5 Cybersecurity Truths Companies Must Accept

The good news: the bad news isn’t so bad

We have learned much in the past two years about the nature of breaches and how to strategize threat detection in context of business objectives. Accept these now-proven rules of thumb, and you’ll set yourself up for success:

You cannot prevent breaches.
To say cyber-criminals are active is to underestimate just how prodigious they are. Firewalls, alerts, and thresholds were created to pre-empt theft. They didn’t work, creating limitations in visibility. Today, the first step towards impactful security is to accept that breaches will inevitably occur, but can almost immediately be stopped in the act. Today, the most progressive company strategies involve finding a platform with speed, accuracy, and minimal overhead costs. In this way, applying machine learning to analytics, which also scales to company growth, is radically transforming threat detection and, as such, a business’ trajectory.

Your employees are not educated enough in security.
Best internal practices go hand-in-hand with a strong security platform. Harvard Business Review has reported that 60% of attacks come from inside the enterprise: victims of malware, negligent workers, and disgruntled employees. HR and IT must together map-out and evangelize an employee due-diligence security plan. This program would focus on such as issues as how to secure mobile devices, create stronger authentication, and learn the warning signs of phishing.

Your SIEM is not enough.
Lately, the security industry has been bashing SIEM products a lot. So let’s just address the elephant in the room: the way SIEM systems correlate data yields false alerts, and they lean too heavily on skilled (human) monitoring. There is, however, an upside to this: You do not need to trash this investment, because you can optimize it. An advanced, automated security platform can analyze a SIEM’s valuable meta-data along with other data logs, transforming it into actionable intelligence. This empowers security teams to apply these findings towards larger company objectives.

Purchasing a security platform should be a group decision.
You know that folksy saying that “It takes a village”? That adage even applies here, because there is a corporate ecosystem emerging around cybersecurity. When shopping for security, each department must voice their expectations of an efficient security platform, above and beyond threat detection. For instance, the IT team may want a quick-read on details leading up to a security event. Executives might be looking for a macro view of an enterprise’s security infrastructure that they can themselves interpret and share with stockholders or board members. HR may want to factor personnel changes into security. The legal group might need admissible evidence in the case of insider threats. And finance departments could seek proof of compliance.

No matter how strong your security, you still need a post-breach plan.
Let’s say you stop a breach in its infancy—what then? A smart platform will follow your escalation protocol, triggering alerts and lending insight to relevant security and executive team members. From there, it’s up to the the SecOps leaders, the HR director, the CISO, and so on to divvy up the data-driven insights and manage the risk in an organized manner. Security Magazine suggests taking that one step further and establishing a formal “Cyber Recovery Team.” You know the attack path, and you have the actionable intelligence—an incident-response team will pull them together for the quickest business recovery.