How Businesses Can Bolster Security and Stop Attacks Before they Happen

Tuesday, August 01, 2017

Chris Schueler


It takes businesses approximately 49 days to discover a security breach. As threats continue to bypass traditional security measures and grow in sophistication, enterprises across every vertical are facing the same question – “How can we implement the most effective security program for our business?”

While a reactive security stance may have been sufficient in the past, recent headlines have shown that security needs to get more sophisticated—and businesses need to be more proactive.

There are a few major forces that are holding security teams back from getting their security teams in gear: the worldwide shortage of professionals with the skills required to prevent and respond to attacks, the increasingly creative and advanced hacking techniques from cyber criminals, and the tendency to take a reactive approach to security. When combined, these forces are so strong that they are culminating in negative news headlines daily.

Fortunately, the mistakes that are keeping organizations from preventing these major storms in the first place are not insurmountable. Investing in the wrong areas, being distracted from other business related priorities, and focusing solely on the known “bad,” to name a few, are things that can, and should, be addressed.

Here are the core mistakes organizations are making when it comes to managing their security programs and seeking out and responding to threats - and what they can do to whip things into shape.

Facing Reality

Organizations are beginning to recognize that threats can cause major damage whether they are coming from hacktivists, nation-states or a lone-wolf attacker. Cyber criminals are highly skilled and they are using advanced hacking techniques that help them bypass even the most sensitive and protected of networks, from industrial control systems to the government. In their attempts to respond, organizations are realizing that the teams they have on hand aren't always up to the task of responding to these attackers in the most effective way.

And it’s not just due to ability. There has been a longstanding, worldwide shortage of skilled security professionals. Additionally, the daily shortcomings in terms of the types of tools used, response methodology and more has only compounded the problem. For instance, organizations are investing in the wrong areas. Many are investing in adding on more and more point solutions without a real plan on how to best use them to deliver results—and a lot of these solutionsend up just sitting on a shelf. These mismanaged and disjointed solutions ultimately end up generating more risk through visibility gaps while organizations become complacent. Businesses have been operating from a reactive stance for too long and need to stop looking in the wrong places.

The result of such practices means businesses often ignore parts of attack cycles and end up missing threats altogether. Action is then slowed by a mitigation and remediation process that wastes time on looking for the threat, isolating it and understanding it in order to respond. By then, it’s too late.

Getting Aggressive

Gone are the days of sitting back and monitoring your businesses’ system, waiting for it to be attacked. Once attackers have made it into your system, it’s too late. Businesses need to make a shift toward proactively seeking out threats—before they hit.

What’s more, attackers often manifest themselves on a number of different endpoints, potentially all at once. Ensuring your business has a well-oiled detection and response machine in place could ultimately save your business some major headaches.

This type of security plan is tough for an organization to tackle alone. Whether it is simply information sharing or working with outside vendors, businesses benefit from third-party perspectives and insights.

Sometimes businesses even outsource their entire security process. These platforms provide a comprehensive perspective, with an even wider lens than the largest Fortune 500 companies due to their access to global threat intelligence, advanced analytics, and industry visibility. Visibility is important not just for gaining a better internal understanding, but also for understanding what possible threats may be imminent on a global scale. The goal is to do more than detecting in favor of preventing altogether. Moreover, security service providers have already gone through hundreds of dress rehearsals — it takes a lot to surprise someone who is already familiar with the type of problem.

Working with third parties also expands the kind of technology that can be used. Unused or underutilized security products, commonly referred to as shelfware, waste money and deliver no value. The aid extends to bridging the skills gap as well. More than the use of new technology, managed security service providers offer experts that can handle everything from routine to complex tasks, stretching budget while freeing up internal resourced and time to work on IT projects that have been delayed by unresolved security issues.

Ultimately, organizations will have to realize that in-house efforts often won’t be enough when fighting off hackers with attacks they’ve sourced from around the world. Your business should already be on this path or face the wrath of the breach headline.

About the author: Chris Schueler is Senior Vice President of Managed Security Services at Trustwave where he is responsible for Managed Security Services, the global network of Trustwave Advanced Security Operations Centers and Trustwave SpiderLabs Incident Response.

Possibly Related Articles:
Budgets Enterprise Security Security Training
Readiness security breach cyber attacks Skills Gap
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.