Cyber security must be treated like a never-ending process of continuous development. Learn More about Why your cyber security operation can never rest and what are the seven ways to keep it one step ahead.
Article Link: https://business.f-secure.com/7-ways-to-keep-cyber-security-operation-ahead/
20. And it can’t be seen as just an
IT thing, either. If you’re
going to deliver innovative
new services, cyber security
needs to be at the heart of
everything you do. This is
about growth, too.
21. Cyber security must be
treated like a never-ending
process of continuous
improvement.
22. A process that evolves and
adapts as rapidly as the
criminals trying so hard to
beat us.
23. predict
respond
preventdetect
One that takes a holistic
approach to every aspect of
cyber security, to predict,
prevent, detect and respond
to emerging threats with
confidence and speed.
24. And one that supports
businesses to meet their
evolving strategic goals.
28. Attackers combine people,
process and technology
to get past your defences.
You need the same thing
the right combination
of people, process and
technology to fend
them off.
29. It takes the scalability of
software to secure all your
endpoints and constantly
incorporate the latest
threat intelligence.
30. But it takes real-world
human and hacker expertise
to assess your operations,
find vulnerabilities, configure
your software the right way
and then respond to the
right signs.
33. It takes a very different
approach to cyber security
to protect a global brand’s
intellectual property than
it does to protect a bank’s
sensitive data in a highly
regulated environment.
34. You can deliver effective
security because you
understand your industry’s
unique needs. So any
partners you work with will
need to have the same,
specific expertise your
industry needs.
35. When you move into new
markets, your cyber security
operations need to adapt to
the situation on the ground.
For example, the new EU
General Data Protection
Regulation (GDPR) changes
the way businesses handle EU
citizens’ data.
36. Unless you can take these
regional and industry-specific
nuances into account, you
can’t appropriately organize
and prioritize your cyber
strategy.
38. Every single week of every
single month, new threats,
tactics and malware emerge
to exploit vulnerabilities.
From Sony to Yahoo to Ashley Madison,
we’ve already seen the level of all-out
extortion tactics hackers will increasingly
use. And IoT botnets, for example, will
only become a bigger problem as
businesses make strategic moves into
IoT technology.
39. The trouble is that too many
cyber security operations
don’t have the time or
infrastructure to deal with
this rate of change.
40. Keeping up with the latest
threat intelligence can be a
struggle. Applying it across
the cyber security operation
can be even tougher. But it’s a
vital foundation for constantly
improving your defenses.
42. Attackers can pivot in
an instant, seizing new
opportunities the moment
they open up.
43. It’s essential that you have at
least as much agility to stay
ahead of them.
That starts with a versatile
foundation of processes.
44. To get it right, you need to
be able to predict potential
incidents, prevent the
vast majority from ever
happening, detect them
when they do happen and
then respond quickly and
appropriately once you’ve
been breached.
predict
respond
preventdetect
45. That calls for everything from
patch management to crisis
management to be prepared.
A lot of which might seem
like very basic cyber security
for most of us but it can
also be very effective.
46. Starting with a solid
foundation of endpoint
protection and adding
advanced technology such
as analytics and vulnerability
management on top makes
sense to help predict and
prevent incidents.
47. But equally, unless you’ve
got a predetermined and
rehearsed plan for things
like breach detection or
incident response, you’ll find
your company in a state of
chaos when something
does go wrong.
49. Attackers should never know
your own infrastructure
better than you do.
A successful business relies on clear,
constant visibility across complex
organizational and IT infrastructures.
And today’s mobile workforces depend
on constant access to data and services
through an ever-growing array of devices.
50. But the increasingly
distributed and dynamic
nature of corporate
infrastructures makes
it incredibly hard for IT
and security leaders to
see the edges of their
attack surface and even
harder to protect it.
51. Until you prioritize a
centralized view of every
endpoint in your networks,
you’ll always be flying blind.
But just seeing every endpoint
isn’t enough you’ve also got
to harden every potentially
vulnerable device.
52. 80%80%
In fact, in 80% of the incidents we’ve
responded to, patch management would’ve
prevented access. This kind of endpoint
protection should be second nature for
cyber security operations.
It’s low-hanging fruit and it
gets the job done.
54. Regulatory compliance is
vital for any business – it’s an
essential safeguard for the
entireorganization,fromthe
boardroom to the shopfloor.
Regulators set the minimum requirements.
But that’s just the starting point, not the
end goal.
55. Most large companies will
be compliant but it hasn’t
prevented them from being
breached. Take Yahoo,
for example, regulatory
compliance didn’t stop
hackers stealing 500 million
user accounts.1
1. http://fortune.com/2016/09/22/yahoo-hack/
56. For instance, payment regulations
such as PCI-DSS don’t cover the full
spectrum of preventative defences
you could need, let alone the predictive,
responsive and detection capabilities
you should also consider.
Regulators will react to known issues
and compel businesses to fix them,
but it takes a proactive approach to
keep ahead of the persistent innovation
of attackers.
57. Regulations are an important
starting point for cyber
security. But cyber attackers
move faster than regulators
do. So a relentlessly proactive
approach to cyber security
is essential.
61. Your attackers will never
relent. So your cyber security
operation can never relent.
That means it must constantly
evolve and improve.
62. So rather than expecting a silver
bullet technology to come and
save the day, it’s important
to confront the fundamental
reality of cyber security…
64. You need a proactive process
that’s designed to continuously
improve and adapt.
Only then can you effectively
predict, prevent, detect and
respond to incidents.
65. The average cost of a
data breach is now $4 million3
.
2.
2014 Cyber attack to cost Sony $35 million in IT repairs, Computer World, 2015
3.
2016 Cost of Data Breach study, Ponemon Institute, sponsored by IBM
THE STAKES
HAVENEVER
BEENHIGHER²
66. The corporate victims have
never been more varied.
From retail giants and global
financial institutions to hospitals
and universities.
67. And the role of the cyber security
professional has never been harder.
But when you’re armed with the
right people, processes and tools
there’s nothing more rewarding
69. BEHINDTHESCENESOF
AREALWORLDBREACH
Breaches are inevitable. But most
companies are worryingly underprepared
to handle the consequences of one.
Read ‘The Chaos of a Corporate Attack’ to
find out how one company was breached
and how they reacted.
Read the eBook
Use our stress test to learn more about the current state of
your cyber security operations. Find out what you’re getting
right – and where you need to make changes.
Take the stress test
ANDPUTYOUR
SECURITYOPERATION
TOTHETEST
70. And our cyber security experts (and white-hat hackers)
are constantly bringing back new insights, tactics and
lessons learned from their experiences out on the
frontline of cyber security. It’s how our Live Security
approach powers scalable software that continuously
improves to predict, prevent, detect and respond to
breaches. So if you’re looking for an approach to cyber
security that’s relentlessly moving forward,
we should talk.
WE’RE
F-SECURE