BlogHow to knock out Cyber Security Threats and Avert Crisis
It was a beautiful sunny morning in Los Angles, complimenting the cheerful mood of Sean and Amanda. They were colleagues working on same project. Joking and laughing they entered their office premise. The excitement of successfully delivering a project was palpable.
The last few months were hectic and exhausting. Not that they didn’t like their work, but the project was demanding. They had put a lot of hard work behind it, which was going to be unveiled next day.
Sean entered his cubicle while Amanda went to grab a cup of coffee for herself. Sean opened his computer. He looked perplexed to see his computer screen, anxiously he waited for Amanda. When Amanda returned, Sean craned his head to see her computer. His confusion turned into panic.
“Was the gossip they had heard in the office turning true”, petrified he held his head. Amanda stood up waving her hand and yelled “Stop ..stop….don’t switch your computers”.
More employees had arrived on their desks, some of them were staring at their screens with a horrified look. Some were yet to figure out what was going on. People had gathered near the coffee machine expecting someone would know better.
All the opened computers had the same neon red skeleton flashing on the screens. Soon the office premise was filled with chaos. The smell of coffee was overpowered by the stench of panic. People started to run around in utter disbelief. Cyber security and networking people rushed in. They worked in frenzy to get a grip on the situation, all systems were taken off from the company’s network. There was complete black out for some time. It was clear that the company was attacked by savvy cyber criminals.
If you think this is related to a movie. You aren’t completely wrong. Though this isn’t a scene picked from a thriller movie. But all this was happening in the office premise of a movie making company – “Sony Pictures”. The company had faced the biggest cyber-attacks of the decade just a day before the release of a mega movie.
The hackers had accessed confidential data from Sony Pictures which included employee’s personal information, e-mails and even copies of unreleased Sony films.
How much was the loss that Sony Pictures suffered because of the Cyber Attack? There is no official figure on the financial loss that Sony incurred because of the attack. Keep aside the financially loss, there were deeper damages that Sony suffered.
The brand image was badly dented. Several lawsuits were filed by employees for compromising their personal data. Ripples of the Cyber-attack had even reached the white house.
To top it all, the nightmarish media attention haunted Sony pics for several months. The gossip columns had a field day on the juicy emails leaked on the attack.
There is no doubt that for corporate leaders cyber security is a top priority. But despite heavy investments there have been continuous security breaches . Zero Cyber incidents is a perfect scenario that’s hard to achieve but mitigating 80 – 90 % of Cyber threats is definitely achievable.
Cyber security isn’t a “set it and move on” program. it’s a continuously thriving practice that must evolve with attacks that are being waged against your business on daily basis. Your Cyber security strategy must include prevention, detection, and response capabilities. Cyber criminals are more sophisticated than ever before.
Now that you have set up the fundamentals of a cyber security program like monitoring and security controls, anti-virus, malware, firewalls and invested in incident management and network security.
It’s time to mitigate advanced cyber threats and future-proof your cyber security systems. Here are three Key steps:
1)Automation of Security programs :
If historical attack analysis is your only method for future detections, it would be very difficult to prevent sophisticated attacks and detections in real-time. You need a robust automated threat intelligence to understand attacker’s tricks and tactics .
Effective automation of threat intelligence with robust detection and response means your security force can spend their time improving defenses instead of repeatedly reacting to incidents.
There is a growing trend towards cybersecurity automation. Progressive companies are already investing in the automation of security and data privacy. Automation of security programs will help you analyze and address security faster and more efficiently than ever before. In todays sophisticated cyber-crime environment an incident response in place won’t be enough, it’s not full proof.
You need to build an automation incident response system which will ensure if a hacker manages to breach, the incident will quickly be detected and eradicated without any human intervention.
Several Surveys points that handling of cyber threats is more difficult today than it was few years ago. This is because of software vulnerabilities and the increasing technical prowess of cyber criminals.
In many companies the frequency of penetration testing and red teaming exercises simply isn’t enough. To stay ahead of your attackers, you need to automate penetration and attack testing and increase the frequency. The automated system would fire off simulated attacks constantly to test security analytics, controls, capabilities and incident response processes.
It’s smart to start automation now rather wait to reach a real stress point. You can start with partial automation leading to continuous security functions improvement.
2) Snap the Silos :
It’s a big collaboration challenge If your security tools are scattered and teams are working in silos. It’s time to break team’s and tool’s silos. Leading companies have started to build integrated security centers to unite several functions like data analytics, security operations and incident response.
Start building an integrated system for IT , security and business teams to more effectively detect a cyber incident .
Enable your security operations to collect data across cloud, on-premise and virtual. Leverage advance analytics to help Security analyst identify and prioritize the critical points.
Today every company is using an assortment of security tools. It’s tough to score high on security meter when you are juggling with so many tools.
There is no easy solution. Some companies are using APIs and opensource to build an integrated system. An integrated cyber security framework will overcome the challenge of dealing with scattered security tools. And efficiency and incident response will drastically improve.
Companies like Amazon and Netflix already have an Integrated Cyber Security framework to deal with sophisticated threats.
An integrated security system will enable you to detect advance threats, investigate anomalies and smoothly educate employees.
3) Hire Cyber Security experts :
Most Chief information security officers are worried about the cybersecurity skills gap. Cyber security leaders believe that the problem of not having an expert cyber security team will have adverse impact on the company’s security performance .
With the increased risk of data breaches and hackers obtaining private information you need to hire Cyber Security experts to protect your data against threats.
Imagine the stress and mental state of CISO and IT leaders at Sony pics on the day of vicious cyber-attack.
Finding the employees with the right skillsets is a significant challenge among companies, 65% of organizations have a shortage of cybersecurity staff. Companies are taking new initiatives to fill the skills gap.
HR and Recruitment teams are trained with the aim of bolstering pipeline of cybersecurity candidates. Training and referral programs are helpful to overcome the skills shortage
You can boost your company’s cyber security strength by partnering with companies with expertise in hiring cyber workforce.
It’s very important to choose right hiring partner who understands the technology and cyber security landscape. A right partner should help and advice you on current market trends and build a cyber security team as per your company’s needs.