The threat level has never been higher for organizations charged with protecting valuable data. In fact, as recent headlines will attest, no company or agency is completely immune to targeted attacks by persistent, skilled adversaries. The unprecedented success of these attacks against large and well-equipped organizations around the world has led many security executives to question the efficacy of traditional layered defenses as their primary protection against targeted attacks. At the same time, many organizations have begun reviewing and revising their security best practices in advance of suffering a debilitating cyber attack.
Here are five steps for enhancing your security team:
Train like you fight
Testing incident response readiness with tabletop exercises can be hugely beneficial. Working through roles, responsibilities, and the steps of a complete IR plan prepares a team for action and quickly identifies any weaknesses in your plan, processes, data collection efforts, and team capabilities. This exercise may be helped along by working with an IR services team with real-world expertise and up-to-date scenarios.
Education and awareness
Phishing attacks are still the most common attack vector. User awareness efforts and developing a network of human sensors can pay dividends.
Cyber intelligence feeds
You can’t focus on all threats at once. Train responders to identify the most relevant threats by leveraging cyber threat intelligence. Cyber threat intelligence should be considered to be as important as other forms of business intelligence. Subscribe to vulnerability intelligence feeds and ensure continuous monitoring via security platforms with the ability to automatically ingest intelligence data.
Encourage internal information sharing
Organizations that are better able to detect and respond to breaches generally have integrated fraud and it security departments. Encourage regular information sharing in your organization. IP addresses and system names associated with fraudulent transactions can be the indicators needed to identify other suspicious network activity, or ultimately a data breach.
Have an incident response services retainer in place
Most breaches require the expertise and added manpower that come from an IR services team that faces these situations on a daily basis. A professional IR services team can greatly complement the capabilities of an in-house security/it team, while getting the answers needed on a timely basis and providing court-ready experience. Companies that do not have a contractual relationship in place with an IR firm in advance of a breach typically take two to three times longer to get the surge support they need.
Download the comprehensive Cyber Attack Survival Checklist now.