“An ounce of prevention is worth a pound of cure,” as the old adage goes, is probably always true, but it’s impossible to quantify. That measurement is a fundamental issue in calculating the return on investment of any security program. It’s difficult to say how much damage would have been done, whether it would have harmed national security, or how much it would have cost to recover from an attack that was prevented.
IT managers who do not practice good security hygiene are guilty of malpractice, plain and simple. Even flawless security hygiene, however, cannot prevent all attacks. Timely application patching, for example, cannot fix zero-day vulnerabilities for which no fixes have been published or vulnerabilities that have yet to be detected. Insiders with authorized access can also engage in malicious conduct, notwithstanding strong password practices.
As a result, administrators who concentrate on prevention will be unprepared with an effective incident response strategy if an attack occurs. Security professionals should start thinking beyond hygiene and focus on having the knowledge, people, and systems in place to respond fast and minimize harm.
While zero trust and endpoint protection is now required for large networks, they can’t guarantee that an attack won’t succeed, especially given the constantly expanding attack surface and the rapid evolution of new threats.
Every cybersecurity stakeholder should embrace the inevitability of a breach and be prepared to mitigate the damage in order to truly protect their organizations.
AI, ML and BA for rapid detection
Organizations can now monitor network activity throughout the entire hybrid IT environment – on-premises, virtual private cloud, and multiple public clouds and then analyze the collected data using ML and BA-powered tools to provide a linked picture of the network security posture. The system can rapidly identify abnormalities by understanding what “normal behavior” for the network is, allowing the security team to decide whether the anomaly is actually a threat.
Network segmentation aids in the prevention of the spread
The most serious breaches occur when an attacker gains access to a susceptible peripheral network region in Target’s instance, an HVAC system – and then traverses the entire network, stealing critical data, installing ransomware, or otherwise causing havoc.
Network segmentation can help reduce the damage by making it more difficult for an attacker to travel from one region to another, giving security personnel more time to respond. Unfortunately, many businesses are resistant to segmentation due to worries about increasing network administration complexity, and fees. Network methods such as SD-WAN, on the other hand, can make segmentation a feasible security strategy.
A professional incident response team
Expert security practitioners play a crucial role. While machine learning and BA tools can spot unusual behavior, they can’t yet determine whether there’s a good cause for it. In addition, technologies are not always capable of determining the appropriate course of action in the event of an occurrence. They simply haven’t arrived yet.
As a result, certified security professionals remain half of the equation for success. Human resources are still required to reduce the time it takes to contain a threat. Threat intelligence and experience are required for teams to comprehend the nature of an attack and choose the best course of action. And, because people live in a world where risks are present at all times, organizations should have a security team on call 24/7. Businesses that cannot afford to hire a 24/7 in-house security team with the necessary skills may consider hiring a managed security provider.
Good cybersecurity hygiene is important, but it isn’t enough. Businesses can only fully protect their data, customers, workers, and companies by preparing to reduce the consequences of an unavoidable breach.
For more such updates follow us on Google News ITsecuritywire News