Step 3: Cyber security strategy: Detecting and identifying a breach
The frequency of cyber-attack is increasing. Almost every week we read in the news about a company that has fallen victim to cyber criminals. While it might seem strange, security breaches can go unnoticed. They can also be overlooked by employees who don’t recognise them for what they are. Not all cyber-attacks come with a pop-up message that tells you you’re under attack or being held to
ransom. Many are more subtle than that.
A good cyber security strategy will define what a ‘cyber security incident’ is as it relates to your organisation. It should include some examples of the types of attack that have the potential to occur so that staff recognise an attack when one happens.
In addition, it should categorise the different types of attack, such as:
- brand abuse
- data loss or theft
- denial of service
- malicious code attack
- social engineering
- unauthorised access
- unauthorised usage and fraud.
While you can’t know the potential impact of the attack and will always need to take steps to minimise and contain that impact, categorisation can help to define what your first step is.
Empower Your People
Having written your definition and categories list, next you must raise awareness and train your staff. Knowing what to do in the event of an attack is just as important as knowing you’re under attack.
Make sure every staff member is clear on the role they have to play. It is essential they understand that cybercrime isn’t just an issue for the IT team. Everyone is at risk and can help in its prevention and management.
Establish a clear system for reporting an attack. Make known the key contacts and steps to take. For example, publicise a phone number for use in emergencies, an email address for informal reporting or queries, and a web-based form for formal reporting.
Use Technology To Your Advantage
Will the technology you have in place advantage or disadvantage you in the event of a cyberattack? Anti-virus solutions are not sufficient protection, and it’s about much more than simply having the latest and greatest of everything.
Establish the right detection tools and tune them to inputs that put you in the picture of current and past events. This will give you the best chance of stopping an incident in its tracks or tracing the incident right to its origin.
You should also have a lot of other information available to you that can help create rules and trends and detect unexpected or invalid traffic. For example, you can use:
- Intrusion detection
- Data Loss Prevention
- Rights Management
- Mobile Device Management
- access logs to servers and appliances
- operational logs from systems
- firewall policy logs.
Take action, and take it now. If you’re not sure where to start partner with a trusted IT partner, someone with expertise in cyber security who you can trust to set you on the right path.