WILL be attacked and breached. Instead of having a focus on “defense”, change your focus to “detection” and “response”.
Before you ask, you do need to have defensive measures in place. However, you must consider that the bad actors may be able to circumvent those defenses. Or one of your employees will click a link in a phishing email thereby allowing malicious actors to walk right through the front door, so to speak.
Assuming a cyber criminal is in your system, you must have processes in place that will successfully and quickly detect that they are there and be able to respond just as quickly.
These responses include determination of whether information was exfiltrated (taken), whether any information was changed and if they are still in the network.
The common analogy is to think of this just as you would your home. You have locks on your windows and doors to keep a burglar out. But what if he is able to break the lock or just bust the window and get in? You want to know as quickly as possible that he is in the house. Then you will want to know if he took anything and if he is still in the house.
So having a good firewall or anti-virus isn’t enough. You must include detection and response in your cyber security plan.