In business, pessimism is not the point-of-view that will carry you the furthest. You need ambition and belief to make your business goals happen. But when it comes to security, you got to have large amounts of gritty attitude.
You should of course try to build a network of protective measures so tight that it is very difficult to penetrate. But it’s way too optimistic to think that it will block every offender: sooner or later someone will get in.
The most beneficial question you can ask yourself is: when will we notice if somebody is in?
The more you know of the operations in your networks, the better off you will be. State of the art visibility consists of the following factors.
1. Bottom up approach
In the old days, security information was of classified nature in the sense that it was shared with only the IT experts and the CxO level. You needed to have rank to get the status.
In our connected world where every device has an internet connection, this traditional approach just doesn’t cut it. Remember: in large organisations up to 75% of security breaches are staff-related.
A wise organisation empowers employees with accurate security information. The more aware they are of their actions, the better.
2. Real-time view
Organisations used to rely their judgement of the security status on a static glimpse to operations. In fact many still do: traditional security auditsexecuted e.g. on an annual basis are still the main checkpoint for businesses in many industries.
Be it connected IoT devices or a global workforce working around the globe, information flow in your network is constant. If something extraordinary happens, you should be able to detect it right away. Nowadays this is achievable with tools that provide a real-time overlook e.g. to your network.
3. Comprehensible for everyone
There is plenty of evidence that show the importance of security awareness in your whole staff. A recent UK study once again showed how the security role of the staff is still underestimated.
For us working in IT security all the security metrics and factors are well-known. But we shouldn’t burden the whole organisation with details. Security information must be easily digestible, visual and released in multiple formats according to the role of the employee. That is the only way to make sure everyone understands the security status.
4. Actionable information
Just understanding is not enough. It should lead to action.
If you detect an anomaly, you need to understand if it is an isolated incident – say a malware infection in a single machine – or maybe an indication of a more significant breach. As the trend is that intruders spend significant time doing reconnaissance before acting, breaches initially leave hardly any signals. It is, therefore, critical to be able to find any weak signals from the noise of insignificant events.
If a breach has indeed happened, you need to be able to provide an executable action plan that responds to the case at hand. No point restoring infected files from backups after a ransomware hit. For this, you again need visibility, this time to the history of the attack.
Following these four principles should deliver the right level of understanding to keep your assets safe. If you want more information on our approach, please read our latest white paper Visible cyber security.
This article originally appeared on perspectives.tieto.com