Although cybersecurity technologies continue evolving to address current threats, many data breaches remain undiscovered for months or even years. For instance, in one of the biggest data breaches discovered in 2018, which affected 500 million customers of the Marriott Hotel Group, hackers went undetected for four years.
How can your organization detect threats faster and reduce the chances of a breach? Unfortunately, there isn't one solution. But we can analyze the root causes of known breaches and learn from them. In this column, we'll examine five common errors that make it easier for attackers to linger in an IT network undiscovered and advice on how to mitigate the risks.
Error 1: Siloed security systems
During their evolution, large companies often undergo multiple mergers and acquisitions. This strategy can boost stock prices, but it can also increase both IT system complexity and data security risks. Notably, the Marriott data breach originally occurred in the reservation system of Starwood, a chain that the hotel giant acquired in 2016. Rather than unifying security controls and improving the detection capabilities of its newly acquired business right after the deal, Marriott appears to have neglected to take action, wasting two years until it discovered the data leak in November 2018.
To avoid this error, organizations should regularly review their IT systems and IT risks, especially during and after a merger or acquisition. In particular, they should discover and classify all sensitive data across their on-premises and cloud storage and take steps to ensure that those files are not overexposed and that they reside only in dedicated safe locations with proper access controls. Organizations should also update their security policies, unify them, and apply them across the entire IT infrastructure. Cross-system software solutions can make this security monitoring easier.
Error 2: Lack of accountability
Many corporations have a complex management structure that leads to poor accountability and lack of visibility into IT security policy development and execution. The infamous Equifax data breach, which remained undetected for 76 days, was made possible by an expired security certificate. A Congressional investigation found that the absence of clear lines of responsibility in Equifax's IT management structure had kept the company from implementing security initiatives in a timely manner, which had led to more than 300 security certificates expiring.
The best way to avoid this error is to have one person responsible for the development and implementation of information security policies. In most cases, it is the chief information security officer (CISO). The CISO should develop clear policies with zones of responsibility and provide IT teams with clear workflows for the security issues for which they are accountable. Another tip is to automate patching, which mitigates the risk that overburdened IT teams will fail to make manual updates promptly. Many experts believe this strategy could have prevented the Equifax data breach.
Error 3: Lack of support from the CEO
If a company's leader does not consider security to be a business goal, IT security teams will likely lack vital strategic direction and resources, including both adequate staffing and modern technologies. As a result, they cannot prioritize security efforts and proactively respond to evolving threats; instead, they are overwhelmed with routine troubleshooting.
Every CEO should recognize that data protection is a crucial business goal and establish a leadership-driven security approach. Regular meetings with the CISO are a must, as are metrics that evaluate the effectiveness of the cybersecurity strategy. Equally important is enabling the IT team to focus on issues that are critical to the safety of the business by investing in modern solutions that automate most security processes and can be scaled up easily as the business grows.
Error 4: Inefficient cybersecurity strategy
Some organizations spend vast sums of money on technologies in an effort to cover all IT risks. However, unless they conduct a thorough risk assessment, they might well have spent their money in vain. For example, a company might spend a lot of money to store and protect its data, including stale data, but miss an unauthorized access to its customer database.
Security efforts should be prioritized. Start with an IT asset inventory that will help to you identify and classify your most crucial information assets, such as data that falls under the General Data Protection Regulation (GDPR). Using that information, develop security policies to appropriately protect data with each level of sensitivity and an effective incident response plan. Last but not least, it's important to set up alerts so you can respond quickly to suspicious activity.
Error 5: No actionable incident response plan
A recent Netwrix study shows that only 17% of organizations test their incident response plans. The remaining 83% have no guarantee that their plan will work out in real life; in case of an incident, they might waste precious time and fail to notify customers and authorities properly.
Initiating a pseudo-cyberattack as a part of penetration testing is a good idea. This will help to determine if your draft plan is effective and ensure that everyone knows exactly what to do if an incident occurs. The results of the test should be used to improve the plan and develop regular practice runs for employees.
The only way for organizations to avoid long-lasting data breaches is to ensure that their cybersecurity strategy is an ongoing focus rather than a one-off exercise that's soon forgotten. A forward-thinking business leader should manage cybersecurity risks on an equal footing with all other business risks and treat cybersecurity as an organizationwide issue. Creating a security-centric culture requires a joint effort by various departments that involves technology, processes, and people. With centralized IT governance and a bird's-eye view of the IT infrastructure, businesses can be far more confident that unauthorized activity will be detected and terminated quickly.
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "From 1s & 0s to Wobbly Lines: The Radio Frequency (RF) Security Starter Guide"