A Data Breach is a multi-headed beast, and this beast is growing strong by leaps and bounds in its capability to cause monetary damage as well at the ways it can attack the most sensitive of data. There is no silver bullet solution for this is problem, furthermore, there are no one-set of controls to keep this beast at bay.
Below let us dive into 6 organizational critical control areas and 28 specific key factors across the controls, an organization should implement to achieve effective insight and protection against data breaches.
Adopt a Security Framework
A security framework is a collection of documents and policies that define how an organization manages information, systems, and services and the security measures taken to protect data. A security framework looks at regulations and laws, as well as the internal policies to ensure everything is clearly stated regarding cybersecurity tactics and strategies for a company. Using a security framework enables organizations to gain a systemic understanding of their capabilities and weaknesses. This approach also provides the basis for an orderly methodology in the planning and tracking of improvements over time.
The Top 3 Security Frameworks to consider:
- NIST Cybersecurity Framework (NIST CSF)
- The Cybersecurity Maturity Model Certification (CMMC)
- Center for Internet Security (CIS)
Cyber Incident Planning
It’s no longer a question of IF a company will have a cybersecurity incident. The real question is how a company will respond and recover WHEN they have a cybersecurity incident. This is a statement that is both sobering as well as liberating. The key is to put plans into place that will minimize the business impact of the incident through efficient management. An organization can greatly benefit from understanding cyber incident planning and having a meaningful response strategy in place. A cyber security incident response plan, often called an IR plan, is a strategy and process a company creates to detect, respond to, and recover from a security/breach incident. Technology-centric in nature, these plans tend to address issues like malware detection, data breaches, services outages, customer communication, industry regulation compliance during such incidents, and operations recovery.
4 Steps To Incident Planning and Response
- Containment
- Impact assessment
- Root cause analysis
- Communication
- Recovery
Identity Management Strategy
Identity management, which is also sometimes referred to as identity and access management (IAM) is the overarching technique and strategy for verifying a user’s identity and ensuring accuracy before giving access to a system or network. As digital information and systems continue to move toward cloud-based technologies, we often hear the expression “identity is the new firewall”. This statement emphasizes the increasing importance of identity management (IDM) as a fundamental component of every IT security program. 90% of data breaches begin with some form of phishing, and these phishing attacks are often being used to steal credentials.
5 Keys to Identity Management Success:
- Use a cloud-based identity management directory
- Multi-factor authentication (MFA)
- Privileged Account Management (PAM)
- Strong password standards
- Security event monitoring
- Internal test of IAM through simulated attacks
Vulnerability Management Strategy
Vulnerability management is the process where a company will identify, evaluate, treat, and report any security vulnerabilities in their software and systems. Good vulnerability management involves being actively involved and engaged with software to ensure everything is protected. Hackers are always looking for new opportunities to break into systems and software and exploit data. A vulnerability management framework is critical to ensuring an organization is protected against these hackers. On March 2, 2021, Microsoft released patches for a series of critical vulnerabilities in the Microsoft Exchange email server. 2 weeks later, it was estimated that between 30,000 and 60,000 organizations had been hacked, and the frequency of exploitation attacks was increasing as tens of thousands of servers remained unpatched.
3 Keys to Vulnerability Management
- Patch Management
- Proactively scanning environment
- Prioritize problems and creating action plans to mitigate complete with RACI
Critical Asset Identification
One of the keys to implementing an effective cybersecurity program is the concept of risk based security controls. With a large and ever-changing threat landscape, it may be impossible to protect every information or technology asset from all possible threat scenarios. This means it’s essential to identify and protect the assets with the greatest potential impact on your organization.
5 best practice to identify critical assets
- Identify & prioritize critical assets based on confidentiality
- Identify & prioritize critical assets based on integrity
- Identify & prioritize critical assets based on availability
- Engage with business leaders & enterprise risk management functions to validate and enhance the identification of critical assets
- Use a risk-based security program to apply additional enhanced targeted controls
Email Security
Email security describes the techniques one can utilize to protect their email accounts and content from hackers. Malware, phishing, and other spam are a threat to email communication, and proper email security can ensure that an organization stays safe. Over a 3-year period, from June 2016 to July 2019, the FBI estimates total losses from business email compromise to be over $26 billion worldwide. While email is a primary vector for cyberattacks, it is also vital to the survival and operation of most businesses.
6 keys to increase email security
- Invest in a secure email gateway
- Block spam and malicious email
- Block executable email attachments
- Implement anti-spoofing controls
- Implement user education training
- Run un-announced sponsored phishing and spoofing exercise